As part of our client school district's response for Corona virus preparedness, we see an uptick in requests for VPN access into the school district's networks. With the potential increase in VPN users and remote connections into your district's systems, we thought now would be a good time to remind you of a few best practices around VPN use:
- Each user should have a unique VPN account, no sharing of ID’s between users or departments.
- Remote Endpoints should have a robust endpoint protection product install on them. A VPN connection is a tunnel between the remote device and your internal network. Whether district managed (preferred) or not, those remote endpoints should have an advanced endpoint protection client like CS-EDR, or Cisco AMP for Endpoints installed on them. Failure to do so increases the risk of the remote machine being a conduit for malware. Or for an attacker to gain access to your internal network.
- For even more robust security and control on VPN accounts, consider adding multi-factor authentication capability for your VPN access using DUO.
- For even more robust DNS security on mobile devices when outside your network, consider adding Cisco Umbrella roaming client protection to the device (Windows, MacOS, iOS devices).
If you need assistance with your remote access VPN strategy to provide appropriate access while maintaining proper security, give us a call.