If you’ve heard anything about zero trust network access (ZTNA), you’ve likely heard the above phrase. Verifying identity is at the crux of zero trust, and identity and access management is how you make it happen. But isn’t it enough to use multi-factor authentication? Not exactly. In this post, we’ll dive into everything you need to know about the role of identity and access management in zero trust architectures and environments. 

Introduction to zero trust Identity and Access Management (IAM)

Let’s face it: there is no shortage of cyberattacks in the news. Threat actors are looking for ways to compromise your company’s security – and small or mid-size businesses are not immune to these threats. In fact, 61% of SMBs reported being hit by a successful cyberattack in 2023.

The traditional security model – which relied heavily on perimeter defenses like firewalls – is no longer sufficient. This is where zero trust Identity and Access Management (IAM) comes into play. Zero trust IAM is the discipline that ensures every user, device, and application are continuously verified before gaining access to resources. In doing so, the goal is to mitigate the risks associated with data breaches and cyber-attacks.

What is the difference between zero trust Identity and Access Management (IAM) and Zero Trust Network Access (ZTNA)? 

ZTNA and IAM seem quite similar on the surface level.

According to Gartner, “Zero trust network access (ZTNA) is a product or service that creates an identity- and context-based, logical access boundary around an application or set of applications.” 

Doing this hides the apps from discovery and restricts access using a trust broker and a set of named entities. The broker verifies users based on identity, context, and policies — and stops lateral movement in the network. Because application assets are removed from public visibility, potential attack surface is reduced. 

However, ZTNA is not one singular product or service, but is a collection of services and solutions that work together to accomplish the principles of zero trust and least privilege.

One such technology that works in tandem with others to achieve ZTNA is IAM. 

Gartner defines IAM as “a security and business discipline that includes multiple technologies and business processes to help the right people or machines to access the right assets at the right time for the right reasons, while keeping unauthorized access and fraud at bay.”

Unlike traditional IAM devices or technology, which typically rely on a one-time verification at the network boundary, zero trust IAM requires the user to continually verify. 

In other words, IAM is the discipline that enforces zero trust principles. 

The evolution of Identity and Access Management

Initially, IAM systems were designed to manage user identities and control access within the boundaries of a corporate network. However, with the boom in cloud computing, mobile devices, and remote work, the scope of IAM has expanded to include external users and resources. This evolution set the stage for the adoption of zero trust principles, which are essential for protecting distributed and dynamic environments.

Why zero trust is crucial for modern security

Zero trust addresses the limitations of traditional security models by assuming there are threats both inside and outside of the network. Zero trust requires strict verification of all access requests, regardless of their origin – deploying least privilege access so bad actors can’t gain access to an entire network just because they have the compromised credentials of one person. This reduces the risk of unauthorized access and ensures that security measures are applied consistently across the entire network.

Core principles of zero trust IAM

The core principles of IAM do not differ greatly from those of zero trust as a whole. These principles require businesses to take the following steps. 

Verify explicitly

To verify explicitly means that every access request is thoroughly checked and authenticated. This involves validating the user’s identity, the health of the device, and the context of the request. Only after these criteria are met is access granted. This also means that you cannot assume that just because a request is coming from a previously trusted device or IP address, that it does not need to be verified. 

Use least privilege access

Least privilege access, or role-based access control, means that there is not a single employee – even those at the top of the corporate ladder – who has access to every single system. Instead, different roles will have access to different technologies necessary to complete their job functions. This simple measure ensures that users are granted the minimum level of access necessary to perform their duties, thereby limiting the potential damage that can be caused by compromised accounts or malicious insiders. In other words, even if someone is a victim of a phishing attempt and their information is compromised, the bad actor would not be able to access every application being used by a company. 

Assume breach

Assuming that there has been a breach is a fundamental principle of zero trust. This involves designing security measures with the assumption that an attacker has already infiltrated the network. This mindset, however stressful it may seem on the surface, encourages the implementation of robust monitoring, rapid incident response, and continuous improvement of security practices.

Components of zero trust IAM

Now that we’ve covered what zero trust IAM is and why it matters, let’s dive into the technical details you need to know. There are several components of IAM that you can incorporate into your security strategy, but you don’t necessarily have to use them all. These include: 

Multi-Factor Authentication (MFA)

MFA tools add an extra layer of security by requiring users to provide multiple forms of verification before accessing resources. This significantly reduces the risk of account compromise due to stolen credentials. This can be done through a third-party authentication tool. 

Single Sign-On (SSO)

SSO simplifies the user experience by allowing users to authenticate once and gain access to multiple applications. This should be used in conjunction with MFA and may also use SAML. SSO not only enhances convenience but also improves security by reducing password fatigue.

Identity Federation

Identity Federation allows different organizations to share identity information, enabling seamless access to resources across organizational boundaries. This is particularly useful for businesses that collaborate with partners and vendors.

Privileged Access Management (PAM)

PAM involves managing and monitoring privileged accounts that have elevated access to critical systems. For example, if you have someone in IT with access to multiple critical systems, you may want to implement PAM. Utilizing PAM helps prevent misuse of privileged credentials and ensures that high-risk actions are closely monitored.

Continuous monitoring and analytics

Continuous monitoring and analytics involve the real-time collection and analysis of data to detect and respond to security incidents. This may take a bit more effort and to some extent may be automated by various types of software or features, but this will help you assess user behavior and access patterns so that organizations can identify and mitigate threats more effectively.

Implementing Zero Trust IAM for SMBs

We know what you might be thinking: “This all sounds great, but how do we put this into real-world use?” 

To start, you’ll need to understand that IAM vendors are often separate from your VPN provider (but should still be compatible). Once you’ve considered your VPN vendor and your IAM options, our step-by-step guide can help. 

Step-by-step implementation guide

Implementing zero trust IAM can be broken into a few simple steps, which are fairly similar to getting started with ZTNA as a whole:

• Start by conducting a thorough assessment of your current security posture. Identify critical assets, users, and access points. Use this time to think like an attacker. Where are weak points? Where are strengths? Who has access to which platforms?
• Next, strengthen the authentication process by implementing MFA and SSO. Remember, no device is trusted when it comes to zero trust; you must always verify.  
• After you’ve set up MFA and SSO, segment user groups and user access. At this point, you can deploy PAM solutions to control privileged access. 
• Finally, integrate continuous monitoring and analytics to detect anomalies. You may do this through software you already use, like your VPN software, or you might do this through a combination of manual and automated means. Appoint specific people to own the monitoring portion of your strategy as well so nothing can fall through the cracks. 

Key technologies and tools

Few, if any, providers exist who can provide all aspects of ZTNA. That’s because IAM and zero trust are not able to be turned on with the flip of a switch. That would be like saying that you can implement all cybersecurity in one toggle – it isn’t going to happen. (So sorry if you had hoped otherwise, we do hate to burst your bubble.) However, there are a few tools and technologies you can combine to achieve your zero trust goals. 

Identity Providers (IdP)

Identity Providers authenticate and manage user identities, ensuring that only authorized users gain access to resources. Examples include Microsoft Azure AD and Okta.

Access Gateways

Access Gateways control access to applications and resources, enforcing zero trust principles. They act as intermediaries that verify and authenticate access requests.

