First, don’t use outdated or compromised private network (VPN) software or other vulnerable edge access tools. It is important to have some sort of process in place to identify security issues in your remote access software and be prepared, if necessary, to make the difficult decision to disable remote access in the event that a vulnerability is identified for which no patch is readily available. .
Make sure you have ways to communicate such difficult decisions and make sure stakeholders understand why you are pulling the fire alarm and restricting access if necessary.
Consider removing SSL or a web-based VPN
If you don’t have the ability to manage or maintain remote nodes, at least make sure you move to some other type of way to manage and maintain this remote access software. If you only have access to an on-premise patching tool such as Windows Software Update services, you may need to invest in cloud solutions such as third-party patching tools or Intune to maintain remote assets.
Source link