Making use of VPN services is something that has increased a lot in recent times. Especially with teleworking, many users have had to opt for this type of tool. However, we must bear in mind that we must avoid risks that compromise our data and systems. Therefore in this article we want to echo a series of strategies that have been recommended by the NSA to use VPN security .
Strategies for securely using VPN services
The NSA has wanted to give a series of recommendations for all those users (both individuals and organizations) that use VPN services . As we know we have at our disposal a wide range of possibilities. We can use free and paid programs that are available on both mobile devices and desktops, more complete options in terms of available servers, speed improvement …
However, to all this we must also add the importance of security. The objective is to avoid falling into errors that compromise our privacy and the proper functioning of the equipment. For this we can take into account certain interesting aspects and we want to show what strategies the NSA recommends.
One of the most important pieces of advice they give is to only use cryptographic algorithms that comply with CNSSP 15 . They detail what encryption protocols we can use with total security, since they are considered as such for the NSA, so for any particular user or organization they will also be. Here we can include 256-bit, SHA-256 and AES-128, as well as to protect higher level information that would be 384-bit, SHA -384 and AES-256.
Change defaults, key
They also indicate that it is important not to use the default VPN settings . They advise changing the values, configuring the parameters related to security and privacy so that we do not leave anything open to a possible cyber attack.
Another interesting aspect they recommend is to remove any crypto sets that are not being used or do not comply with the basic measures. They indicate that automated tools can sometimes leave residual cipher suites after configuration and leave VPNs vulnerable to possible attacks.
They also advise reducing the attack surface of VPN gateways as much as possible. They ensure that these doors tend to be accessible directly from the Internet. This could mean that they allow you to scan networks, allow brute force attacks or zero-day vulnerabilities.
Finally, something that is essential in all kinds of tools that we use, VPNs must be properly updated . There are many occasions when vulnerabilities and flaws can arise that are exploited by hackers. This is normally corrected through patches and updates released by the developers themselves. On the one hand, with these more current versions we are going to improve performance and functionality, but we will also avoid security risks that may be exploited against us.
In short, these are the main recommendations given by the NSA to use a VPN service with total security. We already saw in another article how a VPN could affect privacy.
