S 4.319 Secure installation of VPN devices

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

A VPN can be set up as soon as the necessary components have been purchased (see S 2.419 Selection of suitable VPN products). A basic prerequisite for the secure operation of a VPN includes the careful installation and configuration of all components and that the required security functions can actually be implemented using the VPN products selected.

In addition, the security of the IT systems the VPN components are used on must be guaranteed. This applies specifically to IT systems a standard operating system has been installed on and which are operated as VPN endpoint (example: Linux system with VPN support). For this reason, it is necessary to initially implement the general security safeguards for each of these operating systems as described in the corresponding modules of the IT-Grundschutz Catalogues. There are also VPN components for which the configuration of the platform is specified by the manufacturer and cannot be changed (VPN appliances). The use of such VPN devices saves time and requires fewer expert IT personnel in contrast to a custom solution, for example for the configuration of the operating system. On the other hand, it is necessary to be familiar with the specifications of the manufacturer when using appliances.

The following items therefore must be considered within the framework of installing a VPN:

• During the installation phase, neither users nor third parties should be able to access the VPN or parts thereof. This means no connections to other networks are allowed in this phase.
• It must be ensured that all VPN components are installed by qualified personnel. This may be difficult, especially when the locations forming the network are geographically distant. For example, it is necessary to clarify whether the personnel resources for a VPN installation are also available in other countries. Even VPN endpoints on mobile IT systems, for example on the laptops of field service employees, must only be installed by qualified IT personnel.
• Installation and configuration of the VPN components must be documented. This can be done using separate installation documentation or by issuing confirmation that the installation met the planning specifications. Reasons must be provided and documented for all deviations from the specified system architecture (for example additional connections). The quality of the documentation plays an essential role in terms of the continuous improvement of the VPN.
• Every single component must be checked to ensure it functions correctly (through function tests, self-tests, or load tests).
• All current security-related patches and firmware updates must be installed before initial operation of the products to be used.
• A function test must be conducted on the security mechanisms for each security-relevant setting. For example, the encryption of the connection as well as the authentication functions used should be checked using a network analysis tool (see also S 5.76 Use a suitable tunnel protocols for VPN communication).
• Before putting the system to productive use, it must be set up in an environment that is isolated from the live network and then tested accordingly. It is also recommended to take performance measurements and run tests on the key distribution process while in the test environment. After completing the installation, the overall system must be examined to determine whether it is functioning correctly (acceptance and approval of the installation). It must be ensured for all tests performed that only the people authorised to conduct the test have access to the VPN.

Once the basic installation is complete, the configurations listed in safeguard S 4.320 Secure configuration of a VPN can be started These configurations must place the system in a secure operating state so that live operation can then be started. The instructions mentioned in safeguard S 4.321 Secure operation of a VPN are essential to the smooth operation of the VPN. The knowledge gained and corrective measures determined in the process must be adequately documented and incorporated into the detailed concept.

Example:

The following shows examples of the most important aspects to take into account when installing a VPN system. Since the exact configuration differs from manufacturer to manufacturer, the following only presents a basic framework that is by no means complete.

The following aspects must be taken into account during the installation of a remote access VPN client:

• The server functions of the VPN service must be disabled. This is accomplished by only allowing outgoing calls on all devices that can be used for remote access (e.g. modems, ISDN cards, and VPN adapters).
• Only the protocols authorised for remote access by the VPN clients should be approved.
• The parameters relating to integrity, authenticity, and confidentiality that are specified in the VPN security concept must be configured accordingly.

The following aspects should be taken into account for a remote access VPN server:

• The client functions of the VPN service must be disabled. This is accomplished by only allowing incoming calls on all devices that can be used for remote access.
• Only the protocols authorised via remote access should be approved for the VPM server.
• The parameters relating to integrity, authenticity, and confidentiality that are specified in the VPN security concept must be configured accordingly.
• Only authorised users should be allowed to dial in.

Review questions:

• If no appliance is used: Is the underlying operating system of the VPN platform configured securely?
• Are enough qualified personnel available for installation of the VPN components?
• Have the installation and configuration of the VPN components as well as any deviations from the planning specifications been documented?
• Have all current patches and updates been installed on the VPN components?
• Were the functions and security mechanisms of the VPN components tested?