There are a variety of ways security teams can address this problem. However, the right solution must be unobtrusive to the external party and err on the side of availability since most external users are either sales personnel, executives or business partners that cannot be denied access.
Network segmentation is the first basic step to address the VPN issue. Properly segmenting your VPN network and the networks most typically accessed by users will give you the ability to contain outbreaks when they occur. Segmentation can be performed at the network, sub-network and host level. At the network level, teams can utilize their Firewalls and IPS devices to segment major portions of the network. However, perhaps more importantly security teams need to properly segment individual subnets and limit who can access these networks and hosts. This can be performed easily using Virtual LAN and Access Control Lists. Performing proper segmentation across all three levels will enable security teams to contain outbreaks, control which users can access critical hosts and provide the fundamental level of security around their VPN segments.
Intrusion Prevention Systems (IPS) are an extremely useful solution to the VPN outbreak problem. Since an IPS is an inline device with automated blocking functionality there is always risk of falsely denying access. However, a properly tuned IPS looking for a discrete set of known malware can be highly effective in preventing outbreaks behind the VPN. Security teams should deploy an IPS device behind any and all VPN devices. Once an outbreak occurs these teams should move quickly to update their IPSs with the new attack signature and turn the blocking mode on when the device encounters this new threat. Security teams should then monitor the activity on this device to ensure that all malicious traffic is blocked, while not denying legitimate traffic. Managing this IPS process effectively will result in far fewer internal outbreaks and consequently security team headaches.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.