CISA and NSA Release Guidance on Selecting and Hardening VPNs

Original release date: September 28, 2021The National Security Agency (NSA) and CISA have released the cybersecurity information sheet Selecting and Hardening Standards-based Remote Access VPN Solutions to address the potential security risks associated with using Virtual Private Networks (VPNs). Remote-access VPN servers allow off-site users to tunnel into protected networks, making these entry points vulnerable to exploitation by malicious cyber actors. Exploitation of these devices can enable: Credential harvesting Remote code execution on the VPN device Cryptographic weakening of encrypted traffic...