Virtual Private Networks (VPNs) allow users to remotely connect to a corporate network via a secure tunnel. Through this tunnel, users can take advantage of the internal services and protections normally offered to on-site users, such as email/collaboration tools, sensitive document repositories, and perimeter firewalls and gateways.
Because remote access VPN servers are entry points into protected networks, they are targets for adversaries. This joint NSA-CISA information sheet provides guidance on: Selecting standards-based VPNs from reputable vendors that have a proven track record of quickly remediating known vulnerabilities and following best practices for using strong authentication credentials.
