

MFA enhances security by requesting that users provide two or more verifiable authentication factors before establishing a VPN tunnel. It, therefore, becomes essential to implement multi-factor authentication for your VPN. However, with the rise of credential stuffing and account takeover (ATO) methods, an attacker could ostensibly be in possession of valid user credentials and bypass single factor authentication. Verifying remote workers’ credentials ensures that only legitimate users have access to internal resources and applications.

User Authentication and AuthorizationĪuthentication consists of verifying the identity of users prior to establishing a VPN tunnel. Continuous endpoint security posture assessment mitigates subsequent risks by checking that endpoints have not become compromised after the initial VPN tunnel was established.
INBOX F5 VPN CLIENT PATCH
Such a strategy may imply systematic verification of the client machine certificate and verification of the client type and/or the version of the client browser, patch verification of the anti-spyware and antivirus software, and the inspection of the client firewall rules-as examples.Įndpoint security posture assessment generally occurs at the session initiation, prior to establishing a VPN tunnel, but it can also happen periodically during the user's VPN session. Endpoint security is a strategic approach for ensuring that a client device does not present a security risk before it is granted a remote access connection to the network. Therefore, it's important that you always ensure that an endpoint is safe prior to establishing a VPN tunnel. These endpoints become both entry points and prime targets for bad actors attempting to use them as attack vectors. Users typically initiate an SSL VPN tunnel from their endpoint devices, such as desktops, laptops, and mobiles. In this article, we’ll focus on some of the key areas that are critical in evaluating the security of your VPN. Attackers may no longer have to compromise sophisticated layers of perimeter security (proxies, WAF, intrusion detection, and so on) but merely a single vulnerability or an insecure implementation of a VPN could expose corporate assets and personal information. Similarly, the security risk to corporate assets also becomes one hop away. On-premises infrastructure effectively becomes “one hop” (or one click) away from the user device. Underscoring the severity, in March the United States Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued Alert AA20-073A on Enterprise VPN Security.Įssentially, VPNs extend the enterprise network perimeter and allow users to access corporate applications anywhere. Unfortunately-if unsurprisingly-attacks on VPNs have risen sharply alongside. Remote working has fast become the new normal and, correspondingly, the demand for VPN capabilities has skyrocketed.

Perennially important, virtual private network (VPN) security is now imperative given the current COVID-19 pandemic.
