Protect VPN gateways against DDoS attacks while working from home


According to a study by NortonLifeLock, 21% of French people said they had detected unauthorized access to one of their accounts or to a device since the start of the first lockdown in March 2020. With the development of teleworking during the COVID pandemic -19, businesses today rely heavily on network connectivity, and virtual private networks (VPNs) are now widely used to conduct business remotely. However, this situation exposes organizations to threats from Distributed Denial of Service (DDoS) attacks and protecting computer networks is of major importance.

According to Philippe Alcoy, Security Specialist at NETSCOUT, the massive use of remote access technologies such as VPNs, during the health crisis, requires strict supervision and the application of security measures to deal with the development of DDoS attacks. .

“? The adoption of telework during the health crisis encouraged the exploitation by cybercriminals of vulnerabilities induced by changes in digital uses, with many users no longer being protected by corporate security. In most organizations, secure virtual private networks (VPNs) are invaluable tools for connecting telecommuting employees. They make it possible to establish a tunnel between a user and the corporate network, but also to protect the latter, mainly through encryption.

However, these practices were then ad hoc, but, due to the containments imposed by the pandemic, VPNs have become targets of choice for cybercriminals, who use in particular distributed denial of service (DDoS) attacks, which are more insidious and less obvious. as phishing or ransomware attacks for the uninitiated. Hackers disrupt these points of connectivity and prevent employees from accessing essential business applications. According to our research, 839,083 DDoS attacks per month were referenced in 2020, for an increase of nearly 130,000 attacks compared to 2019. We have also seen that the increased use of VPNs during the pandemic was at the origin of the service interruptions suffered by 83% of the companies victims of attacks DDoS in 2020, an increase of 21% over the previous year.

In this context, various measures are recommended in order to more effectively defend these vulnerable access points against cybercriminals. First, most Software as a Service (SaaS) vendors use DDoS protection to ensure the availability of their services. This is why it makes sense to use SaaS services for common business applications, content sharing, collaboration and communications, because these connections are already well protected. Furthermore, deploy intelligent DDoS attack mitigation systems will protect all organizational resources, as well as supporting infrastructure such as remote access technology, against DDoS attacks.

In addition, the use of Internet transit links dedicated to VPNs makes it possible to fight effectively against DDoS attacks. Indeed, if these are not associated with components, such as DNS servers or publicly accessible websites, it will be more difficult for cybercriminals to prevent IT departments from reacting when their security skills are needed. In addition, it should be ensured that remote access mechanisms are integrated into the organization’s authentication, authorization and accounting systems, and that they require the use of multi-authentication technologies. -factors (MFA) for user access. This user verification will strengthen access protection.

Knowing that cybercriminals are serious about educating themselves before launching targeted DDoS attacks, it is essential not to make it easy for them. To do this, it is best to avoid DNS names such as “? Vpn?” for the concentrators, and rather be based on an agreement containing practical information for the operational personnel but not divulging any key information to the criminals, thus delaying their mischief. They therefore waste time, and IT teams can then identify their activity on the network and block them more effectively. This therefore guarantees a serene working environment for teleworkers., as well as disruptive productivity for organizations.? ”