Protecting VPNs from DDoS Attacks in the Age of Remote Work

Strong Cybersecurity: The Critical Role of Lifecycle Management - Security Magazine

As a result of the COVID-19 pandemic, more people than ever are working remotely. Because of this recent and rapid transition, users are accessing corporate resources from their homes and generating unprecedented amounts of network traffic.

IT departments face increased pressure to ensure business continuity by providing remote users with access to essential corporate applications and services through Virtual Private Networks (VPNs), which are designed to provide access to private networks through shared or public networks.

Due to the massive increase in home-based users, VPN gateways are running at or near capacity. Now more than ever, a relatively minor DDoS attack could bring down a VPN gateway, causing the business to shut down for remote home-based users.

That means corporate IT departments need to leverage all the tools at their disposal to keep loads manageable, so VPN gateways aren’t overwhelmed and unable to provide the access necessary for remote workers.

Consistent Availability is Crucial

Historically VPNs weren’t in constant use, but they’ve become the backbone of business during the COVID-19 pandemic. That means companies are far exceeding standard capacities and straining access to critical applications and resources. Hackers are also shifting their focus to exploit new vulnerabilities.

These cybercriminals know corporations are more exposed while employees are working remotely and weathering a pandemic. That’s all the motivation they need to launch targeted attacks, which can crash servers and burden systems of any size.

Because of this, businesses need to remain vigilant by putting DDoS detection and protection front and center in their security protocols. IT departments need to track the threat landscape to safeguard network infrastructure, installing the latest software patches and ensuring there are appropriate measures in place to mitigate risks. By doing so, they will strengthen defenses and allow users to have VPN access while they’re working remotely.

Enterprises should also calibrate VPNs so they can support the needs of the entire workforce. The networks need to be available consistently and have as many protections as possible because they’re more vulnerable to attack outside of the corporate network.

IT teams also need to educate users on best practices to ensure they don’t over-burden VPNs. By smartly monitoring systems and managing hardware, companies will ensure they have the visibility they need to maintain access for remote workers.

Getting a ‘Big Picture’ View

It’s difficult for IT professionals to determine what’s happening to the VPN if a cyberattack occurs during high traffic volume, as even a low-volume DDoS attack can overload the system. They need real-time visibility into network firewalls and VPN concentrators, as well as the ability to tune DDoS policy parameters. It’s also essential to understand normal VPN traffic levels so that thresholds can be accurately set. IT departments need access to end-to-end visibility and real-time performance monitoring to ensure that only relevant network traffic is allowed to reach VPN concentrators, so they can mitigate issues before they become a problem.

IT administrators need to ensure that remote access session termination capacity, bandwidth and throughput are horizontally scalable so that they can be supplemented as demand warrants. They should also implement reasonable per-session bandwidth and throughput quotas on remote access sessions and enforce acceptable use policies for remote personnel.

The COVID-19 outbreak and resulting influx of remote workers have made VPNs critical in maintaining business continuity. But, maintaining access only works if enterprises have the right visibility and monitoring to ensure their VPN gateways aren’t overloaded or become susceptible to DDoS attacks.

Tom Bienkowski has been in the network and security field for over 20 years. During this time, he worked for large enterprises as a Network Engineer and for multiple network management and security vendors where he has had roles in Sales Engineering/Management, Technical Field Marketing and Product Management. He currently serves as Director of Product Marketing focusing on NETSCOUT's industry-leading DDoS protection solutions.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.