The Enterprise VPN is a common technology to support remote working during global pandemic outbreak. However, adopting enterprise VPN without proper risk assessment and corresponding mitigation measures could lead to a security incident. It is common to find that cyber-attacks targeting enterprise VPN appliances, while sensitive information disclosure and reputation damage due to ransomware campaign targeting unpatched VPN devices is one of the examples. To cope with the evolving cyber security risks, secure the enterprise VPN is essential nowadays.
HKCERT has published the “Enterprise VPN Security Guideline” to identify the common security issues in enterprise VPN implementation, provide security best practices for IT manager and IT staff to address the risks, and suggest corresponding countermeasures.
For details, please refer to the below link: