What security controls, monitoring, and logging should be enabled for remote VPN access and users?


Some of the security controls for Virtual Private Networks are-

  • Multi-factor authentication – at least two of the following factors – something you know, something you have, and something you are
  • Password authentication should be through Extensible Authentication Protocol-Transport Level Security (EAP-TLS)
  • Passwords should be in compliant with the organization’s Password Policy
  • All communication and data flow should ensure strong encryption and should be through Layer Two Tunneling Protocol (L2TP) over Internet Protocol security (IPsec)
  • All connecting clients should first be routed to the Network Access Control server (NAC or Microsoft NAP) for a health check, and only if found “clean” (no malware and all applications hardened) it should be allowed to proceed with the connection and data transfers
  • All access connections and remote activities should be logged with timestamps and usernames
  • All connection-end and log-off activities should be logged with timestamps
  • All logs should be monitored for anomalies, analyzed, and reports of usage generated
  • All logs should be stored in a centralized server (Security Information and Event Management systems)