If your business runs a Virtual Private Network (VPN) to allow remote users to connect to the network, there is a risk that outside threats could use it as an entry point into your internal network.Virtual Private Network (VPN) assessments provide an assurance of the integrity and confidentiality of a network, implied by their presence and use. It is imperative that confidence in the security infrastructure is not impaired by an extension of the trust boundaries outside the organisation’s physical perimeter.In a VPN implementation, remote systems are provided with a secure route for internal network access. Potentially, such access is obtained from physically insecure locations.
This network presence; coupled with potential flaws in authentication mechanisms, implementation framework or configuration state; could result in the compromise of network boundaries from an external VPN endpoint. Such a compromise may lead to the VPN becoming a conduit for an attack on the organisation’s internal network infrastructure.
Why perform a VPN security assessment?
- To identify firewall configuration vulnerabilities, determines if there are any vulnerabilities inherent in the network devices and highlights general issues with the architecture.
- To verify the security of both, your SL based VPN and your IPsec based VPN.
- To verify that you have end-to-end security and not just an encrypted tunnel.
- Prevent hackers from using your VPN as a tunnel to your internal network.
- To verify the security of both, your SSL based VPN and your IPSec based VPN.