VPN Security Best Practices

Virtual private networks, or VPN’s, are a service which protects your internet connection and privacy online. VPN’s work by creating an encrypted tunnel for your data which mask your IP address by creating a connection between your local computer and a remote server.

Business VPNs enable remote employees to securely access the company’s internal resources, including databases, files and applications over the internet without the need of being on site.

A key feature of business VPNs is they often use advanced authentication protocols such as multi-factor authentication, improved encryption methodologies and access control lists to manage user access. Utilising a business VPN can also play a crucial role in ensuring your company meets regulatory requirements regarding data protection regulations and industry standards.

As businesses increasingly rely on VPNs to connect remote workers and protect sensitive information, it becomes imperative specific best practices are adhered to. It is important for Security Operations Centres, such as that of Aspire’s SOC, continually refine VPN security best practices.

This blog explains some of the essential strategies for you to fortify VPN infrastructure and explores some recent cases where poorly managed VPNs were exploited by threat actors.

Recent VPN attacks

Ransomware group Akira recently took advantage of a vulnerability found with Cisco VPN solutions, exploiting VPNs without multi-factor authentication. It is so far unclear how they gained initial access to the VPN itself, be it via valid credentials by email phishing or purchasing them on the dark web, or whether they are using a zero-day exploit.

Cisco themselves say evidence suggests brute force attacks and password spraying. Regardless of how they obtained the credentials, with the use of correct security best practices and utilising multi-factor authentication, this could have been avoided.

VPN Security Best Practices

Find the right VPN for you business

It is important to choose the correct VPN for your business, a reputable VPN provider with a proven track record should be at the top of the list when it comes to VPN best practices.

Ensure you research diligently, and know what your business needs, a good starting point is ensuring your chosen VPN provider has a good history within cyber security along with the scalability to grow with your business.

Encryption

Starting with encryption, VPN security relies on robust encryption methods, SOC teams such as that at Aspire must ensure robust encryption protocols are in place, as that of Advanced Encryption Standard (AES) or ChaCha20.

This will ensure data in transit is efficiently and effectively secured, regular updates to VPN configurations are also important to ensure that your VPN is using the latest encryption standards.

Patching and updating

Patching and updating is essential for a secure VPN, outdated software, be it a VPN or not, is a large vulnerability due to the amount of threat actors that aim to exploit outdated, unpatched versions of software. Monitoring security advisors and vendor release notes can be an effective way to ensure your VPN is up to date, and any vulnerabilities that may impact your VPN infrastructure have been patched out.

MFA

As previously mentioned multi-factor authentication is essential for modern security as it is a simple way to prevent malicious attacks, such as what Akira exploited with Cisco VPNs. MFA requires users to authenticate via multiple avenues, be it passwords, biometric scanning, or security tokens. This unsure even if a threat actor has your password they cannot enter your account. This also alerts a user that they have leaked credentials and should change their passwords.

Log monitoring

Establishing a way to view VPN log activity is a best practice many often forget, Aspire among other security operation centres regularly review logs for any suspicious or anomalies activity around VPN behaviour. This data can often be analysed through the use of a security information and event management tool (SIEM).

Implementing robust policies

Policies can help businesses ensure VPN best practices are met, this may include ensuring users do not use personal VPNs on remote devices when connected to the business network. Along with creating access control lists to manage who can and cannot access the VPN.

Security awareness training

It is key that businesses educate their employees on the importance of security surrounding VPN best practices, such as ensuring users use strong passwords. Human error will always be an issue surrounding cyber security, thus regular security awareness training can help a business’s overall security posture.

Summary

Overall, it is clear that VPNs offer many benefits, such as remote workers being able to connect to a business network, user anonymity and improved encryption. However, without appropriate configuration and best practices they can be easily exploited, as documented by the recent Akira ransomware attacks.