Security Information and Event Management (SIEM) systems

SIEM systems collect and analyze security data from across the network. They provide valuable insights into potential threats and help organizations respond to incidents swiftly.

Challenges and considerations for small businesses

When you have an enterprise-sized business with additional resources and people to implement new technologies and strategies, this doesn’t seem very large of an undertaking. But, when you have a smaller business with a team who wears many hats and fills many roles, it’s a different story. There are a few things to consider as you work through ZTNA implementation and IAM practices. 

Managing change and user adoption

Let’s be real with each other: one of the primary challenges in implementing zero trust IAM is getting people on board with using it, especially when it requires them to take additional steps. User adoption is tough when you have to move quickly. That’s why it’s essential to communicate the benefits of the new security measures and provide training to help users adapt.

Integrating with existing systems

Integrating zero trust IAM with existing systems can be complex. It requires careful planning and execution to ensure seamless integration without disrupting business operations. Whether looking into SAML for SSO or another type of technology, you’ll need to make sure your systems integrate seamlessly. 

Scalability concerns

Scalability is a critical consideration for small businesses – after all, as you grow you don’t want to be strapped into costly solutions that won’t grow with you. Ensure that the chosen zero trust IAM solutions can scale with your business as it grows.  

Regulatory compliance

Compliance with regulatory requirements is another challenge. For example, you may need to remain SOC 2 compliant, which means you need additional security measures. Implementing zero trust IAM can help businesses meet these strict compliance standards by providing robust security measures and audit trails.

Work-from-home considerations

With the rise of remote work, ensuring secure remote access for no matter where your team is located is a game-changer. Zero trust IAM provides the necessary controls to secure remote access and protect sensitive data, even if they are on an unsecured network at a coffee shop or connecting from the airport. 

Future trends in zero trust IAM for small businesses

We mentioned earlier that zero trust IAM has evolved, and that evolution is not over. In the future, we believe the following technologies and trends will grow: 

Artificial intelligence and machine learning in IAM

You can’t log onto LinkedIn or any news apps without seeing a headline about AI lately – and for good reason. Regardless of whether you think AI is not all that it seems, AI and machine learning are poised to revolutionize IAM by enabling more sophisticated threat detection and response capabilities. These technologies can analyze vast amounts of data to identify patterns and anomalies that may indicate security threats.

The role of biometrics

Biometric authentication, such as fingerprint and facial recognition, is becoming increasingly popular. What once seemed futuristic as it was added to our mobile devices has become the standard on laptops and other pieces of technology. Biometrics offer a higher level of security and convenience compared to traditional authentication methods, and when used in conjunction with MFA can offer better security and protection overall. 

Decentralized identity and blockchain

Decentralized identity solutions, powered by blockchain technology, provide users with greater control over their identities. This emerging trend promises to enhance privacy and security in the digital world.

Conclusion

Zero trust and IAM are just the beginning when it comes to security of your business, yet they are a foundational and pivotal piece of the puzzle. By verifying every access request, using least privilege access, and assuming breach, organizations can significantly enhance their security posture. Leveraging technologies like MFA, SSO, and continuous monitoring, small businesses can implement zero trust IAM effectively. As the landscape continues to evolve, you’ll need to verify customers, workforce users, and IoT devices without disrupting user experience. 

With OpenVPN, you can implement the essential tenets of ZTNA while protecting your remote or hybrid workforce through encryption – all without slowing their internet speeds. Get started for free today or check out our interactive product tour on how to enforce zero trust with CloudConnexa. You can also take a look at OpenVPN pricing to see how you can save on your secure remote access and network security strategy. 

Not sure you’re ready to get started? Check out our IT Admin’s Guide to Evaluating Network Security Solutions (no email address or form required!). Don’t forget to save the free vendor evaluation checklist on page 27! 

Understanding shadow IT and its implications

Shadow IT refers to the use of unsanctioned applications, devices, and services that fall outside the purview of an organization's IT department. It often comes up because of the need for agility and speed in a fast-paced digital environment — and with so many teams going remote in the last few years, it makes sense that it would be on the rise. Transitioning to remote work can make IT resources more difficult to access, and shadow IT almost always answers a need for ease of use. However, this decentralized approach to building systems, without the support or guidance of IT experts, can lead to data exposure, compliance breaches, and increased security risks. 

Introducing Zero Trust Network Access (ZTNA)

Zero Trust Network Access (ZTNA) operates on the premise of "never trust, always verify." Unlike traditional network security models that rely on perimeter defenses, ZTNA takes a more granular and dynamic approach. It verifies every user and device attempting to access resources, regardless of location. A true ZTNA architecture also verifies every application used in-network — and blocks everything else. By adopting the principles of least privilege, ZTNA ensures that users only gain access to the specific applications and data they require, reducing the attack surface significantly. This paradigm shift marks a fundamental departure from the traditional perimeter-based security model, offering a more robust and adaptive defense against cyber threats.

Leveraging ZTNA to address shadow IT challenges

ZTNA has emerged as a potent tool in tackling the challenges of shadow IT. By implementing ZTNA best practices — namely, granular access control and robust authentication — organizations can identify and discover unauthorized applications and services lurking within their networks. Granular access control in ZTNA reduces the impact of any single individual who might use unsupported tools. It mitigates the damage they could inadvertently do if they're hacked — and it's easier for administrators to catch when an attack does occur. Strong authentication and multi-factor authentication (MFA) can also add an extra layer of protection, verifying the identity of users and devices to thwart unauthorized access attempts.

Real-time monitoring and analytics form an integral part of ZTNA, allowing leaders to detect and respond swiftly to shadow IT activities. The ability to monitor and evaluate access events in real time empowers leaders with greater visibility, which gives them the opportunity to take proactive measures before security incidents escalate. Blocking apps that aren’t approved elements of the in-house security plan hits shadow IT head-on in a way that’s clear to both admin and users. Integrating ZTNA with cloud security solutions ensures a consistent and unified approach to protect data across all environments.

Empowering leaders with the tenets of ZTNA 

The responsibility lies with IT, security, and operations leaders to drive the adoption of ZTNA and enforce best practices across their teams. Building awareness and educating employees about the risks of shadow IT and the benefits of ZTNA are crucial steps in fostering a security-conscious culture. It’s essential your IT and security teams collaborate closely to make sure your ZTNA policies align with organizational goals. Security measures and business goals should not be at odds; they should work together. 

Your team will be key to full ZTNA adoption. By encouraging employees to take ownership of cybersecurity practices, organizations can fortify their defenses against shadow IT. Regular monitoring and evaluation of ZTNA effectiveness provides insights into potential areas of improvement, paving the way for continual growth for your cybersecurity strategy and improving your security posture.

Future trends and considerations

As we navigate the future, emerging trends in shadow IT demand our attention — the rise in virtual networks and IoT particularly make shadow IT more and more complex. The landscape of ZTNA is also evolving, with advancements in technologies like AI-driven threat detection promising to fortify digital defenses further. Managing shadow IT is a pressing challenge for organizations seeking to secure digital assets. However, by embracing ZTNA's principles of least privilege, strong authentication, and real-time monitoring, leaders can safeguard their organizations from the cybersecurity risks posed by this issue.

The risk of shadow IT will be around for some years yet, but by aligning our strategies with the emerging trends that put our data at risk, we can mitigate that risk accordingly — and stay securely connected. 

