The key to a secure remote business – a secure VPN


The work landscape has been radically changed by the current pandemic, Covid-19, which has forced entire workforces to work remotely. Of course, the concept of remote access is not new and has been an accepted reality for a few decades now, as many organizations have already introduced remote working to some degree. Additionally, reliance on the corporate network and underlying assets had already been reduced by the development of cloud computing and Software-as-a-Service (SaaS) applications, such as Salesforce. com and Microsoft Office 365. The CIO could always count on the fact that most of the company’s IT activity took place in buildings belonging to his organization.

Now everything has changed. The Covid-19 pandemic has resulted in social distancing measures and keeping all non-essential workforce away. Video calls have replaced meetings, work breaks, lunch breaks, even after-work drinks. This transition has been easier for more remote work-oriented workforces, but most employees are starting to find their feet in this brave new world. However, behind the scenes, the process is complicated. Many services still operate from a company-owned data center or infrastructure, which means that in most cases access to these services is protected by some form of VPN infrastructure. .

VPN has always been critical to the IT environment, but the crisis has worsened exponentially, so VPN is now at the very center of business operations. Not surprisingly, commercial vendors of these technologies are rapidly expanding their offerings, working hard to catch up with growing customer demand. VPN technologies are already quite mature and widely used to improve security, as it can be assumed that any organization that might be of interest to a state actor would have already deployed such an infrastructure.

Defend against attacks

An unfortunate result of the increased reliance on VPNs is that a range of adversaries will seek to exploit these technologies to achieve their goals, including launching brute force attacks on user accounts to gain unauthorized access. However, there are several other techniques that also need to be countered.

Over the past few years, a number of vulnerabilities in popular implementations such as Citrix Netscaler have been published. For several reasons, the publisher was not always able to quickly release patches to remedy the vulnerability that had been recognized. In fact, when patches are available, even the most prepared organizations can experience deployment delays. In fact, nation-state actors have used these vulnerabilities to gain a foothold on the VPN infrastructure and stage a successful intrusion of numerous targets. However, if a rigorous forensic examination is not performed, it can be difficult to determine if the systems have been compromised. Therefore, even applying the available patch would not be sufficient as there is a gap between finding the vulnerability and applying the patch.

The education and non-profit sector often uses packages such as OpenVPN, which are backed by a strong open source community. These are also widely used in small organizations. NETSCOUT’s recent H2 2019 Threat Intelligence report shows how a vulnerability in an OpenVPN was exploited and used to launch a large number of DDoS attacks against a range of targets over the past year. One of the main problems with OpenVPNs is that they are used on such a large scale that even if there is a patch available, there will still be a vulnerable device for an attacker to use.

Due to the growing importance of VPN today, NETSCOUT Arbor expects DDoS attacks against such remote access infrastructure to increase. Any failure or erosion of these services could have serious repercussions. In some cases, this flaw is inherent, for example if it was poorly designed or rushed. For example, if the VPN Concentrator and the public website are in the same netblock, an attack on the website could prevent remote access to the web infrastructure team and deny them the ability to make modifications to counter the threat.

There are several measures companies can put in place to protect against these attacks, for example:

  • Constantly and systematically patch and secure the VPN infrastructure
  • Implement two-factor authentication, this applies to all areas of the business, but is particularly vital for remote access
  • Ensure all VPN logs go to a SIEM and correlate to other security monitoring

One of the ways threat actors can inflict damage is by denying access via a DDoS attack. Therefore, in addition to being secure, it is crucial that the availability of this infrastructure is not impacted because without it, entire workforces will be shut down.

There are several ways for companies to protect the availability of a secure remote access infrastructure, for example:

  • Issue Acceptable Use Policies (AUPs) to the remote workforce and implement a split-tunnel VPN, both of these measures will protect the business from collateral damage during an online game-related DDoS attack
  • Avoid identifying the VPN infrastructure by not including it in the hostname, for example ‘https://vpn.[insertcompany].com’ immediately draws attention to the VPN
  • Protect infrastructure using a commercial DDoS protection service or an on-premise intelligent DDoS attack mitigation system (IDMS), or even a combination of the two

The pandemic has brought remote access to the forefront, but once that is over, it’s likely that remote working will be part of the “new normal.” Remote access is here to stay, so it’s important for businesses to protect themselves now and in the future.

Hardik Modi, AVP Engineering, Threat and Mitigation Products, NET SCOUT (opens in a new tab)

  • Also check out our list of the best VPNs (opens in a new tab)

Comments are closed.