NSA warns VPNs could be vulnerable to cyberattacks
The National Security Agency (NSA) has issued a new cybersecurity advisory warning that virtual private networks (VPNs) could be vulnerable to attacks if not properly secured. The agency's warning comes amid a surge in remote work as organizations adapt to coronavirus-related office closures and other constraints.
"Many organizations currently utilize IP Security (IPsec) Virtual Private Networks (VPNs) to connect remote sites and enable telework capabilities. These connections use cryptography to protect sensitive information that traverses untrusted networks. To protect this traffic and ensure data confidentiality, it is critical that these VPNs use strong cryptography. This guidance identifies common VPN misconfigurations and vulnerabilities," says the NSA.