NSA releases report on VPN hardening

The National Security Agency (NSA) along with Cybersecurity and Infrastructure Security Agency (CISA) recently released a report that provides guidance for organizations looking to harden their VPN infrastructure. Over the last couple of years and especially during the height of the COVID lockdowns, VPNs have become major attack vectors for bad actors. The COVID lockdowns and work-from home mandates forced many organizations to go from 10-15% of their workforce telecommuting over VPN to 100% in only a few weeks or months. This not only created a large strain on the existing VPN architecture (latency, timeouts etc.), but also created a fast and direct attack vector for malware sitting in and on compromised teleworker computers and networks. The malware was able, in many cases, to bypass many of the traditional security barriers that were in place around the organizations perimeter and travel unchecked into the heart of the corporations IT infrastructure- creating havoc for the IT security teams. The NSA/CISA VPN hardening report provides practical advice and direction on VPN hardening approaches and is titled “Selecting and Hardening Remote Access VPN Solutions” and can be found HERE.