The NSA and CISA publish advice for selecting and hardening remote access VPN solutions

The National Security Agency (NSA) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) have joined forces to publish guidelines design to help people make informed choices when selecting a VPN.

In the joint NSA-CISA information sheet, the organizations provide help and advice in a range of areas including not only choosing a reliable, trustworthy VPN, but also how to configure a VPN for maximum security and a reduced attack surface.

See also:

• How to sign into Windows 11 automatically
• How to install Windows 11 on any computer, even those without TPM 2.0
• Most people neither know nor care about Windows 11

The document is fairly short -- just nine pages, two of which are references and a disclaimer -- but its publication is a positive response to the NSA and CISA noticing an uptick in hackers, including state-backed ones, taking advantage of known VPN vulnerabilities.

Much of the advice provided could be considered common sense, such as checking the transparency of a VPN provider, avoiding non-standard solutions, and ensuring coherence to cryptographic standards. Three key things users are told to look out for to avoid intrusion are:

• Use of signed binaries or firmware images
• A secure boot process that verifies boot code before it runs
• Integrity validation of runtime processes and files

When it comes to hardening VPN security and reducing attack surface, the advice is to restrict access to the management interface and disable unneeded functionality. What is not offered, however, are suggestions about particular products, services or settings that should be used.

The document, entitled Selecting and Hardening Remote Access VPN Solutions, is available to view or download here (PDF).

Image credit: Denys Prykhodov / Shutterstock