Colleges Need to Patch VPNs Regularly
Like all technology components, VPNs require regular maintenance. Whether they run on dedicated VPN hardware or use software to run on standard servers, VPNs contain potentially vulnerable software and firmware. Emerging threats, design flaws and code bugs create issues that, when discovered, may allow attackers to compromise VPN connections.
By their nature, VPN devices must be exposed to the outside world to allow inbound connections. This places them in the same risk category as web servers, mail servers and other intentionally exposed systems. It also increases the importance of protecting them against known exploits.
Security teams should place VPN patching high on their priority list. Monitor the security announcements from vendors associated with your institution’s VPN deployment and apply patches immediately after they’re released. Once a security announcement occurs, the race is
on between attackers hoping to exploit a new vulnerability and defenders trying to secure the VPN from attack.
Also, don’t forget that all components in a VPN stack require regular maintenance. IT departments using server-based VPNs must ensure that the operating system supporting the VPN server also receives regular updates and is protected against compromise.
MORE ON EDTECH: Learn how to prepare for campus readiness while cutting costs.