At OpenVPN, we strive to continually improve and enhance our products. We’re pleased to introduce the new OpenVPN Connect version 3.4.0 for Android. This release includes major updates of OpenVPN and OpenSSL libraries, three new levels of security for increased user flexibility, and more.

What is OpenVPN Connect 3.4.0 for Android?

The OpenVPN 3 version 3.8 library is the most recent version of OpenVPN 3, the core VPN protocol used to set up and transport data in the VPN tunnel. This update includes several bug fixes for an improved user experience.

OpenVPN Connect relies on OpenSSL to create secure connections. OpenSSL 3.0 is the latest major version of OpenSSL. It is essential to keep the key security components up to date, and this update does exactly that with the OpenSSL toolkit.

Good to Know: Because the OpenSSL 3.0 library has disabled deprecated ciphers like the BF-CBC cipher (among others),  we recommend that Access Server users operating older installations that rely on the BF-CBC cipher upgrade both server and client software. CloudConnexa service is unaffected.

While we always encourage use of the latest secure technologies, we understand that some of our customers require additional time to migrate their deployments. While the insecure ciphers have been disabled by default, we have introduced a “Security Level” setting to help facilitate continued use of OpenVPN Connect during the migration period. This setting enables use of "legacy" or "insecure" ciphers in the app.

For the latest updates on OpenVPN Connect for Android, take a look at our release notes here.

Recommended Reading: Three Benefits of Using an SSL VPN for Business

Why does the OpenVPN Connect 3.4.0 for Android update matter?

The latest version of OpenVPN Connect for Android provides users several valuable benefits:

1. It keeps the OpenSSL toolkit current.
2. The new “Security Level” settings enable the use of “Preferred, "Legacy," or "Insecure" ciphers in the app for greater user flexibility. Note: the Preferred and Legacy security levels use the most secure ciphers.
3. It features several bug fixes, including one related to application launch.
4. It includes improved log export capabilities for a better user experience.
5. The "Minimum TLS version" setting was replaced with "Enforce TLS 1.3" for an improved user experience.
6. The "Allow Compression" setting was removed from the application.
7. The File Browser Screen was replaced with a system file browser for an improved user experience.

Note: The app no longer supports Android 8(8.1).

How do I get started with the updated Connect app for Android?

Simply update to the latest version (3.4.0).

If you would like to take advantage of the new “Security Level” settings — and select the kinds of cryptographic algorithms that are acceptable for your connections — follow these steps:

1. Menu > Settings > Advanced Settings
2. Select one of the three Security Level settings: Preferred, Legacy, or Insecure.

Recommended Reading: Now Available — OpenVPN Connect for macOS With Updates to Core Libraries

Get started today with OpenVPN Connect 3.4.0 for Android

Ready to take your business to the next level with CloudConnexa or Access Server? Work from anywhere and from any device with confidence. Create an account today for three free connections with CloudConnexa or two free connections with Access Server.

Below, we’ve compiled everything you need to know about the VPN vulnerabilities and exposures that threat actors used to target secure remote access and VPN users in January 2024. 

If you’ve experienced an attack due to a zero-day vulnerability, it is critical to secure your network and assets as quickly as possible. OpenVPN can help — watch our webinar replay to find out how to secure your hybrid workforce. 

Common Vulnerabilities and Exposures exploited by threat actors in January 2024

1. Ivanti Connect Secure (VPN) and Ivanti Policy Secure Gateways: Multiple Targeted Vulnerabilities 

What: In early January, Ivanti alerted customers of two zero-day vulnerabilities, in their corporate VPN product, formerly known as Pulse Connect Secure. CVE-2023-46805 and CVE-2024-21887 allow unauthorized command-injection attacks, exposing the systems to (unauthenticated) attackers. 

Essentially, these two vulnerabilities together allow an authenticated administrator to send crafted requests to execute code on affected appliances, bypassing authentication. 

Additionally, during the investigation of the prior two flaws, two more zero-day vulnerabilities were discovered. On January 31, Ivanti disclosed a privilege escalation vulnerability (CVE-2024-21888) and a server-side request forgery in the SAML component (CVE-2024-21893). 

The following Ivanti products contain (at the time of this posting) a server-side request forgery (SSRF) vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication: 

• Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure)
• Ivanti Policy Secure
• Ivanti Neurons 

According to initial reports, these vulnerabilities were targeted by an espionage-focused threat group in order to spread malware, as well as post-exploitation tools like PySoxy (tunneling proxy) and BusyBox.

In other words, this vulnerability is the equivalent of hackers walking in through an unlocked front door and dropping bugs and stink bombs all over your digital house.  

Who is impacted: Sources report that as many as 1,700 - 2,100 devices have been compromised from the first two reported vulnerabilities as of January 18. Further, nearly 20,000 vulnerable instances of the various Ivanti products have been identified as publicly exposed. 

These cybersecurity vulnerabilities impact anyone who uses Ivanti’s corporate VPN product, Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons. This includes small and midsize businesses who may not feel their data is at risk. 

If you use the previously mentioned Ivanti products as part of a suite of products in their platform, you may be at an increased risk of a data breach, malware, or other attack.  

Government and/or vendor recommendations: The US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to all government agencies to disconnect the impacted Ivanti products from their networks by end of Friday, February 2. The directive also requires agencies perform additional forensic analysis and clean-up steps in case they’ve already been compromised. CISA is also directing agencies who use Ivanti products to export their configuration, and rebuild the affected devices (performing a factory reset, updating firmware, importing the configuration back) to remove the previously applied mitigation xml file.

For Ivanti customers who are not affiliated with the US government, including small and midsize businesses, it is recommended to apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Despite Ivanti’s previous plan for a “staggered patch,” the company is now advising their customers to “factory reset their appliance before applying the patch to prevent the threat actor from gaining upgrade persistence in your environment.”

2. Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability and Buffer Overflow Vulnerability

What: On January 17, the Citrix NetScaler Gateway corporate secure remote access (VPN), Identity and Access Management (IdAM), and SSO products were found to contain a code injection vulnerability (CVE-2023-6548).

The code injection vulnerability in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on the Management Interface. Successful exploitation of this issue could lead to remote code execution (RCE) through the Management Interface.

Additionally, Citrix NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway contain a buffer overflow vulnerability (CVE-2023-6549) that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. Successful exploitation of this issue could lead to a denial of service attack. 

It’s a bit like falling asleep with your door open – you don’t know who, or what, is hiding and compromising your network. 

Who is impacted: Citrix customers who use the customer-managed NetScaler ADC and NetScaler Gateway products are impacted. It is unknown how many users were impacted at this time. Customers using Citrix-managed cloud services or Citrix-managed Adaptive Authentication do not need to take any action. 

If you use the previously mentioned Citrix products as part of a platform suite, you may be at an increased security risk until patched. 

Government and/or vendor recommendations: NetScaler has advised all customers of their self-managed products to perform the provided updates as soon as possible. Businesses of all sizes are urged to monitor for potential breaches and be aware that a breach or attack still may occur. 

