With the highly anticipated release of macOS Monterey now officially set for next week, many of you will be planning a system-wide update in the coming weeks to ensure your company’s Macs are up to date and running on the latest macOS version.

We strongly recommend taking this key opportunity to also tighten up your network’s security. This may include updating passwords and network settings, checking your software is still compatible, and – most importantly – strengthening your VPN connection.

In this post, we’re sharing five straightforward yet highly effective ways you can improve your company VPN’s security, ready for the release of macOS Monterey…

5 Ways to Make Your Company VPN More Secure

Your VPN is the backdoor into your internal network. If there are any holes in your security – however small, you could be risking serious security breaches for your company. For this reason, it’s important you carry out all the necessary steps to make sure your VPN is as secure as possible.

1. Select the highest encryption settings for your device

To begin with, you should start by reviewing your VPN’s encryption settings. Check whether you are using the highest encryption algorithms supported by your VPN gateway. Today, AES (Advanced Encryption Standard) is the strongest available encryption algorithm and is even used by governments and military organizations as it as widely considered impossible to crack. For AES, encryption is available up to 256 bits – the so-called “gold standard” of encryption.

Here are some more encryption best practices to consider for your connection:

• Avoid MD5 as a Hash Algorithm
• Enable Perfect Forward Secrecy in Phase 2 (if supported by your gateway)
• Use a higher Diffie Hellman Group

2. Regularly review users

Particularly for larger teams, it’s easy to lose track of how many users you have configured for your VPN connection(s). However, having users associated with your connection who no longer are authorised to have access (i.e. former employees or personnel who are now in a different department) can be a serious security risk for your company.

Make a habit of regularly checking your firewall or VPN gateway device to ensure any ex-employees have been removed and that your user groups only consist of team members who are currently part of your organisation.

Tip: With VPN Tracker 365 Team Management tools, you can access a useful overview of all your team members and when a team member leaves, you can remotely revoke their access to connections via Remote Connection Wipe.

3. Frequently update your Pre-Shared Key

Many VPN connections rely on a Pre-Shared Key (PSK) as an authentication measure, meaning it plays a hugely important role in securing your VPN. Just like any important password, you need to ensure you regularly update your PSK to avoid the risk of it falling into the wrong hands.

Generally, the longer your PSK ist, the harder it is to crack – making it much more secure. Many services recommend at least 32 characters. To make things easier, you can use tools like this one to automatically regenerate a new key when it’s time to update.

In addition, for optimal security, you should also avoid sharing the PSK with users via chat, intranet or similar.

Tip: VPN Tracker 365 TeamCloud not only enables you to remotely update and sync your connection’s Pre-Shared Key for all users, it also allows you to hide the connection’s configuration details so that only you have access. This way, you will never have to share the PSK with employees and they can continue working productively. Learn more.

4. Use Two-Factor-Authentication

Two-Factor-Authentication (2FA) has become a popular choice for many admins in recent years. In addition to preventing phishing or social engineering attacks, 2FA adds an extra layer of security to your VPN, giving you peace of mind that unauthorised users aren’t able to gain access.

Some popular 2FA methods include X.509 certificates, OTP authenticator apps like Google Authenticator, Duo etc., and PKI tokens – all of which are supported by VPN Tracker 365. Some VPN gateways also offer hardware-specific, one-time tokens, such as Fortinet’s FortiToken.

5. Apply Zero-Trust principles

With a Zero-Trust network policy in place, users need to go through a strict authentication process to access company resources. This is intended as a solution to stop security breaches and ensure access is kept secure at all times.

In addition, users are only given least privilege access, meaning they only have access to the resources they really need. Consider whether you really need to share a VPN connection with all your team members, perhaps some connections are only needed by admins or specific departments. By minimising the number of co-workers who have access to the VPN, you also reduce the risk of security breaches.

