Skip to main content

VPN Gateway Change

This alert occurs when Lacework detects a VPN gateway change.

Why this Alert is Important

VPN gateways are used to provide secure communication between two VPN gateways. A VPN gateway change indicates that communication is not being transmitted over the same VPN gateway. Unauthorized VPN gateway use can cause leakage of sensitive information, leading to man in the middle attacks.

Investigation

Investigate what the approved gateways are in the company. Audit the use of VPN gateways and look for any unauthorized gateways.

Resolution

Ensure that users can only connect to the approved VPN gateways.

https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html