On Monday we ran an article highlighting the importance of security updates and patches on VPN software, especially when those fixes apply to zero-day vulnerabilities.
Quick Definition
The zero-day vulnerability is the gap between a cyber security flaw being discovered and the patch to fix it being applied to your systems. Your organisation is vulnerable to attack during this gap.
Longer Definition
I wrote about that here:
But I want to talk about VPNs today…
The incident featured in Monday’s article was a cyber security issue at Nominet, when a zero-day flaw was exploited – see the details here.
One of the cyber security incident fixes deployed by Nominet was enforcing the use of VPNs (Virtual Private Networks) to connect to their systems. VPNs are managed tunnels through the insecure internet to secure organisation systems. I am an advocate of the use of VPNs for clients and for myself when outside our secure network. Using a VPN means that information passed across the internet or through a network that you cannot verify, such as free WiFi in a hotel or even a client’s network, remains a secret from snoopers. Snoopers include threat actors, network monitoring systems or ISP logging.
However, Nominet’s cyber security issues arose because of a zero-day flaw with third-party VPN software they were using.
Catch 22!
Your Takeaway
You and your staff should be using a VPN when connecting to company systems from insecure networks. But do not forget that a vigorous patching policy should be part of your organisation’s Cyber Security Policy.
Some VPN Questions.
Is the network you are reading this on secure? Are you sure?
Do you have a vigorous patching policy?
Do you monitor that the patching policy is followed?
Next…
A guest blog about encryption.
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
Photo by Anthony DeRosa
