JustPaste.it

According to Bruneau, it is now more important than ever that companies and IT staff set up systems to capture metrics about the performance and availability of VPN services.

The ISC SANS instructor says these systems will help companies avoid downtime of mission-critical VPN services, especially now since employees work from home, and the VPN service represents the most secure way of accessing company networks and private resources.

Learn more: CCNP Security

Bruneau encourages companies to sift through logs to detect compromises of VPN accounts. Since most employees will now be using VPN systems, they are more likely to fall for phishing attacks that steal VPN account credentials.

In theory, with the proper logging in place, it should now be much easier to spot compromised accounts by looking at irregular VPN usage patterns for each enterprise user working from home.

"The activity that should be scrutinized over the coming weeks would be ports associated with VPN like OpenVPN (1194) or SSL VPN (TCP/UDP 443, IPsec/IKEv2 UDP 500/4500) with their associated logs to ensure these services are accessed by the right individuals and are not abused, exploited or compromised," Bruneau said.