Pandemic-driven work-from-home requirements have triggered skyrocketing demand for virtual private network (VPN) services. A VPN creates an encrypted, secure connection to an external server, or gateway, which then routes traffic across the public Internet to the corporate network.
VPNs have helped many organizations remain operational by enabling remote connections to the company network. With roughly half of the U.S. labor force now working remotely, service providers say that VPN usage is up by more than 150 percent compared to pre-pandemic usage levels.
That increased usage comes with increased risk. VPNs have long been a favored attack vector for cybercriminals using man-in-the-middle attacks, DNS hijacking, and other exploits to steal data or launch malware.
VPN gateways are attractive targets for several reasons. Since they are usually directly accessible from the Internet, they are susceptible to network scanning, brute-force attacks, and zero-day vulnerabilities. Additionally, they aren’t always updated regularly. Because VPNs are expected to be operational and available at all times, organizations often figure they can’t afford the downtime required to install updates and security patches.
Finally, most VPNs require a conventional username/password combination, which can be guessed or stolen. Compromised VPN credentials are valuable to cybercriminals because they can provide broad access to network resources.
Anticipating the increased dependence on VPN connections at the onset of the pandemic, the Department of Homeland Security issued an alert that warned organizations to expect an increase in attacks. In particular, officials reported that remote code vulnerabilities allowed hackers to run malicious code on unpatched servers. To mitigate such vulnerabilities, the DHS urged organizations to augment basic VPN security with a variety of additional measures.
At Converge Technology Solutions, we’ve made VPN security a key element of our Remote Work Enablement services. Our cybersecurity team is helping clients improve their remote access capabilities by implementing several additional layers of security on top of their standard VPN access. We recommend the following solutions and practices:
- Use multifactor authentication. VPN login with a username/password combination is too easily defeated. It is well-established that the vast majority of data breaches involve compromised passwords. MFA requires a combination of verification factors, such as something the user knows (a password or PIN code), something the user has (a security token or mobile app) and something the user is (a biometric identifier). Microsoft research shows that MFA blocks 99.9 percent of all automated cyberattacks.
- Implement Domain Name System (DNS) filtering. DNS filtering blocks users from accessing malicious domains, IP addresses, or cloud applications before a connection is ever established. When a user clicks a link or types a URL into their browser, it launches a DNS request to DNS resolving service. If the domain or IP address is known to be associated with malicious activity, access is denied. Cisco Umbrella is a secure Internet gateway that delivers DNS-layer protection at all ports and protocols along with direct-to-IP connections.
- Secure all endpoints. Remote workers may use a variety of devices to access network resources, which creates multiple attack surfaces. Endpoint security solutions usually consist of software loaded on a server or gateway appliance, where it can be accessed by devices with lightweight client software. The server authenticates logins from the endpoints, and it also updates the client software when needed.
Remote work is the “new normal” for most businesses today, and many will likely make it a more permanent option once the pandemic has passed, which means organizations should be prepared for long-term reliance on VPNs for remote network access.