Tips to improve your security posture 

If your security has been compromised in one of the vulnerabilities above, especially in a zero-day vulnerability, it’s critical to make sure your customer data is secure. A few steps you can take include: 

• Implement the tenets of zero trust to help thwart ransomware attacks, thereby enforcing multi-factor authentication and limiting access to internal systems. 
• Deploy ZTNA essentials for web applications and all TCP/IP application protocols. 
• Utilize an Intrusion Detection System and Intrusion Prevention System, or IDS/IPS, which are invaluable, readily available network security tools for mitigating malicious traffic and suspicious activity. 
• Use network segmentation to thwart DoS attacks and limit the spread of an attack.
• Monitor third-party audits when available for cybersecurity tools in your tech stack. 

Protect your network with OpenVPN

Ready to take the next step in improving your security posture before a breach can happen? Download OpenVPN’s award-winning CloudConnexa or Access Server for free and improve your security posture in under 20 minutes. Get started with free connections today.

Not ready to take the leap? We get it, it’s a big decision. Check out our other recent posts to stay up-to-date on the latest security news, trends, insights, and best practices. 

In our last installment of our series, we discussed how MSPs can get client buy-in for Zero Trust Network Access (ZTNA). Now that your clients are on board, it’s important to follow a few best practices to keep them on the right track. 

ZTNA overview 

To recap: ZTNA is a method that can mitigate the growing risk all organizations face through the concept “never trust, always verify.” This applies to devices and people. This architecture can prevent breaches and minimize human error — which might be why 47% of surveyed IT professionals are looking to apply ZTNA to their end-user experience, and soon. 

Zero trust isn’t a solution you simply buy out-of-the-box, or off-the-shelf from a vendor. It is a powerful security architecture that focuses on continuous verification and precise, context-specific access control so your customers can get the advantage of context-specific, least privilege access to distributed applications. This becomes increasingly important in multi-cloud environments where you may have microservices-based applications living in multiple places. 

Recommended Reading: Zero Trust With OpenVPN Protocol for Network Access = Our ZTNA-Capable Solutions

5 key strategies for MSPs when implementing ZTNA for clients

While larger enterprises were typically seen as early adopters of ZTNA, the benefits stand for all sizes of businesses across all industries, including small businesses. As you evaluate implementing a ZTNA framework for your clients, remember these six best practices to help guide your customers.

1. Help your clients market the zero trust mindset internally

ZTNA requires a shift in mindset – both for you as the MSP and for the client and their employees. 

That means helping clients create an internal marketing campaign to shift the mindset to adopt the "never trust, always verify" approach, which can be especially tricky in a small business where team members share devices or credentials. Zero trust means that every individual user and device must prove their identity and be authorized before accessing an organization’s applications, data, services, and other resources – even if it is from a company-issued device. 

You’ll need to help your clients reframe this in a positive way — after all, the ‘zero’ trust doesn’t refer to not their team as people, but rather to the authentication process. It’s about keeping bad actors at bay and mitigating the ever-present and ever-growing risk of cybercrime. Create collateral for clients to use internally to help their teams understand the reason why, regardless of the user's location or network, authentication should be established on a per-request basis. For example, you can share the OpenVPN ZTNA whitepaper to help their employees understand the why behind the initiative. 

2. Help clients adopt multi-factor authentication (MFA)

Part of requiring authentication every time means including Multi-Factor Authentication (MFA). As you already know, MFA adds an extra layer of protection by requiring users to provide multiple forms of identification before accessing resources. This means combining different factors like passwords, fingerprints, SMS codes, or mobile apps to verify identity. Implementing MFA is one of the simplest, and quickest ways to enforce a ZTNA architecture, as it will significantly reduce the risk of unauthorized access.

Your clients may be resistant to using MFA, as it can seem time consuming to set up and enforce. You’ll need to make sure your clients are aware that the goal of MFA is to prevent access to internal secure networks, should bad actors capture login credentials somehow. You’ll also need to make sure that you help your clients choose and configure an MFA method or SSO solution that is compatible with your secure remote access tool, like OpenVPN. For example, you can use SAML with OpenVPN, among other options.  

3. Implement micro-segmentation 

Getting your clients set up with ZTNA takes a little bit more than making sure they understand the mindset and have MFA in place. You’ll need to spend some time setting up micro-segmentation and split tunneling depending on your clients’ specific business needs and network usage. 

Micro-segmentation involves dividing your network into smaller, isolated segments to contain potential security breaches. This means creating virtual barriers within your client’s network; also giving you the ability to define application-level security controls. With micro-segmentation set up, even if attackers manage to gain access to one segment of your network, they’ll have a tough time accessing the remaining parts of your infrastructure – thereby preventing lateral movement. 

This will lower your risk of someone making a successful attack on your clients, period — they become a less attractive target if attackers know they’ll have to jump through hoops every step of the way. In short: micro-segmentation increases control of your security and limits the impact of potential breaches, safeguarding your network.

4. Utilize least privilege access

It’s important to minimize the level of access of each user in any given clients’ network — and this applies not only to your team, but to your client’s team and to applications and IoT devices. They, and you, should only have the level of access necessary to complete approved tasks. 

This idea is a fundamental principle of ZTNA, and it minimizes the risk of unauthorized actions. This process also reduces the potential damage caused by compromised accounts — so even if hackers manage to find a way to log in with your user’s password and get through the MFA process, they’ll still only have access to a minimal segment of your network. To maintain this, you’ll need to make sure to regularly review access privileges with your clients and promptly revoke unnecessary permissions as the need to do so arises. One way you can do this is to set up a quarterly check-in with your clients to ensure all access levels are up-to-date. 

5. Keep customer applications private

Protecting against unauthorized access is one of the main goals of ZTNA – and one way to keep your customers safe from unauthorized access is by keeping their applications hidden or inaccessible from the internet. But how do you do that?

Keep your own and customers' applications on a private network so that they cannot be discovered over the internet, and only use a ZTNA solution that can provide secure identity-aware access to these private applications by using encrypted tunnels over the internet. Note that even though some ZTNA solutions will use VPN technologies to create a tunnel to access the private network, it should not equate to network-level access where the connected device has access to all the applications on the private network. In keeping with the ZTNA principles, micro-segmentation, access control, and other technologies should be used to provide users with least-privilege access.

Your clients’ ZTNA initiatives start with you 

As an MSP, you know ZTNA is important and getting your clients set up for success with ZTNA in the long run starts with you – otherwise you wouldn’t be here. You also likely know that ZTNA is not one single tool, but that doesn’t mean it needs to be overly complex. When you’re managing several clients at once and implementing ZTNA essentials, simplicity is key. 

OpenVPN’s secure remote access solutions allow you to manage all of your customers from one portal without sacrificing security for each individual client. Become an OpenVPN partner and you’ll have access to CloudConnexa® and Access Server with features that align with all five of the best practices listed above. Manage access, enforce MFA, encrypt and monitor your data — all from a cloud-based private network hosted by one of the most trusted names in network security. 

Sign up to be an OpenVPN partner today and you’ll get 50% margins on your first three customers. If you’re already an OpenVPN partner, we’re glad you’re here! Check out our partner resources to get more out of your partnership. 

When it comes to achieving zero trust network access (ZTNA), there are many different architectures to choose from for your business’s solution. Today, we’ll discuss several in more detail to help you make the most informed choice possible.

