Sunday, March 7, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

COVID-19: With everyone working from home, VPN security has now become paramount

March 19, 2020
in Internet Security
COVID-19: With everyone working from home, VPN security has now become paramount
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Cybersecurity tips for employees who are working from home
Switching to remote working because of the coronavirus can create cybersecurity problems for employers and employees. Here are some things to watch.

With most employees working from home amid today’s COVID-19 (coronavirus) outbreak, enterprise VPN servers have now become paramount to a company’s backbone, and their security and availability must be the focus going forward for IT teams.

You might also like

Linux distributions: All the talent and hard work that goes into building a good one

Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool

Cyberattack shuts down online learning at 15 UK schools

“It will be very important [that] the VPN service is patched and up-to-date because there will be way more scrutiny (scanning) against these services,” said Guy Bruneau, an ISC SANS instructor in a post last week.

Bruneau’s warning is just one of the many cybersecurity industry alerts published over the past few days on the topic of VPN security.

Similar warnings and security bulletins were published by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA), the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), and cyber-security firm Radware.

The perfect time to detect VPN account compromises

According to Bruneau, it is now more important than ever that companies and IT staff set up systems to capture metrics about the performance and availability of VPN services.

The ISC SANS instructor says these systems will help companies avoid downtime of mission-critical VPN services, especially now since employees work from home, and the VPN service represents the most secure way of accessing company networks and private resources.

Bruneau encourages companies to sift through logs to detect compromises of VPN accounts. Since most employees will now be using VPN systems, they are more likely to fall for phishing attacks that steal VPN account credentials.

In theory, with the proper logging in place, it should now be much easier to spot compromised accounts by looking at irregular VPN usage patterns for each enterprise user working from home.

“The activity that should be scrutinized over the coming weeks would be ports associated with VPN like OpenVPN (1194) or SSL VPN (TCP/UDP 443, IPsec/IKEv2 UDP 500/4500) with their associated logs to ensure these services are accessed by the right individuals and are not abused, exploited or compromised,” Bruneau said.

Directory


Best VPN services for 2020 (CNET)


Best VPN services for 2020 (CNET)

A virtual private network lets you send and receive data while remaining anonymous and secure online. In this directory, CNET looks at a few of the very best commercial VPN service providers on the Internet.

Read More

Enable MFA for VPN accounts

In the light of an expected increase in VPN phishing attacks, the ISC SANS expert recommends that companies look very closely at enabling a multi-factor authentication (MFA) solution to protect VPN accounts from unauthorized access.

His recommendation was also echoed by the NJCCIC and DHS CISA in a US-CERT alert the agency sent out last week.

In a report last year, Microsoft said that enabling a MFA solution for online accounts usually blocks 99.9% of all account takeover (ATO) attacks, even if the attacker has valid credentials for the victim’s account.

Also: Protect yourself: How to choose the right two-factor authenticator app

VPN servers should be patched and up-to-date

But besides enabling MFA to protect VPN accounts for employees working from home, CISA also recommended that companies review the patching levels of corporate VPN products. The same advice was also echoed today in a Radware security alert.

Both CISA and Radware point out that corporate VPN solutions have been the targets of a wide range of attacks that began over the 2019 summer.

Attacks targeted VPN servers from Palo Alto Networks, Fortinet, Pulse Secure, and Citrix:

• Palo Alto Network Security Advisory PAN-SA-2019-0020, in relation to CVE-2019-1579;
• FortiGuard Security Advisories FG-IR-18-389, in relation to CVE-2018-13382; FG-IR-18-388 in relation to CVE-2018-13383; FG-IR-18-384, in relation to CVE-2018-13379;
• Pulse Secure Security Advisory SA44101, in relation to CVE-2019-11510, CVE-2019-11508, CVE-2019-11540, CVE-2019-11543, CVE-2019-11541, CVE-2019-11542, CVE-2019-11539, CVE-2019-11538, CVE-2019-11509, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11507CVE-2019-11507.
• Citrix Security Advisory CTX267027, in relation to CVE-2019-19781.

All of these systems should have been patched last year when the vulnerabilities were disclosed, and the first attacks began hitting organizations.

With more and more companies needing VPN capabilities to allow workers to log into private corporate systems and do their duties, IT staff are responding by putting up more VPN servers to deal with the surging traffic.

IT staff now need to pay close attention to the new VPN servers they are putting up and make sure these systems have been patched for the vulnerabilities listed above, which are some of the most targeted vulnerabilities today.

