Companies that have started using NEW VPNs in telework should be careful. –Remote Access Vulnerability Assessment

In response to the government’s declaration of a state of emergency to prevent the spread of the new coronavirus, a number of companies have started telework and more office workers switch to telecommuting. Nevertheless, companies that were not prepared have been quickly prepared without going through the usual implementation process, and it is necessary to inspect and review them as soon as possible. In particular, ssl VPN vulnerabilities should be taken care of.

Telework in response to emergency declarations
Is security okay in that environment?

As a new coronavirus, many companies have suddenly switched office workers to telecommuting. Some companies have been fully prepared for a long time, but that’s only a small part of it. For example, companies that were considering introducing a telework environment as part of a work style reform or disaster-prepared business continuity plan in preparation for the possibility of disrupting commuting due to the olympic and Paralympic games scheduled for the summer of 2020 would have been forced to revise their plans, such as a significant expansion of the target personnel, rather than a significant lye period. Rather, it might be a case of having made “Environment where it is possible to work from home somehow” in a panic while not doing such a examination hardly to think that it was the most.

Now that we’ve had to work in unfamiliar environments, we’re getting used to it, and we’ve got a little bit of room for the IT department that supports them. Now is the time to check the environment of this quickie and prepare for improvement. Of course, the circumstances are the only reason sought by any company, but it is security that should be addressed in a hurry. Even though the spread of new coronavirus infections around the world, cyber criminals are not closed, but rather targets to take advantage of social turmoil. The telework environment etc. of the quickie might become a good prey for such them.

SSL vulnerability was also discovered in 2019
Vpn Users who have not used it before should be careful

There are many items to check for security, but there are a few important points in a quick-to-get-on telework environment. For example, VPN features in network security products such as firewalls are one of the key security features that securely access on-premises internal systems from outside the company. However, with this declaration of emergency, there will be a lot of companies that use it for the first time. However, there is information to be careful about this VPN. Several SSL VPN products have been identified as affected by the vulnerability in 2019, and attacks targeting the vulnerability have also been identified. Some users who have not had a chance to use this feature until now are likely to verify the vulnerability, apply security patches and updates, and not take measures such as changing settings.

Even those familiar with cybersecurity are deeply concerned about the vulnerability of VPNs, which have increased in use as telework is promoted. Katsuya Furukawa, Senior Security Advisor, SecureWorks Marketing Business Division, is one of them. SecureWorks is a Japanese subsidiary of Secureworks, a global leader in the cybersecurity services industry, and is a professional group of cybersecurity companies engaged in a wide range of services, including threat intelligence, incident response, managed security services, and security-related consulting.

Secure Works Co., Ltd.
Marketing Division
Chief Senior Security Advisor
Katsuya Furukawa

“Companies that have quickly established a telework environment in response to a state of emergency declaration should have given priority to moving from office to telecommuting anyway. In the process, i am concerned that there are quite a few cases where vpn verification has not been sufficiently verified. In fact, there are many user companies that are concerned about security, and recently there has been an increase in the number of inquiries about security diagnostic services.”