Hi All,
I’m currently working in IT in a company in the UK and we use Ivanti for all of our employees to connect to so that they can access shared drives and remote desktop etc from home or when they are travelling.
I’ve seen recently a lot in the news about Ivanti and the vulnerabilities, is there anything except patching and keeping ivanti up to date that we should be doing? Should we even keep using Ivanti? What safety precautions should we be adopting?
Cheers !
Here’s the NSCC’s advice.
Exploitation of vulnerabilities affecting Ivanti Connect… - NCSC.GOV.UK
using the workaround seems to be the only way to keep the vpn appliance “safe” from this exploit, definitely do the test for comprimise, the exploits in the wild, you HAVE to know if yours is so do the test…for what its worth, my org dropped it in favor of asa and a privileged access manager for vendors, seems to be a widespread scenario tbh and one i would recommend, as to precautions, log checking like u/Stryker1-1 mentions, as to precautions, use 2fa wherever you can but especially on endpoint control software and for peace of mind, encrypt your backups.
I’d be keeping a close eye on your logs.
Zero Trust is a keyword here. Can be achieved with tools like Azure Bastion for RDP and SharePoint if all Microsoft native.
Nothing should be publicly available for 8 billion people is the TLDR, and if it gets access it should be verified that the unit connecting is secure
Pulse Secure has had so many glaring vulnerabilities I cannot in good conscience tell you to do anything other than migrate to another platform for VPN.
Ideally something that actually deals with auth in an appropriate manner.