Reset Search
 

 

Article

SA44399 - 2020-03: Out-of-Cycle Advisory: Pulse Secure recommendations for Enterprise VPN Security (AA20-073A)

« Go Back

Information

 
Product Affected
Problem
Many organizations are switching to alternate workplace options for employees in response to the rapidly spreading Novel Coronavirus (COVID-19). Malicious cyber actors will inevitably target VPNs and look for new opportunities to exploit employees working over unsecured networks.

Refer to KB43892 - What releases will Pulse Secure apply fixes to resolve security vulnerabilities? per our End of Engineering (EOE) and End of Life (EOL) policies.
Solution
To further protect your organization’s confidential information as your employees use VPN for telework, Pulse Secure recommends the following steps:
  • Upgrade VPNs and network devices used to remote into work environments to the latest corresponding supported versions.
  • Use strong passwords for VPN Authentication.
  • Implement multi-factor authentication (MFA) or time-based one-time passwords (TOTP) for VPN access.
  • Be on the lookout for phishing emails targeting teleworkers to steal their usernames and passwords and train your employees to protect themselves from phishing attacks.
  • Increase your company’s remote access security tasks: log review, threat detection, and incident response & recovery.
  • Ensure your remote access infrastructure has enough capacity to support the increased load.

Document History:
March 17, 2020 - Initial advisory posted

LEGAL DISCLAIMER
  • THIS ADVISORY IS PROVIDED ON AN “AS IS” BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.  USE OF THIS INFORMATION FOUND IN THIS ADVISORY OR IN MATERIALS LINKED HEREFROM IS AT THE USER’S OWN RISK.  PULSE SECURE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS ADVISORY AT ANY TIME.
  • A STANDALONE COPY OR PARAPHRASE OF THE TEXT OF THIS ADVISORY THAT OMITS THE DISTRIBUTION URL IS AN UNCONTROLLED COPY AND MAY OMIT IMPORTANT INFORMATION OR CONTAIN ERRORS.  THE INFORMATION IN THIS ADVISORY IS INTENDED FOR END USERS OF PULSE SECURE PRODUCTS.
Workaround
Implementation
Related Links
CVSS Score
Risk Assessment
Acknowledgements
Alert Type 
Risk Level 
Attachment 1 
Attachment 2 
Legacy ID

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255