美國國安局公布VPN安全指南
武漢肺炎(COVID-19)讓愈來愈多的人在家工作與學習,使得虛擬私有網路(VPN)愈來愈普及,使用者透過VPN來連結組織網路,有鑑於此,美國國安局(NSA)近日公布了VPN安全指南,以避免VPN成為駭客的攻擊表面。
NSA表示,有許多組織目前正利用基於網路安全協定(IPsec)的VPN服務來連接遠端伺服器或啟用遠端辦公能力,利用加密來保護那些通過各個不可靠網路的機密資訊,因此,這些VPN必須採用強大的加密技術,於是他們決定列出常見的VPN配置錯誤與弱點。
NSA建議各大組織應該儘量減少VPN閘道的攻擊表面,確認其加密演算法是否符合國家安全系統政策委員會(CNSSP)的規定,避免使用預設的VPN設定,移除未使用或不合規定的加密套件,以及即時部署更新。
NSA解釋,VPN閘道直接面向網路,因而容易受到網路掃描、暴力破解攻擊或零時差漏洞的危害,為了減少這些弱點,網路管理員應該採用嚴格的過濾規則來限制連結到VPN裝置的傳輸埠、協定與IP位址的流量,如果無法指向特定的IP位址,那麼則應於VPN閘道之前部署入侵防禦系統。
而在VPN的設定上,許多的供應商都提供了預設配置,自動化的配置腳本程式,或是圖形使用者介面來協助組織部署VPN,這些工具會負責設定VPN的各個面向,包括ISAKMP/IKE與IPsec政策,然而,許多設定都納入了廣泛的加密套件來確保相容性,但NSA建議組織避免利用這些工具,以防它們允許那些不需要的加密套件,或者應檢查自動部署的所有設定,以刪除不符規定的加密套件。
在確保配置與設定的安全無虞之後,各組織也應即時部署供應商所提供的安全更新,以時時捍衛網路傳輸的安全性。
Securing IPsec Virtual Private Networks
Many organizations currently utilize IP Security (IPsec) Virtual Private Networks (VPNs) to connect remote sites and enable telework capabilities. These connections use cryptography to protect sensitive information that traverses untrusted networks. To protect this traffic and ensure data confidentiality, it is critical that these VPNs use strong cryptography. This
Maintaining a secure VPN tunnel can be complex and requires regular maintenance. To maintain a secure VPN, network administrators should perform the following tasks on a regular basis:
- Reduce the VPN gateway attack surface
- Verify that cryptographic algorithms are Committee on National Security Systems Policy (CNSSP) 15-compliant
- Avoid using default VPN settings
- Remove unused or non-compliant cryptography suites
- Apply vendor-provided updates (i.e. patches) for VPN gateways and clients
Reduce the VPN gateway attack surface
VPN gateways tend to be directly accessible from the Internet and are prone to network scanning, brute force attacks, and zero-day vulnerabilities. To mitigate many of these vulnerabilities, network administrators should implement strict traffic filtering rules to limit the ports, protocols, and IP addresses of network traffic to VPN devices. If traffic cannot be filtered to a specific IP address, NSA recommends an Intrusion Prevention System (IPS) in front of the VPN gateway to monitor for undesired IPsec traffic and inspect IPsec session negotiations.
Verify only CNSSP 15-compliant algorithms are in use
All IPsec VPN configurations require at least two items: (1) the Internet Security Association and Key Management Protocol (ISAKMP) or Internet Key Exchange (IKE) policy; and (2) the IPsec policy. If the cryptography on either of these policies is configured to allow obsolete cryptographic algorithms, the entire VPN is at risk and data confidentiality may be lost. Annex B of CNSSP 15 provides guidance on using strong cryptography [1]. As the computing environment evolves and new weaknesses in algorithms are identified, administrators should prepare for cryptographic agility: periodically check CNSSP and NIST guidance for the latest cryptographic requirements, standards, and recommendations.
When configuring ISAKMP/IKE, many vendors support having several possible ISAKMP/IKE policies. The device then chooses the strongest matching policy between the remote and local ends of the VPN. Some vendors do this through priority numbers and others through explicit selection. NSA recommends configuring only those policies that meet the minimum level of security and removing any legacy policies. Also, if priority numbers are used, the strongest ISAKMP/IKE policy should be the highest priority. Many vendors also support configuring multiple IPsec policies; however, these policies are normally explicitly configured for a specific VPN. NSA recommends utilizing the strongest cryptography suites supported by the network device.
The best way to verify that existing VPN configurations are using approved cryptographic algorithms is to review the current ISAKMP/IKE and IPsec security associations (SAs). NSA recommends using this approach when reviewing ISAKMP/IKE and IPsec configurations because it displays the exact cryptography settings that were negotiated. Otherwise, administrators may miss connections where a device is selecting a non-compliant algorithm that was a device default or left over from a previous VPN configuration.
If SAs are identified with non-compliant algorithms, administrators should immediately investigate why the VPN negotiated a lower cryptography standard and make appropriate configuration changes. Also, if utilizing pre-shared keys for VPN
