HKCert
Security Blog

Enterprise VPN Security Guideline

Release Date: 09 / 11 / 2020
Last Update: 09 / 11 / 2020

 

 

The Enterprise VPN is a common technology to support remote working during global pandemic outbreak. However, adopting enterprise VPN without proper risk assessment and corresponding mitigation measures could lead to a security incident. It is common to find that cyber-attacks targeting enterprise VPN appliances, while sensitive information disclosure and reputation damage due to ransomware campaign targeting unpatched VPN devices is one of the examples. To cope with the evolving cyber security risks, secure the enterprise VPN is essential nowadays.

 

HKCERT has published the “Enterprise VPN Security Guideline” to identify the common security issues in enterprise VPN implementation, provide security best practices for IT manager and IT staff to address the risks, and suggest corresponding countermeasures.

 

It is divided into 3 sections:

(A)          Security management and planning

(B)          Security architecture, hardening and access control

(C)          Security monitoring and incident response

 

Please click “Enterprise VPN Security Guideline” to download. Should you have any comment or enquiry about the Guideline, you are most welcome to contact HKCERT via email: [email protected] or its 24-hour telephone hotline: 8105 6060.