Harden Debian by Hardening VPN

VPN is a common use of connections setup for remote access. However, VPN is known for notorious setup and licensing issues. This section guides you on how to harden Debian by hardening VPN server.

Identified Threats

(T-97) VPN Is Using PPTP Protocol

(T-98) VPN is Using Pure IPSec/L2TP Alone

(T-99) VPN Server Can Alters Root System

(T-100) VPN Server Uses Outdated Encryption Cipher

(T-101) VLN Server Not Using TLS

Actions Required

Use TLS

Avoid PPTP

Implement IPSec and L2TP Simultaneously

Jail VPN Server

Used Proper AEAD Encryption Cipher

Identified Threats

These are the identified threats related to Debian software.

(T-97) VPN Is Using PPTP Protocol

VPN servers may be configured to use PPTP Protocol.

(T-98) VPN is Using Pure IPSec/L2TP Alone

VPN servers can use IPSec or L2TP alone.

(T-99) VPN Server Can Alters Root System

VPN server can alter root system.

(T-100) VPN Server Uses Outdated Encryption Cipher

VPN server can be configured to use outdated cipher.

(T-101) VLN Server Not Using TLS

VPN server can be configured not to use TLS encryption.

Actions Required

Here are the list if actions to counter the issues.

Use TLS

VPN server must use TLS at all cost.

Avoid PPTP

Avoid Point-to-Point Tunneling Protocol (PPTP) at all cost. Use OpenSwan or OpenVPN instead.

Implement IPSec and L2TP Simultaneously

Those 2 protocols goes in hands-in-hands.

Jail VPN Server

Jail the VPN Server so that it does not have access to actual root system.

Used Proper AEAD Encryption Cipher

Do not roll your own crypto. Use known strong cipher like ChaCha20-Poly1305 or AES-GCM.

That's all for hardening Debian by hardening VPN.

Back to Debian Security Hardening