YogeshChauhan . com

Steps to Secure a VPN

in Misc on February 11, 2020

REMEMBER this: Your VPN is only as secure as your authentication method. 

One of the easiest ways to compromise a VPN is by getting the authentication credentials. Users are the weak link in any network. It's easy to manipulate people and get something from them as we see in the daily news and life. All it takes is one user with a password to open a direct connection to your network. 

A best practice is to use two-factor authentication for VPN access.

As you have seen in Google login and many other websites as well. They are pushing users for two-step login.

Two-step login or two-factor authentication is a powerful method for login as it makes difficult for an attacker to break into your network.

This is a method of proving identity using two different authentication factors.

Authentication factors are something you know, something you have, or something you are. 

For Examples:

A smart card (something you have) 

with a PIN (something you know); 

a biometric device (something you are) 

coupled with a password (something you know); 

or a proximity card (something you have) 

that activates a fingerprint reader (something you are).

Regularly check the usage after deploying the VPN

When you notice employees, who are not using the VPN, remove their access. If you see employees who have multiple concurrent connections, you may have a security issue, and should investigate further.

Backup your VPN configuration regularly

This is a good practice for any network equipment, but in the event your VPN hardware fails and needs replacement, you'll want to be able to restore your known working configuration quickly. Rebuilding a VPN configuration from the default settings can be a long and challenging task.

Patch/Update your system regularly

Vendors typically release patches and updates for various reason throughout the life of the product. Sometimes just a quick bug fix, sometimes a security glitch fix. So, keep an eye out and install patches whenever they are available. 

In an ideal environment, you will have a development VPN that you can use to test patches and updates. 

In most environments, you will not have the luxury of a development VPN and will have to test when you implement in production. 

In either circumstance, work closely with your vendor to make sure you receive prompt notice of patches and updates, and establish an operational process and maintenance window to apply patches and updates in a timely fashion.


Most Read

#1 How to check if radio button is checked or not using JavaScript? #2 Solution to “TypeError: ‘x’ is not iterable” in Angular 9 #3 How to add Read More Read Less Button using JavaScript? #4 How to uninstall Cocoapods from the Mac OS? #5 How to Use SQL MAX() Function with Dates? #6 PHP Login System using PDO Part 1: Create User Registration Page

Recently Posted

Jun 16 What are Stored Procedures for SQL Server? Jun 16 What are Class Constants in PHP? Jun 15 A short basic guide on states in React Jun 15 How to define constants in PHP? Jun 15 How to define visibility for a property in PHP? Jun 15 How to use @if and @else in SCSS?

You might also like these

Introduction to components and templates Part 1: Component MetadataAngularPostgreSQL transactions using the BEGIN, COMMIT, and ROLLBACK statements.PostgresFunction Scope in JavaScript for BeginnersJavaScriptVariables scope and shadowing in SCSS (Sass)SCSSSelf-Driving and Intelligent NetworksMiscHow to embed YouTube or other video links in WordPress?WordPress