NSA on Securing VPNs
The NSA’s Cybersecurity Directorate—that’s the part that’s supposed to work on defense—has released two documents (a full and an abridged version) on securing virtual private networks. Some of it is basic, but it contains good information.
Maintaining a secure VPN tunnel can be complex and requires regular maintenance. To maintain a secure VPN, network administrators should perform the following tasks on a regular basis:
- Reduce the VPN gateway attack surface
- Verify that cryptographic algorithms are Committee on National Security Systems Policy (CNSSP) 15-compliant
- Avoid using default VPN settings
- Remove unused or non-compliant cryptography suites
- Apply vendor-provided updates (i.e. patches) for VPN gateways and clients