Popular ZTNA Solutions

One option is to place an identity-aware proxy (IAP) in front of web applications. When a user tries to access an application, IAP will authenticate the user and then enforce access control based on the user's identity. This helps to ensure that only authorized users can access applications, even if they are connecting from untrusted networks. 

Another approach is called software-defined perimeter (SDP). An SDP is a security architecture that uses micro-segmentation and identity-based access control to grant access to resources.

Cloud Connexa provides a unique approach to zero trust network access by instantly creating an isolated virtual network for a business that can be accessed by connecting to one of its 30+ worldwide points of presence. Application servers and other networks can connect to Cloud Connexa to make their applications part of the overlay network. These applications cannot be discovered because they are isolated from the internet. 

Only authorized and trusted devices can connect to the network, and identity-based policies control access to the needed applications. Cloud Connexa routes traffic to the applications using advanced technologies based on application domain names. These technologies cloak the private IP addresses of the application server or the network and do not use IP address routes. Thus, micro-segmentation is automatically applied per application, and there is no risk of lateral movement.

5 Questions to Ask Before Choosing an Approach to ZTNA

While assessing different ZTNA solutions, it is important to check that the solution architecture meets all the needs of your business as you do not want to increase operational complexity by introducing multiple solutions. 

Most businesses will start using the ZTNA strategy by first applying it to a specific use case. It is important to consider, at an early stage, whether the chosen ZTNA solution can extend beyond that initial use case and can accommodate various current needs while aiding in transitioning to the future state of full ZTNA implementation. Not all ZTNA architectures and approaches are alike, and each has its advantages and disadvantages. 

Before choosing that first use case to pilot a ZTNA solution, ask yourself the following five questions:

1. What are the different types of private applications that need access?

Depending on the type of business and the number of years you have been in business, you could have a myriad of application types in your IT environment. These could range from legacy mainframe applications to the latest Web3 applications — and everything in between. 

Ask whether the ZTNA solution you’re considering can handle all the application types that you eventually plan to transition to the zero trust framework. Some ZTNA approaches, like IAP, may work well for web applications but may offer limited support for other application types. 

Choosing an approach, such as Cloud Connexa, that provides complete support for any application protocol that uses TCP or UDP over IP might be the better choice to support client-based (for example, RDP) and web-based applications now and in the future.  

2. Do any of your private applications require the server to initiate communication with the client?

Pay special attention to the requirement an application may have in terms of sending unsolicited traffic to the application client to be able to carry out some application functions. For example, it could be a request from a device management application server to a target device for applying a software patch, erasing data, etc. 

Most ZTNA solutions are built on the premise that the device or application client will always initiate traffic to the application server; most solutions do not account for any cases in which the application server needs to be the one to initiate traffic. 

Some SDP solutions even go as far as only opening up a communication path between the client and the application when the device sends a special type of authorization packet. Choose an approach, such as CloudConnexa, that makes server-initiated communication possible if you have such applications in your environment.

3. Will the ZTNA solution work with IoT applications?

Should you consider IoT as part of your zero trust approach? Given the lax attitude that some IoT vendors have towards security, it would be a mistake not to. These IoT devices are an entry point to your IT infrastructure and constitute a portion of your overall attack surface. If you decide to include IoT applications in the scope of ZTNA, check that the ZTNA solution can support these devices or — better yet — handle unattended access to applications.

4. Should the ZTNA solution facilitate internet policy enforcement?

Most ZTNA solutions concern themselves with access to private applications, but should access to the internet and internet applications be included in the scope of ZTNA? Given the prevalence of SaaS business apps, can your ZTNA solution provide another layer of security and augment your defense-in-depth strategy? 

A versatile ZTNA solution can bring internet access into the purview of the zero trust framework. For example, here are some of the things Cloud Connexa can achieve in terms of policies around internet access and applications:

• It can provide traffic destined to configured SaaS domains with a local egress source IP address by steering just that traffic to the egress network. This IP address can then be configured as a trusted source IP address for SaaS login restrictions, even though the traffic is being generated by users in various geographies, adding another layer of protection for SaaS usage.
• It can completely restrict access to the internet except to trusted internet applications. This can effectively lock down dedicated devices like Point of Sale (PoS) systems and kiosks from misuse.

5. Can the solution provide for secure communications within or across data centers?

Should you expect your ZTNA solution to cover use cases beyond user access to applications? Consider whether the same ZTNA solution could be used to provide access — and policies around access — to applications from one site to another. For example, can all the computers in a data center get access to only authorized applications hosted in another data center?

Another use case could be providing identity to and enforcing policy around API communications between various servers collaborating with each other to provide a service in the same data center (or private network). One example of this might be a zero trust policy in which access is given to a group of servers, identified as application servers for a particular application, to communicate with a database server.

Thinking Long-Term About ZTNA Solutions

We hope that these questions inspire you to think holistically about all your ZTNA needs. Remember, when testing out a new ZTNA solution, it’s important to look well beyond that pilot use case that seems to be a perfect fit for your current needs. If you plan to introduce a new solution, look for a versatile approach to ZTNA that can fit your needs now and in the near future.

Get Started Today

OpenVPN® is the market-proven leader in secure virtualized networking. Our cloud-based platform enables organizations to maintain secure communication between their distributed workforce, IoT/IIoT devices, and the online services they rely on daily. Built on the market-proven OpenVPN protocol, the solution combines advanced network security, encrypted remote access, and content filtering into a virtualized secure network that provides the best of VPN and ZTNA security.

With over 60 million downloads of our core open-source software and over 20,000 commercial customers, OpenVPN is recognized as a global leader in secure networking.

Ready to take your business to the next level with Cloud Connexa? Work from anywhere and from any device with confidence. Create an account today for three free connections and the secure network connectivity your business needs.

CloudConnexa is now CloudConnexa® — learn more here.

Do you have an old smartphone lying around? Don't recycle it or trade it in for a new one for a paltry sum! You can turn it into an Internet Protocol streaming security camera (IP camera) and view the live video stream from anywhere for free. You may get more value from repurposing your smartphone as a security camera than the trade-in value of your old phone. This blog post provides a step-by-step guide to upcycling your old phone.

Components of the Solution

There are three main components involved in converting your smartphone into an IP streaming security camera that can be accessed securely from anywhere. They are:

1. Smartphone

The Android or iOS phone provides the camera, operating system, and computing resources to run the streaming application.

2. Streaming application

You’ll need an application on the smartphone that functions as a Real Time Streaming Protocol (RTSP) server to capture the video feed from the smartphone’s camera, convert it to a video stream, and serve that stream to connected devices on the internet. (For those who may not know, RTSP is a protocol used to stream live video and audio over the internet.)

3. Secure network connectivity service

Your smartphone is connected to your home WiFi network. This network cannot be directly accessed from the internet. We need the means to securely and easily connect to the RTSP server running on the smartphone. This is where our service, Cloud Connexa, comes in. 

The smartphone creates an always-on secure tunnel to one of the 30+ Cloud Connexa locations worldwide. Cloud Connexa facilitates authentication, secure connectivity, and routing so that you can view the live stream on a device from anywhere. In order to make connections to Cloud Connexa, the smartphone and the device used to view the video stream need to be running our Connect Client software. When the client runs on a device and provides access to applications by creating an unattended always-on connection, that device is called a Connector. 

