How to Stop Work VPN Pushes to Group Policy

An increasing number of businesses are moving to hybrid workflows, which combine on-premises and cloud-based systems, as organizational structures change to remain relevant to customers and competitive to stay profitable.

This requires ensuring that business applications and computing platforms are accessible and secure from anywhere, anytime, as efficiently as possible. In order to do this, organizations often resort to deploying a virtual private network (VPN) in order to provide secure access to their employees or contractors across different locations and devices. While VPNs are a necessary evil for organizations, they can also be a significant security and administrative burden.

This is why many businesses are looking for ways to stop work VPN pushes to Group Policy, as it can lead to over-provisioning, complexity, and unnecessary overhead. Fortunately, this is possible with a combination of PowerShell and WMI, which are covered in this Tech Tidbit blog post.

Wake on LAN with PowerShell

Wake on LAN is an operation where a computer or device across the network remotely “wakes up” a physical device, such as a server or workstation. This allows an attacker to remotely access and control the device, which would otherwise be considered locked down and out of reach due to its physical location.

Wake on LAN is one of the most useful and versatile attacks against corporate IT, and it has been used in attacks against popular brands, such as Sony and Intel. Because of this, it is important that organizations adopt security measures to prevent wake on LAN attacks. However, when dealing with physical devices, it is often not practical or feasible to implement a complex password policy, and there is also no way to revoke access once it is granted.

This is why many businesses are turning to password-less authentication methods, which do not require users to input passwords in order to authenticate or authorize network access. One example of a password-less authentication method is Microsoft’s Active Directory Domain Services, which allows administrators to easily and securely grant or deny access to resources based on user identities.

Stop and Remove Work VPN

Work VPNs are often deployed by organizations as a quick and easy way to provide secure access to remote workers and contractors, who have the need to connect to resources in different locations. In most cases, Work VPNs are hosted on dedicated servers or virtual machines, which are accessed via the public internet. This exposed interface makes Work VPNs easy targets for hackers and intruders, who may want to gain unauthorized access to a company’s internal networks and resources.

Once a Work VPN is deployed, it is almost impossible to stop all remote access to organizational resources. This is because Work VPNs are typically configured to “auto-detect” resources across different locations, and there is no way to tell the VPN client which network resources to access or utilize. This type of setup makes it extremely easy for an attacker to access private or confidential data, whether it is stored on-premises or in the cloud.

Use Group Policy to Configure VPN

Group Policy is used by administrators to centrally manage organizational computing resource and infrastructure settings, security measures, software installation, and more across multiple platforms and devices. One of its most useful features is the ability to remotely configure network settings and connectivity, which makes it possible to ensure that all organizational computing devices are configured and use the same network technologies and protocols, regardless of where they are located.

Since VPNs are such a popular option for organizations, it is often the case that Group Policy has an entire policy setting devoted to VPNs. This makes it simple to remotely configure VPN settings and usage using the Group Policy GUI, which is probably the simplest and most straightforward approach to take when it comes to centrally managing VPN settings. This setting will be automatically synchronized to other Group Policy-compliant devices and applications across the network when it is applied.

Use Group Policy to Configure Auto-VPN

Another useful feature that Group Policy provides administrators is the ability to configure “auto-VPNs.” These are VPNs that are configured to automatically connect to a specified set of resources, without the need for user intervention. Auto-VPNs make it possible to provide secure access to remote workers and contractors, who do not need to be aware of VPN configurations or settings in order to connect to critical business resources. This can be extremely useful in scenarios where a VPN is needed for specific resources, but the business units or employees who need access do not have the technical knowledge to manually configure the VPN. In these cases, auto-VPNs make it possible to provide secure access to confidential data, while still giving users the freedom to roam the internet as they please and without the need for constant management or intervention.

Disable All Unneeded Services

One of the primary concerns of any organization that deploys a VPN is the complexity and additional overhead that it brings. Since VPNs are often deployed to provide secure access to sensitive business data and resources, many organizations are concerned about the impact that it may have on the performance of the network and other system. Disabling services that you do not need can help alleviate some of these concerns.

It is always a good idea to review the services that are enabled on your system, as well as any services that are recommended but not necessary. For example, many businesses utilize the OpenVPN protocol for their VPN needs, but this is not necessarily the case. Reviewing and disabling services that you do not need can help ensure that your system is not impacted negatively by the presence of a VPN.

Use Ransomware to your Advantage

Ransomware is a type of malicious software that is designed to disrupt and damage a computer or device, in order to make the owner pay a certain price in Bitcoin for “resetting” the device. Once the owner has paid the ransom, they are presented with a set of instructions on how to continue the “bootstrapping” process, and the computer or device is able to function normally once more. This type of attack is typically used against businesses that have valuable and/or confidential information, and the attacker simply wants to extort money from the organization in exchange for not publicizing the information or deleting it.

The advantage that ransomware has over other types of malware is that it is very difficult for law enforcement officials to trace the source of the infection. This makes it extremely hard to prosecute, since it is very difficult to identify the person or entity that is responsible for the malicious activity. Due to this, it is usually up to the victim to identify the source of the infection and deal with it accordingly. However, organizations can take steps to protect themselves from this type of attack, which is why it is important to keep anti-malware applications up-to-date and on-hand, as well as use strong passwords and security measures, such as those mentioned above, when creating user accounts.

Use VPN for Specific and Purposes

VPNs can be very useful for businesses and organizations, even if they just need to provide secure access to a small subset of their devices or systems. In these cases, it is usually best to just utilize a VPN for the specific resources that it was designed for, rather than trying to force it to provide secure access to everything that the organization or business owns. This approach can help keep your system healthy and optimally performant, as well as prevent unnecessary strain and configuration complexity when trying to provide secure access to an entire network or organization’s worth of devices and systems. In cases where you need to provide secure access to a small group of people, this approach can also help ensure that the intended users have the correct access, without any leaks or compromises.

Use a Virtual Machine for Additional Protection

A virtual machine is a type of software-based simulation, which creates an entirely separate “computer” within your existing device. Software-based virtual machines can be installed directly on your computer or device, without the need for additional hardware. This makes them easier to manage and more portable, since they do not need to be installed on a dedicated server or in the cloud.

Since the software-based nature of virtual machines makes them more portable and easy to manage, it is often the case that they are used by smaller businesses and organizations, as well as those looking to provide extra protection to their devices and networks. It is also worth noting here that it is possible to utilize hardware-based virtual machines, which do not require the use of a USB drive in order to function. However, these are more expensive and require more maintenance, as well as additional hardware to set them up.