Security tip: The Groups feature in VPN Tracker 365 TeamCloud allows you to pre-determine groups of users and grant them access to specific VPN connections. This way, you can avoid giving all users access to all of your company connections and instead only provide them with the resources they need to perform their tasks.

Choosing a reliable VPN client

There are many VPN clients out there but only a small handful can offer your business the security and peace of mind you need for your important connections. Putting your trust in an unmaintained VPN client can not only hinder your productivity but also put your network at risk from external attacks.

For example, if your VPN client software does not receive regular updates and maintenance, it’s highly unlikely that it’s up to date with the latest security standards required to keep your network secure. Furthermore, without a genuine customer support team, any problems you may face will likely go unresolved, leaving you to pick up the pieces and forcing you to find an alternative solution.

For Mac users, VPN Tracker 365 is the number one choice and possess all the key qualities admins look for in a VPN client:

1. Regular updates and compatibility with the latest macOS versions, including Monterey (see our version history)
2. Support for all major VPN protocols (IPSec, OpenVPN, L2TP, SSTP, Cisco AnyConnect, and more…), plus TeamCloud security features
3. Excellent customer support and one-on-one troubleshooting with our development team

Find out more about VPN Tracker 365 and available licensing options for your team here.

VPN Tracker 365 securely connects thousands of Macs worldwide with VPNs every day. VPN Tracker was developed from the ground up in our head office in Munich. You can trust in our long experience working with advanced VPN technology.

From OS X 10.11 including macOS 12 Monterey

A secure VPN is one of the most important aspects of your company’s network security. So how do you balance your employees’ remote access with the risks of inadvertent data breaches, leaks and hacks? One solution many organizations are adopting is a Zero-Trust network architecture.

We’ll explore how with the right tools in place, VPNs and Zero-Trust Networks can happily coexist. This means you can take all the necessary precautions to protect your internal network, while also providing staff with a secure yet user-friendly solution to get connected and work productively.

What is a Zero-Trust network policy?

With a Zero-Trust network policy in place, access to the company network is completely restricted for every user – including users who are on the premises. In order to access company resources, users need to go through a strict authentication process, which is intended as a solution to stop security breaches and ensure access is kept secure.

Three of the main principles of Zero-Trust are:

1. User / application authentication
2. Device authentication
3. Granting least privilege access

Despite its security strengths, compared to a standard VPN, a Zero-Trust policy is much more difficult and time-consuming to set up and manage. However, your existing VPN can also be optimized to integrate many of the key Zero-Trust characteristics and offer your company network more security.

Steps to take to make your VPN more secure

If you are looking into adopting a Zero-Trust policy into your current network structure, here are a few key steps you can take to protect your organization from threat and make your connections more secure.

Harden your VPN connection

The first step for securing your connection is ensuring your VPN has the optimal security settings in place to protect the network from external threats.

To begin with, you should start by reviewing your VPN’s encryption settings. Are you using the highest encryption algorithms supported by your gateway? VPN Tracker 365 supports encryption up to AES-256 to satisfy even the most demanding standards set by military organizations, enterprises and government.

We also recommend not using MD5 as a hash algorithm and to choose SHA-2 whenever possible. In addition, you should consider using a high DH group and enabling PFS in Phase 2 (if supported by your gateway.)

Choose a secure VPN client

The VPN app on your users’ devices is the gateway into your company’s network, so it needs to be kept as secure as possible. In general, all security relevant software should be checked and vetted to see if they support best practises.

A good VPN client should offer you:

• Secure, end-to-end encryption standards for your connection data (learn more)
• Custom configuration options for connections
• Trustworthy and reputable developers
• Regular maintenance and updates. VPN client software which is not regularly updated can leave your business open to threats, i.e. when it is not compatible with the latest security patch updates or doesn’t offer support for the latest technologies

For Mac users, VPN Tracker 365 is the top choice VPN client and offers full compatibility with the latest macOS version.