The illustration below shows the smartphone connected to a location in the NY/NJ area while you are connected from a hotel to a Cloud Connexa location in the Los Angeles area. 

Turn Your Old Phone Into a Security Camera: A Step-by-Step Guide

Here we go! Follow these steps to breathe new life into your smartphone.

Step 1: Install an RTSP server on your smartphone.

Search the app store on your smartphone using “RTSP server” as the search query. Chances are you will find a few free and paid apps. For my iPhone 6 iOS version 12.5.6, I used the free version of Periscope HD. For Android, the RTSP Camera Server Pro app may serve the same purpose.

Step 2: Check that you can connect to the stream.

Before you try to access the video stream from outside your WiFi network, check that it works when you are connected to the same WiFi network as your smartphone. To view the video stream, you need a video player that understands RTSP and the URL being used by your smartphone to serve the video stream. 

To find the RTSP URL on the Periscope HD app, select Settings . On the RTSP Camera Server Pro app, the URL is displayed right on the screen. The URL you see should be something like this: rtsp://192.168.1.161:8554/live.sdp.

While there are many free RTSP players, the VLC media player is one of the best ones out there. Install the VLC media player on the device that you want to watch the video stream on. Once installed, follow the steps below to watch the live stream:

1. Open VLC media player, and navigate to Media > Open Network Stream.
2. Enter your RTSP URL into the open field.
3. Press Play.

Voila! You should be able to see the view from your smartphone’s camera. Now that this works, follow the other steps to watch the video stream from anywhere, any time — not just when you are connected to your home WiFi network.

Step 3: Sign up for CloudConnexa at openvpn.net.

Cloud Connexa has a pricing plan that comes with three free connections; no credit card is required to sign up. So go ahead. Sign up, and create your Wide-area Private Cloud (WPC) today. 

Step 4: Configure the streaming camera as a Host.

You have now converted your smartphone to a server (RTSP server) that needs to be accessed securely from the internet. Next, we need to connect this server to the Cloud Connexa WPC as a Host. 

To do  this, log in to the administration portal, and add a Host. Provide it with a name and a domain name (camera.home.local). Select one of the Regions closest to your home for the Connector. Select Other for the Connector type during deployment, and then click Next  until the setup wizard finishes. 

Now, go to the Connector tab of the configured Host, and download the profile in .ovpn format from the Deploy options. Save the .ovpn profile file, and transfer it to your smartphone. 

For visual guidance, take a look at this tutorial.

Step 5: Install the Connect app, and import the Host connection profile.

Install the Connect app on your smartphone, import the Connector profile from the prior step, and connect. Now, your RTSP server is part of your WPC and can be accessed from any other device that is connected to your WPC.

Step 6: Restrict internet access from your smartphone.

To tighten security and ensure that the smartphone is not sending any unauthorized traffic to the internet, set the internet access for the Host to restricted internet. Now, you can be assured that no app is sneakily sending your video feed or other data to any unknown servers on the internet.

Step 7: Install the Connect app on the viewing device.

Install the Connect app on the device one which you previously installed the RTSP viewer (VLC media player). Import the profile by choosing a Cloud Connexa location near you, and connect. (You’ll find these steps in the Administration portal under Documentation > Get Connected).

To access the smartphone using the WPC, you will need to change the RTSP URL by replacing the IP address with the domain name configured for the Host (camera.home.local). For example, rtsp://192.168.1.161:8554/live.sdp will become rtsp://camera.home.local:8554/live.sdp. 

Add a new Network stream, with the RTSP URL that uses the domain name, to your VLC media player, and you should be able to view the live video being streamed from your smartphone. 

Congrats! All that’s left to do now is boast about your resourcefulness at your next cocktail party. 

Advantages of Using CloudConnexa

1. You now have a secure means to access your video stream without having to use a public static IP address, mess around with firewall settings, and expose your home network to the public internet.
2. There is no third party involved; no one else has to access your video before making it available to you. You don’t need to subscribe to a service just to watch your live video stream.
3. Locking down your smartphone to stop all internet traffic generated by your smartphone ensures that your smartphone acts as a true dedicated IP camera. The only people viewing your video are you and other authorized users. 
4. Enjoy convenient access to your server with a domain name. It doesn’t matter whether you power cycle your phone or connect it to a different WiFi network.You can always access the live stream with the configured domain name.
5. There is no need to set up a DMZ (demilitarized zone) on your home router to allow incoming connections to the smartphone. The smartphone makes an outbound connection to your WPC. 
6. You are in control of providing secure access to your new streaming IP camera. You can add as many users to Cloud Connexa as you like. Cloud Connexa plans are based on simultaneous connections, so as long as no more than two of your users connect to Cloud Connexa at the same time, the free plan will prove adequate.
7. As a bonus, whenever you are connected to Cloud Connexa, you can protect yourself from malware, phishing, and other cyber threats by turning ON Cyber Shield Domain Filtering.

Get Started Today

OpenVPN® is the market-proven leader in secure virtualized networking. Our cloud-based platform enables organizations to maintain secure communication between their distributed workforce, IoT/IIoT devices, and the online services they rely on daily. Built on the market-proven OpenVPN protocol, the solution combines advanced network security, encrypted remote access, and content filtering into a virtualized secure network that provides the best of VPN and ZTNA security.

With over 60 million downloads of our core open-source software and over 20,000 commercial customers, OpenVPN is recognized as a global leader in secure networking.

Ready to take your business to the next level with Cloud Connexa? Work from anywhere and from any device with confidence. Create an account today for three free connections and the secure network connectivity your business needs.

Operational technology (OT) doesn’t get a lot of airtime in the cybersecurity industry. But cyberattacks targeting these systems have the potential to cause havoc with the critical national infrastructure (CNI) that relies on them to operate. 

Unfortunately, a new report highlights that many OT devices are “insecure by design.” It found 56 bugs in products from 10 vendors, some of which are rated critical. Until manufacturers start building more secure OT products, the organizations running them should familiarize themselves with the threat landscape, security solutions, and best practice mitigations (e.g., network segmentation, correct firewall configuration, secure remote access, access control).

What is Icefall?

The report in question collectively named the vulnerabilities “OT:Icefall.” It said they impacted 324 of its customers globally, although the real figure will be much higher. The products are popular in sectors such as oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining, and building automation. They include programmable logic controllers (PLCs), supervisory control and data acquisition (SCADA) systems, building controllers, and other key bits of software used in industrial environments.

Thanks to digital transformation initiatives across CNI sectors, OT environments are now typically connected to the internet, and this connectivity means anyone could theoretically attack them remotely and cause outages. That’s a big risk, especially when the quality of security controls and engineering in such systems is often lagging. It’s even less comfort to know that some of the industry’ biggest names were among those found to be running vulnerable products: Bently Nevada, Emerson, Honeywell, JTEKT, Motorola, Omron, Phoenix Contact, Siemens, and Yokogawa.

Good to Know: In the high profile Colonial Pipeline ransomware attack threat actors used a leaked password found on the dark web to trigger the shutdown of Colonial's operational technology (OT) systems and 5,550 miles of pipe. This incident highlights the need for cybersecurity threat awareness, a robust security posture, and an incident response plan.

Where are the problem areas of OT security?

According to the report, there were four key categories of vulnerability:

• Insecure engineering protocols.
• Weak cryptography or broken authentication schemes.
• Insecure firmware updates.
• Remote code execution (RCE) via native functionality.

