VPN Password Spraying Vulnerability
As an MSP, customer security is a top priority. Unfortunately, cyber attackers are always finding new ways to exploit vulnerabilities in organisations’ networks. One such vulnerability that is becoming increasingly prevalent is “Password Spraying”. This attack involves hackers attempting to guess a few commonly used passwords across a large number of accounts, which can give them access to sensitive information and bypass traditional security measures such as account lockouts.
Recently, there has been an increase in Password Spraying attacks targeting firewalls offering SSLVPN connectivity, this includes WatchGuard firewalls. If a username and password is compromised, this could give the hacker access to your internal network resources, so we need to think about how to protect against this.
So, what can you do to protect your users and your organisation?
To combat this vulnerability and protect your networks, there are several recommended measures that can be taken. Firstly, implementing a strong password policy that requires users to create complex passwords that are at least 12 characters long, including a mix of uppercase and lowercase letters, numbers, and special characters is essential. It’s also important to educate users about the dangers of password reuse and encourage them to use a password manager to securely store their passwords.
The most effective measure against Password Spraying attacks is to implement multi-factor authentication (MFA) for all accounts using the VPN. MFA adds an extra layer of security by requiring users to provide an additional form of verification, such as a code sent to their phone, before gaining access to their account.
Finally, implementing “Geo-Fencing” can also help to mitigate authentication attempts outside of the “allowed” countries. Geo-Fencing is a location-based technology that allows businesses and organisations to set up virtual boundaries or “fences” around a specific geographic area. This can be achieved by utilising Geo Location, which comes as part of the Basic or Total Security License and can be set up to block authentication attempts against the SSL VPN outside of your trusted locations, such as the United Kingdom.
How can ADM help you achieve this?
If you would like to increase the security of your organisation using any of the methods mentioned above, please contact ADM Computing for further assistance.
Alternatively, please feel free to register for our upcoming events, where we will be covering a host of best practice security topics – including Multi-Factor Authentication and Conditional Access/Geo-Fencing.
Upcoming events:
In this session, Isaac Ford-Wilson will be highlighting some of the top cyber-security threats that have emerged with the uptake of remote working, and top tips and tricks for protecting your business from these threats & securing your remote or hybrid workforce.
Join us for an informative event on securing remote and hybrid work environments. We’ll cover key topics and share best practices to help your business stay secure. Our second session includes a live technical demo, showcasing MFA, Intune policy management, and email security in action.
Hybrid Work and Cybersecurity: A Deep Dive into the Latest Threats and Solutions
ADM also have the following offline resources available on-demand:
Password Manager overview: https://youtu.be/v7Yg534vW1U
Beginners guide to Multi-Factor Authentication: https://www.adm-computing.co.uk/a-beginners-guide-to-multi-factor-authentication/
For further information regarding the VPN password spraying vulnerability, please visit the Watchguard KB article WatchGuard Support Center
About ADM
Founded in 1984, ADM Computing is Kent’s largest and longest established IT services company specialising in IT support services that help to reduce IT costs as well as improve network efficiency. We have a long history of charity work and won’t be slowing down any time soon!
To keep up to date with all our latest updates, follow us on LinkedIn: ADM Computing LinkedIn
Blog Author
Thomas Slade – 2nd Line Engineer | ADM Computing – Established in 1984.
Thomas is a Watchguard Certified Engineer and Aruba Switching Certified Engineer who has been with ADM Computing for over four years – quickly progressing to his current role as a second line engineer. Thomas specializes in the implementation and configuration of network and edge of network security, helping to keep our clients’ data and systems safe and secure. His expertise and experience have been invaluable to our team, and we’re proud to have him as part of the ADM family.
