VPN Security Review Services

Praetorian's VPN security assessment provides an in-depth review of your VPN solution. Praetorian recognizes that while your VPN solution provides necessary and convenient remote access for employees, it can also be used as a mechanism for opening your internal network to attacks from anywhere on the Internet. As such, Praetorian has developed a comprehensive VPN security assessment to review each aspect of your VPN solution. The review compares your current configuration against recommended best practices and identifies any areas of concern. The assessment includes remote and onsite configuration review as well as an architecture review.

Methodology for VPN Security Reviews

Through a precise blend of activities, Praetorian scans security controls responsible for guarding your VPN servers, VPN clients, and the networks and users served by these systems. A combination of methodological testing techniques, configuration setting, and policy reviews, as well as interviews with your personnel allow our team to determine the overall strength of your VPN solution. The assessment process involves six steps as described below. Although the specific checks vary based on the brand and type of VPN, the general security considerations are largely the same.

The VPN assessment process covers:

  • Account management and passwords
  • VPN security settings
  • Patch management
  • Network security
  • Logging and auditing
  • Client security

What You Get

Upon completion of the assessment Praetorian shall provide a single electronic report deliverable. The report will provide an analysis of the current state of the assessed security controls. The analysis will identify areas that need to be resolved in order to achieve an adequate level of security. The detailed contents of the deliverable are described below.

The report deliverable will include the following high level sections in a format suitable for management:

  • Purpose of the engagement including project's scope and approach
  • Positive security controls that were identified
  • Tactical resolutions to immediately reduce risk in the environment
  • Strategic recommendations for preventing similar issues from recurring
  • An industry comparison based on consultancy experience and results from similar previous engagements

The report deliverable will also include the following in-depth analysis and recommendations for technical staff to understand the underlying risks and recommendations:

  • A technical description and classification of each vulnerability
  • Anatomy of exploitation including steps taken and proof in the form of screenshots
  • Business or technical risk inherent in the vulnerability
  • Vulnerability classification that describes the risk level as a function of vulnerability impact and ease of exploitation
  • Technical description of how to mitigate the vulnerability