Skip to main content

Enterprise VPN Security Guideline

The Enterprise VPN is a common technology to support remote working during global pandemic outbreak. However, adopting enterprise VPN without proper risk assessment and corresponding mitigation measures could lead to a security incident. It is common to find that cyber-attacks targeting enterprise VPN appliances, while sensitive information disclosure and reputation damage due to ransomware campaign targeting unpatched VPN devices is one of the examples. To cope with the evolving cyber security risks, secure the enterprise VPN is essential nowadays.

Release Date: 9 Nov 2020 6519 Views





HKCERT has published the “Enterprise VPN Security Guideline” to identify the common security issues in enterprise VPN implementation, provide security best practices for IT manager and IT staff to address the risks, and suggest corresponding countermeasures.


It is divided into 3 sections:

(A)          Security management and planning

(B)          Security architecture, hardening and access control

(C)          Security monitoring and incident response


Please click “Enterprise VPN Security Guideline” to download.  (text only version) Should you have any comment or enquiry about the Guideline, you are most welcome to contact HKCERT via email: [email protected] or its 24-hour telephone hotline: 8105 6060.