It said the impact of each bug will vary depending on the functionality of the device it is found in. However, the most common types enable attackers to compromise credentials (38%), either because they’re stored or transmitted insecurely.

Rounding out the top five are:

• Firmware manipulation (21%), whereby attackers can tamper with systems due to insufficient authentication or integrity checks. 
• Remote code execution (14%) allowing an attacker to execute arbitrary code on the impacted device, usually via a firmware update.
• Configuration manipulation (8%) which again stems from a lack of adequate authentication/authorization or integrity checking.
• Denial of service (8%), where attackers are able to take a device completely offline or block access. 

Recommended Reading: ICS security is a major segment within the operational technology sector. It comprises systems that are used to monitor and control industrial processes. Click through to learn How To Close the Internet of Things (IoT) Security Gaps In Your Industrial Control System (ICS) Networks.

Why is OT so insecure?

For many years, OT software benefitted from the concept of “security by obscurity.” It was thought that because there were so many siloed and specialized systems from different manufacturers, often air-gapped from the internet, that it was not worth the effort for hackers to try and compromise them. However, the ROI of attacks is changing. As mentioned, these systems are now more often than not internet-connected, making them more accessible. They might also contain more standardized components, further simplifying the process of researching attacks. And bad actors can benefit from the increasing volume of security research and threat intelligence available online.

The problem is that OT manufacturers don’t seem to have caught up to this new reality. Instead of building security in from the design phase on, they’re allowing dangerous vulnerabilities to make it through to production. One of the bugs highlighted by the report gets a massive 9.8 CVSS score.

The report’s authors also revealed that most (74%) of the vulnerable products they found had received some form of security certification. That’s despite the fact that the majority of the issues it uncovered should have been found relatively quickly during “in-depth vulnerability discovery.” Something is clearly going wrong somewhere. Many of these issues were also not officially assigned CVE numbers, making it difficult for asset owners to conduct effective risk management. These are all industry-wide challenges which could take a long time to fix, if at all.

Recommended Reading: Is some, or all, of your job overseeing an OT network? Has IT/OT convergence expanded your responsibilities to both IT networks and OT? See how CloudConnexa helps you establish reliable OT secure networking here.

A real-world impact

Yet there is an urgency that progress is made. Why? Because such vulnerabilities have already been exploited to devastating effect, in attacks designed to sabotage industrial equipment and processes. These include:

• Industroyer: A Russian state-backed destructive malware attack which caused power blackouts in Ukraine in 2016.
• Triton: Another destructive attack, targeted against a Saudi petrochemical plant in 2017.
• Industroyer 2: A second iteration of the malware used in the current war, against Ukrainian energy assets.

The report warned that offensive capabilities leveraging weaknesses in OT software could be more feasible than thought today. It said OT-focused malware “could be developed by a small but skilled team at a reasonable cost.”

Recommended Reading: Industry 4.0 is powered by OT and IIoT devices. Learn more about mitigating cyber threats and vulnerabilities in the Industry 4.0 Age in Cybersecurity for Manufacturing Industry Regulatory Compliance.

Mitigating the threat today

The change needed to address the OT threat will require vendors to build better vulnerability management programs and address new vulnerabilities and security issues earlier on in their development pipelines. But customers of OT products don’t have the luxury of time, as the above attacks show. In the meantime, they can take steps to reduce the potential impact of attacks by following some industry best practices, including:

• Compiling comprehensive asset inventories and scanning for vulnerable devices. 
• Prompt patching of vulnerabilities. 
• Segmentation of networks to isolate at-risk devices, especially ones that can’t be patched.
• Monitoring all network traffic for malicious packets, and blocking any suspicious or anomalous traffic.

OT systems run the world. It’s time we address the expanded attack surface and security risks that come with them.

The manufacturing industry's embrace of the Internet of Things (IoT) has changed our world in countless ways — not the least of which is that it resulted in Industry 4.0. More than 250 years since the First Industrial Revolution moved from hand production methods to machines powered by steam and water power, Industry 4.0 converges new technologies such as artificial intelligence (AI), cloud computing, robotics, 3D printing, the Internet of Things, and advanced wireless technologies.

The smart factory is at the heart of Industry 4.0, also known as the Fourth Industrial Revolution (4IR). These factories infuse manufacturing technologies with automation and data exchange, including the IoT, cloud computing, and cognitive computing. The benefits of 4IR include:

• Improved productivity and efficiency.
• Better agility and flexibility.
• Increased profitability and ROI. 
• Improved customer experiences. 

Manufacturing's digital transformation created new cyber threats, too. The extended network of connected devices — robotics, sensors, 3D printers, AI, machine learning, augmented reality (AR) — has vulnerabilities that didn’t exist on the traditional factory floor. 

According to the 2021 Manufacturing Cybersecurity Threat Index, released in June 2021, one out of every five U.S. and U.K. manufacturing companies were victims of cyber crime in the previous 12 months. Almost a quarter (24%) of those reported weekly cyberattacks, making manufacturing one of the most attacked industries since the pandemic started. 

Now, as the manufacturing sector attempts to overcome supply chain issues caused by the pandemic, we wanted to explore the cybersecurity risks faced and how manufacturing organizations can address security issues that come with new technologies.

Manufacturing Cybersecurity Threats and Impact

Intellectual property (IP) and industrial control systems are the primary targets of cybercriminals. The National Institute of Standards and Technology (NIST), a division of the U.S. Department of Commerce, reports that small and medium-sized manufacturers (SMMs) are especially susceptible to cybercrime. This is because SMMs tend to have fewer mitigation and incident response plans in place, and hackers know it. They also know these manufacturers are more likely to pay ransoms to recover IP and avoid downtime. Additional issues, beyond ransomware payouts and downtime, include:

• Information and information technology systems damage. 
• Penalties and fines from regulators as well as legal fees.
• Reduced productivity.
• Information and IP loss.
• Customer relationship damage, or even customer loss.
• Reduced ability to get loans due to impacted credit.
• Income loss.

One preferred tactic of cybercriminals is ransomware attacks. A survey of Managed Service Providers (MSPs) found that Manufacturing, along with Construction, are the industries most targeted by ransomware. The same report cites ransomware as the single biggest threat to SMBs, hitting 1 in 5. And the average payment for ransomware increased 13% — to $41,198 — from Q2 2019 to Q3 2019. 

Phishing emails are one of the most common ways cybercriminals gain network access. The Q3 2021 Anti-Phishing Working Group (APWG) Phishing Activity Trends Report found that:

• July’s 260,642 total phishing attacks was the highest in the organization’s reporting history.
• The number of phishing attacks doubled from early 2020.
• SaaS webmail was the most frequent target at 29.1% of all attacks.
• Financial institutions and payment companies accounted for 34.9% of all attacks.
• 700 brands were attacked monthly in 2021, up from 400 monthly.

All of these numbers are cause for concern, but there are cybersecurity standards and technology SMMs can use to mitigate both phishing and ransomware. 

