Network architecture and topology concerns
The key to any VPN strategy is to provide extremely strong authentication of any user and their devices trying to connect. At least in a simplistic implementation, anyone who can connect and authenticate to a VPN endpoint is the same as someone who walks into headquarters and connects their computer. You can authenticate VPN users in a number of ways, from authenticating username and password to more complex configurations, including multi-factor authentication with items such as client certificates or hardware tokens. Ensuring the use of strong passwords and multi-factor authentication of some kind is a minimum requirement for all systems that support it.
You can provide multi-factor authentication through a number of mechanisms, including a mobile authentication app, text message, hardware token, or some other system.
Businesses should closely monitor authentication systems for any credential stuffing attacks.
It is important to implement hardened devices provided by the company for remote workers, with client certificates and endpoint protection.
VPN device risks
Enterprises need to closely monitor VPN devices, both for CPU and memory usage, as well as for configuration changes and evidence of denial of service attacks. In these unusual times, these devices may now be the only way to get into the business. Businesses must monitor, protect and provision these devices to resist attacks, as the alternative is to turn them off. In normal times, perhaps, this could be inconvenient; now this means that the entire company could lose critical functions. Ideally, implement VPN in high availability configurations for the same reason.
VPNs can handle traffic in different ways. Most offer a split tunnel option and a full tunnel option.
It is important to use strong encryption with the VPN. It must be resistant to attacks and free of known vulnerabilities. Still, many VPNs provide weak encryption for interoperability or compatibility, so use caution when setting strong defaults.
Remote work bandwidth and network problems
Not all workers have high-speed Internet in their homes. Additionally, as more users are working remotely, evidence shows that service providers are struggling with increased load on their networks.
Offsets on specific VPN forms can be critical to delivering acceptable performance to remote workers. Companies may also need to limit remote workers to using only those systems necessary to do their jobs and encourage them to avoid heavy data movement to preserve network bandwidth.
Read More:
checkpoint cyber security