VPN from a Coffee Shop

The Network: A well known college system with 35+ locations and 30,000 students.

The Expectation: Remote access to data center resources are essential but are an attack vector, so monitoring is essential.

The Catch: EventTracker detected the same user had simultaneous successful logins but from geographically different locations.

The Find: The user was working from home but her ISP connection failed. She then proceeded to her favorite coffee shop and established a new VPN connection.

The Fix: There was nothing to be done. The old VPN connection timed out.

The Lesson: Remote access via VPN is often a vulnerability that is exploited by attackers. Careful review of the use of such back doors into the network bear close monitoring.

SOC Catch of the Day