The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) today jointly released detailed recommendations for how to select a remote access virtual private network (VPN) product and provider as well as how to ensure it's configured properly security-wise.
VPNs increasingly have become a popular target of nation-state actors and cybercriminals who exploit vulnerabilities in the VPN software to gain a foothold in a targeted network.
NSA and CISA recommend only purchasing VPNs from "reputable vendors" that use strong authentication in their products and have historically patched any known vulnerabilities. They advise employing multi-factor authentication, regular and timely patching and updating, and disabling any features that are not specifically VPN-related.
Read the full guidelines, Selecting and Hardening Remote Access VPN Solutions, here.