Windows 10 News and info | Forum
October 30, 2020, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: National Security Agency warns that VPNs could be vulnerable to cyberattacks  (Read 85 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 31910


I Do Windows


WWW Email
« on: July 03, 2020, 04:39:11 PM »
ReplyReply

The National Security Agency issued a new cybersecurity advisory on Thursday, warning that virtual private networks, or VPNs, could be vulnerable to attacks if not properly secured. The agency's warning comes amid a surge in telework as organizations adapt to coronavirus-related office closures and other constraints.

A VPN allows users to establish private, encrypted connections to another network over the internet. They are used widely by corporations and other organizations to protect proprietary data from hackers while employees work remotely.

A senior NSA official who briefed reporters Wednesday said the increase in remote work had attracted the attention of potentially malicious cyber actors. 

"We certainly see adversaries focused on telework infrastructure," the official said. "We've seen exploitation and as a result, have felt that this was a product that is particularly helpful now."

VPN gateways in particular are "prone to network scanning, brute force attacks, and zero-day vulnerabilities," the NSA's advisory said. "[N]etwork administrators should implement strict traffic filtering rules to limit the ports, protocols, and IP addresses of network traffic to VPN devices."

The senior official said the NSA, whose employees deal daily with highly classified materials and systems, had taken its own steps to adapt to the pandemic, reducing some of its workforce to "mission-essential" for several weeks and introducing social distancing measures within its outposts.

The advisory was issued by the agency's Cybersecurity Directorate, which launched last October. Its mandate involves reinvigorating a set of missions the NSA has long had protecting government and private sector systems by accelerating, broadening and "operationalizing" its dissemination of unclassified threat information, according to officials.

The directorate has now issued over a dozen public advisories since its launch. In October, it warned that nation-state actors were targeting VPN devices. In January, it was behind the disclosure of a "critical vulnerability" in Microsoft's Windows 10 software something the agency might have once exploited, instead, as a hacking tool. And in May, in another rare move, it named a Russian military hacking unit that was secretly accessing commonly used email software. 

"Attribution is always interesting," the senior NSA official said Wednesday. "We do it if we believe it creates a sense of urgency to address a vulnerability."

The directorate's emphasis on information-sharing stems from a recognition that nation-states are getting more aggressive and more sophisticated in going after the government and non-government targets. Its leadership has said it is also a conscious effort to move away from stubborn perceptions that the agency is a secretive black box or "No-Such-Agency," as the NSA has been labeled. (Its foreign intelligence mission which involves intercepting signals and communications overseas is likely to continue avoiding the public eye.)

The agency has also broadened its presence on social media, launching an Instagram account, a dedicated Twitter account for the directorate, and even bringing its notoriously circumspect director to the platform. (Paul Nakasone has tweeted three times in three weeks.)

"General Nakasone has looked at the environment and said, 'We see adversaries increasingly using cyber to achieve national security objectives below the level of armed conflict,'" the senior official said. "'We're seeing rapid technological change, which just brings in a whole new set of vulnerabilities.'"

"It led him to say, 'We really need to up our game.'"

source
Logged


Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page October 04, 2020, 11:58:21 PM