Phishing countermeasures – hide connection details from users

Social engineering or phishing attacks only work, if employees have access to sensitive data, such as your connection’s Pre-Shared Key or Shared Secret, or even the VPN gateway address or VPN protocol in use.

Hiding this information before you share the connection is one extra way of eliminating risk.

In addition, by hiding connection details from VPN users, you can also ensure they have no way of using your connections with other external, untrusted software – a key concept within Zero-Trust security.

With VPN Tracker 365 TeamCloud, you can securely share pre-configured VPN connections with team members and hide all the connection details before export:

Verify users with Two-Factor-Authentication

Having a secure user verification process in place is another key part of building an effective Zero-Trust network. When sharing information with individuals within your organisation, you need to be sure that the identity of the person receiving the information is legitimate.

Two-Factor Authentication (2FA) is on the rise and is already built into many leading VPN services. With 2FA in place, your VPN has another layer of protection against hackers and cyber attacks, such as email phishing or spear phishing.

VPN Tracker 365 offers support for for two-factor authentication (2FA, MFA, OTP) based on X.509 certificates, OTP authenticator apps like Google Authenticator, Duo etc. or smart cards, and PKI tokens. Hardware-based one-time passcode tokens and hardware security tokens such as YubiKey, RSA SecurID, or FortiToken for FortiGate devices also work great with VPN Tracker 365 through Extended Authentication (XAUTH).

Granting least privilege access

Another key principle of Zero-Trust security is only granting employees the minimum level of privileges. In other words, only giving users access to the connections they really need, in order to minimise potential risk and avoid unauthorised access to confidential information.

In VPN Tracker 365, this can be achieved using the Groups feature.

Set up TeamCloud Groups to grant pre-determined groups of users with access to specific VPN connections. This way, you can avoid giving users access to all of your company connections and instead only provide them with the resources they need to perform their tasks.

How to get started with VPN Tracker 365 TeamCloud

Setting up TeamCloud for your team is really straightforward. Get started by sharing your first VPN connection with team members.

What you need:

• A VPN Tracker 365 plan (see all plan options)
• An established VPN Tracker 365 team (learn how to set up a team) and Team Manager status

VPN Tracker 365 securely connects thousands of Macs worldwide with VPNs every day. VPN Tracker was developed from the ground up in our head office in Munich. You can trust in our long experience working with advanced VPN technology.

From OS X 10.11 including macOS 12 Monterey

VPN Tracker securely connects thousands of Macs worldwide with VPNs every day. VPN Tracker was developed from the ground up in our head office in Munich. You can trust in our long experience working with advanced VPN technology.

From OS X 10.11 including macOS 12 Monterey

Upgraded your Mac to macOS Monterey and can’t connect to your Cisco AnyConnect VPN? Great news: Full support for AnyConnect SSL VPN connections is now available in the latest VPN Tracker 365 version!

Cisco AnyConnect & VPN Tracker 365 at a glance:

• Cisco AnyConnect SSL VPN connections are now supported in VPN Tracker 365 from version 21.7.0
• VPN Tracker 365 version 21.7.0 with AnyConnect SSL support runs from Mac OS X 10.11 (El Capitan) through macOS 11 (Big Sur) and is already compatible with macOS 12 (Monterey)
• VPN Tracker 365 Pro, VIP and Consultant editions, as well as Team Member & Team Member Plus editions all include support for AnyConnect connections

New to VPN Tracker? Seamlessly move your Cisco AnyConnect VPN connections over to VPN Tracker 365 to continue using them on your Mac with macOS Monterey. Learn more.

Connect to Cisco AnyConnect VPN on your Mac – in VPN Tracker 365

As one of the most popular VPN protocols, Cisco AnyConnect SSL VPN is trusted by major corporations and educational institutions worldwide to provide thousands of employees and students with secure remote access.

Today, we are thrilled to announce that AnyConnect SSL connections are fully supported from the latest VPN Tracker 365 version (21.7.0), which you can download here.