Using CloudConnexa and the NIST Cybersecurity Framework for Manufacturing Cybersecurity

The NIST Cybersecurity Framework outlines five straightforward steps small and medium-sized manufacturers can take to protect their IP and operational technology from cybercrime:

• Identify
• Protect
• Detect
• Respond
• Recover

This diagram explains what each step involves:

CloudConnexa makes it easy for SMMs to quickly deploy robust, reliable network security that mitigates phishing attacks and other threats. 

Phishing typically starts with an email that tricks a user into visiting what appears to be a safe website. If the user enters their login credentials on the phishing site, they’ve compromised their username and password. That site is where the login credentials or other personal data (like financial information) are obtained. OpenVPN Cloud with Cyber Shield, a built-in content filtering feature, helps curtail phishing attacks efficiently and effectively. 

CloudConnexa also protects against data loss and IT infrastructure damage by giving network administrator(s) the ability to require MFA — a security measure that requires users to provide multiple forms of identity verification to access their account — without making secure access overly difficult for employees. This is especially useful with the growth of remote work.

SMMs need the ability to evolve their cybersecurity initiatives to stay ahead of threats. One way to do this is by building a baseline using reporting. The Traffic Reporting and Dashboards included with Cyber Shield delivers detailed statistics on traffic threats (malware, intrusion, DOS) as well as the device of origin.

OpenVPN is on a mission to make cloud-based cybersecurity accessible to manufacturers of all sizes. And we don’t just make it easy to get started — we also make it free. Activate your account today to see how you can quickly, easily connect private networks, devices, and servers to build a secure, virtualized modern network that meets the demands of Industry 4.0 Manufacturing.

Fortunately, Intrusion Detection Systems and Intrusion Prevention Systems — or IDS/IPS — are invaluable, readily available network security tools for mitigating malicious traffic and suspicious activity. And the benefits of IDS/IPS aren’t limited to vulnerabilities associated with 5G. Read on for a look at how your business can make an Intrusion Detection System and Intrusion Prevention System part of your security management.

What is IDS/IPS? (And What’s the Difference Between the Two?)

First things first: IDS and IPS are actually two different things. Intrusion Detection Systems analyze network traffic to identify signatures matching known cyberattacks. Intrusion Prevention Systems analyze packets, too, but they go a step further by stopping packet delivery based on attack type.

The result? Attack thwarted!

How Do Intrusion Detection Systems and Intrusion Prevention Systems Work?

Intrusion Detection Systems can be hosted at the network level or host level and detect anomalies that identify bad actors before a network is damaged. They do this by trying to match known attack signatures to the traffic being monitored and trying to identify deviations to normal activity. This process allows the IDS to proactively detect DoS attacks and other threats. 

Host-based intrusion detection systems are installed on a client computer, while a network-based IDS operates on the network. A network IDS can be deployed as a software application to run on hardware — either a server or a network security appliance — but cloud-based IDS is increasingly popular for its ease-of-use.

The addition of Security Information And Event Management (SIEM) software to an IDS enables network administrators — often part of a company’s Security Operations Center (SOC) — to identify attacks before or as they occur, allowing for faster response times.

And how does an IPS work? IPS solutions, like IDS systems, monitor network traffic for policy violations, malicious activity, and other threats. An IPS has additional threat management value because it also responds to, and stops, threats in real time. Like IDS, IPS can be network-based or host-based. IPS, unlike IDS, can be configured with policy-based rules and “if-then” actions to take when an anomaly is detected. 

Are There Different Types of IDS and IPS?

Intrusion detection systems are distinguished by the detection methods they employ to identify security threats. The most common IDS types are:

• Network Intrusion Detection System (NIDS): As the name suggests, an NIDS is deployed on a network to monitor inbound and outbound traffic from all endpoints, then alert security personnel when an attack is identified.
• Host Intrusion Detection System (HIDS): An HIDS is installed on all devices with access to the internet and a company’s network.
• Signature-based Intrusion Detection System (SIDS): This type of IDS analyzes all network packets and compares them against an extensive database of known attack signatures or malicious threat features.   
• Anomaly-based Intrusion Detection System (AIDS): Similar to SIDS, but also an improvement on SIDS, an AIDS tracks network traffic and compares it to a baseline. The baseline, often established via machine learning, allows the IDS to identify traffic as normal or abnormal in terms of bandwidth, protocols, ports, and other devices across the entire network. Suspicious activity, or activity that violates security policies, is sent to network security teams for further action. 

There are a few types of intrusion prevention systems, too, the most popular being:

• Network-based Intrusion Prevention Systems (NIPS): Functionality similar to a stateful firewall that analyzes incoming traffic looking for potential risks and automatically drops packets when an attack is discovered.
• Wireless Intrusion Prevention Systems (WIPS): Analyze wireless networking protocols to detect potential malicious activity on a wireless network.  
• Network Behavior Analysis (NBA): Guard against threats using unusual traffic flows (e.g., DDoS, malware, policy violations). 
• Host-based Intrusion Prevention System (HIPS): An inline software package, operating on a single host, that scans the host for threats.

Do You Need Both IDS and IPS?

The natural follow up question many people have is: Do you need both intrusion detection and prevention systems? 

An IDS passively monitors a network for threats, and an IPS actively stops threats. Ideally you want to stop threats; not just identify them. Then why would anyone choose to use an IDS without an IPS? According to OWASP, the primary reason some organizations opt for IDS rather than IPS is that, “... in the event of a false positive (normal activity mistakenly identified as an attack), an IPS will actively stop the normal activity which is likely to negatively impact business functions.” Obviously false positives can be inconvenient, but as OWASP points out, “... with the right amount of overhead, false positives can be successfully adjudicated; false negatives cannot.”

And what's a false negative? OWASP defines a false negative state as, “... the most serious and dangerous state. This is when the IDS identifies an activity as acceptable when the activity is actually an attack.”

What’s the Difference Between IPS and Next-Gen Firewall?

This is a common question as well. The answer is that the third generation of firewall technology, commonly known as next-generation firewall (NGFW), combines a traditional firewall with other network traffic filtering functions. One of those functions? An intrusion prevention system.

CloudConnexa Cyber Shield Has Built-in IDS/IPS

Are you already using OpenVPN Cloud? If so, you have IDS/IPS at your fingertips (literally). CloudConnexa includes Cyber Shield Traffic Filtering.

Not using CloudConnexa yet? Get your three free connections here. 

We looked at the different types of IDS/IPS above — so what kind is Cyber Shield? Well, it operates on a network, so it is a NIDS. And, because it uses signature and anomaly detection, it’s SIDS and AIDS, too. 

Included with CloudConnexa at no extra cost, Cyber Shield Traffic Filtering is an easy-to-use, customizable IDS/IPS feature that protects remote access with:

• Traffic Filtering feature acts as an IDS and IPS.
• IPS based on threat category or severity of threat.

Cyber Shield fortifies protection by letting network admins decide which threats to block. And because cyberthreats are continually evolving, it includes easily accessible reporting with insights that make it simple to fine-tune security measures to mitigate threats.

Built-in IDS/IPS for Effective, Efficient Intrusion Detection and Prevention: Traffic Filtering automation for reliable protection against malware and ransomware, denial of service, phishing, known threats, and vulnerabilities/exploits that may be overlooked by other security layers or solutions, and before it reaches other security controls.

Multi-pronged Threat Detection and Blocking: The Traffic Blocking feature detects and blocks network threats by category or Threat Level (Levels 1 thru 3).