How to secure a Virtual Private Network? Guidelines by NSA

If you are using IPsec Virtual Private Networks in your office and thinking it’s encrypted then you are in misconceptions. Even encrypted IPsec VPN is no longer considered safe and secure because some of the settings in the VPNs are outdated and can be Maintaining a secure VPN tunnel can be complex and requires regular maintenance.

VPNs are essential for enabling remote access from small offices to big organizations everyone has a requirement for VPNs and connecting remote sites securely. However, without the proper configuration, patch management, and hardening, VPNs are vulnerable to many different types of attacks. To ensure that the confidentiality and integrity of a VPN are protected, reduce the VPN gateway attack surface, always use CNSSP 15compliant cryptography suites, avoid using vendor defaults, disable all other cryptography suites, and apply patches in a timely manner. Following the steps identified in this paper will ensure the most secure VPN configurations.

These are the below 5 Tips recommended by NSA:

  • Reduce the VPN gateway attack surface 
  • Verify the cryptographic algorithms are Committee on National Security Systems Policy (CNSSP) 15-compliant 
  • Avoid using default VPN settings 
  • Remove unused or non-compliant cryptography suites 
  • Apply vendor-provided updates (i.e. patches) for VPN gateways and clients