VPN Access Can Be An Attack Vector

The Network: A well known college system with 35+ locations and 30,000 students.

The Expectation: Remote access to data center resources is essential but can be an attack vector, so 24/7/365 SOC monitoring is essential.

The Catch: Netsurion’s EventTracker detected the same user had simultaneous successful logins but from geographically different locations.

The Find: The user was working from home, but her ISP connection failed. She then proceeded to her favorite coffee shop and established a new VPN connection.

The Fix: There was nothing to be done. The old VPN connection timed out.

The Lesson: Remote access via VPN is often a vulnerability that is exploited by cyber attackers. Careful review of the use of such back doors into the network bear close monitoring.