Cisco AnyConnect SSL support in VPN Tracker 365 has been specially developed for optimal performance on macOS Monterey and offers you the following key advantages:

• Automatic intelligent protocol switching (VPN Tracker 365 automatically optimizes for TCP or DTLS protocols based on network throughput and profile)
• Latest security standards: Secure authentication with 2FA, multi-factor and  certificate-based authentication
• Compatibility with all major Cisco VPN gateways, including Cisco ASA Firewalls
• Get connected faster, with industry-leading VPN throughput performance
• Additional support for Cisco AnyConnect VPN connections created with OpenConnect
• Full support for Apple Silicon Macs with M1 processors as well as Intel Macs
• Native solution for macOS Big Sur and upcoming macOS 12 Monterey release

Multi-protocol VPN Client for macOS

For IT professionals, having multiple VPN connections based on different protocols has traditionally meant installing several VPN clients on your Mac. Behind the scenes, these clients can sometimes cause conflicts with each other – resulting in a time-consuming, clunky workflow just to get connected.

The addition of Cisco AnyConnect to VPN Tracker 365’s unrivalled list of supported protocols is the key feature for busy network admins and consultants: Get instant access to all your essential VPN connections in one secure location and connect to multiple VPNs simultaneously.

Using Cisco AnyConnect VPN on macOS Monterey

Planning a system-wide update to macOS 12 Monterey in the near future? You can breathe a sigh of relief in the knowledge that VPN Tracker 365 is already one step ahead: Cisco AnyConnect support in VPN Tracker 365 is fully optimized for Mac OS X 10.11 up to macOS Big Sur, as well as for the upcoming macOS Monterey release, due later this year.

In addition, AnyConnect SSL users who are already running the macOS Monterey public beta and have been waiting for Cisco to offer an update can now seamlessly move their connections into VPN Tracker 365 – with full support already available.

How to remotely deploy Cisco AnyConnect SSL VPN connections to your team

With VPN Tracker 365 TeamCloud rollout tools, you can instantly share pre-configured Cisco AnyConnect SSL connections with your team. Here’s how it works:

1. Download the latest VPN Tracker 365 version and create a new connection
2. By VPN Gateway, enter the remote server address
3. Click Share with Team to instantly share the connection with colleagues via TeamCloud

Easy VPN access for all users: VPN Tracker 365 automatically finds available VPN groups so you just need to pick yours from the list. Not sure which group to select? Ask your VPN admin.

Find out more information on importing Cisco AnyConnect SSL VPN connections in our detailed configuration guide.

Start using your AnyConnect connections in VPN Tracker 365: Licensing information

VPN Tracker 365 offers flexible, per-user licensing and Cisco AnyConnect support is available in VPN Tracker 365 Pro, VIP, Consultant, Team Member, and Team Member Plus editions.

Users with a VPN Tracker 365 Pro, VIP or Consultant license can configure and share AnyConnect SSL VPN connections.

Users with a “connect-only” Team Member or Team Member Plus license can connect to an existing AnyConnect connection via TeamCloud.

Not sure which license you need? Compare all VPN Tracker 365 editions here.

VPN Tracker securely connects thousands of Macs worldwide with VPNs every day. VPN Tracker was developed from the ground up in our head office in Munich. You can trust in our long experience working with advanced VPN technology.

From OS X 10.11 including macOS 12 Monterey

VPN Tracker securely connects thousands of Macs worldwide with VPNs every day. VPN Tracker was developed from the ground up in our head office in Munich. You can trust in our long experience working with advanced VPN technology.

For OS X 10.11 and newer

VPN Tracker securely connects thousands of Macs worldwide with VPNs every day. VPN Tracker was developed from the ground up in our head office in Munich. You can trust in our long experience working with advanced VPN technology.

From OS X 10.11 including macOS 11 Big Sur