The danger of DDoS attacks on VPN servers

But with so many organizations moving their employee workforce to work-from-home jobs, there is now a new threat on the horizon — extortions.

Hackers could launch DDoS attacks on VPN services and exhaust their resources, crashing the VPN server and limiting its availability.

With the VPN server acting as a gateway to a company’s internal network, this would prevent all remote employees from doing their jobs, effectively crippling an organization that has little to no workers on-site.

Radware says that these types of DDoS attacks don’t even have to be massive in size.

In a non-public report seen by ZDNet, Dileep Mishra, a Sales Engineering Manager at Radware, says that a fine-tuned TCP Blend (DDoS) attack with an attack volume as low as 1 Mbps is enough to crash a VPN server or a firewall.

Furthermore, SSL-based VPNs (like Pulse Secure, Fortinet, Palo Alto Networks, and others) are also vulnerable to an SSL Flood (DDoS) attack, just like web servers, Mishra said.

Attackers can initiate thousands of SSL connections to an SSL VPN, and then leave them hanging. The VPN server allocates resources to deal with the flood of the attacker’s useless connections, exhausting memory, and preventing legitimate users from using the service.

Furthermore, because even the IT staff will most likely be working from home, any weakness left in VPN servers would be exploited by attackers to cut off system administrators from their own servers while they rampage through the internal network, steal proprietary data, or install ransomware.

Other considerations

But VPN servers are only one option in an array of remote/telework tools available to companies today.

The NJCCIC also recommends that companies pay close attention to the security of cloud and Software-as-a-Service (SaaS) applications that remote workers will be using in the coming months because of the COVID-19 outbreak.

Similarly, Radware also warns about the increased usage of Remote Desktop Protocol (RDP) connections inside companies with ever-increasing remote workforces. RDP endpoints and accounts will need to be properly secured as well, just like VPNs.

Last, but not least, Bruneau also lays out a series of questions and considerations that companies will need to ponder if they’re using VPN systems to grant remote workers access to their internal networks.

  • How many concurrent users can login at the same time?
  • Will the VPN corporate policy be relaxed to accommodate the maximum of employees?
  • Who gets priority access if the appliance or service cannot support everyone?
  • How much bandwidth a typical user uses?
  • Do you split access time between users (i.e. each gets 2 hours)?
  • Number of VPN licenses or MFA tokens available?
  • Are users allowed to use the personal computer?
  • If personal computers are allowed: (1) What is their security posture (patches, AV update, etc.)? (2) Can they be trusted? (3) What files or shares are employees allowed to access?

Credit: Zdnet

Previous Post

How CISOs Should Prepare for Coronavirus Related Cybersecurity Threats

Next Post

Soapbox: Gratitude is essential right now

Related Posts

Linux distributions: All the talent and hard work that goes into building a good one
Internet Security

Linux distributions: All the talent and hard work that goes into building a good one

March 7, 2021
Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool
Internet Security

Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool

March 7, 2021
Cyberattack shuts down online learning at 15 UK schools
Internet Security

Cyberattack shuts down online learning at 15 UK schools

March 6, 2021
Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments
Internet Security

Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments

March 6, 2021
$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud
Internet Security

$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud

March 6, 2021
Next Post
Soapbox: Gratitude is essential right now

Soapbox: Gratitude is essential right now

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Linux distributions: All the talent and hard work that goes into building a good one
Internet Security

Linux distributions: All the talent and hard work that goes into building a good one

March 7, 2021
Enhance your gaming experience with this sound algorithm software
Machine Learning

Enhance your gaming experience with this sound algorithm software

March 7, 2021
Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool
Internet Security

Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool

March 7, 2021
How Optimizing MLOps can Revolutionize Enterprise AI
Machine Learning

How Optimizing MLOps can Revolutionize Enterprise AI

March 6, 2021
Cyberattack shuts down online learning at 15 UK schools
Internet Security

Cyberattack shuts down online learning at 15 UK schools

March 6, 2021
Facebook enhances AI computer vision with SEER
Machine Learning

Facebook enhances AI computer vision with SEER

March 6, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Linux distributions: All the talent and hard work that goes into building a good one March 7, 2021
  • Enhance your gaming experience with this sound algorithm software March 7, 2021
  • Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool March 7, 2021
  • How Optimizing MLOps can Revolutionize Enterprise AI March 6, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates