We recommend that EEOC review and remediate the medium level severity vulnerabilities identified during external penetration testing by:
- Disabling IKE Aggressive Mode if supported;
- Refraining from the use of pre-shared authentication keys;
- If using a pre-shared key cannot be avoided, use strong keys;
- Do not allow VPN connections from an non-approved IP addresses, if possible.
Organization
Report Number
2022-001-AOIG
Report Type
Fiscal Year
2023
Open/Closed
On
Cost
$0