VPN Configuration Assessment
Virtual Private Networks (VPNs) are the modern way to allow remote employees to access resources on the corporate network. These VPN systems have replaced traditional dial-in and other types of remote access. There are many types of VPNs using differing technologies offered by a lot of technology vendors.
The configuration of these VPNs can be quite troublesome with a lot of companies relying on both site-to-site VPNs for third party access as well as Remote Access VPNs for remote workers who need access to corporate resources when on the road or working from home.
Listen to one of our VPN Assessment experts breakdown of this Pentest People Service
What are the Risks?
A VPN device normally straddles the external Internet and internal corporate network. Any security vulnerability or misconfiguration can lead to an external hacker being able to access corporate resources as if they were physically connected to your network.
How Can Our VPN Configuration Assessment Help?
Pentest People can perform a full VPN Security Testing Assessment of all of your external-facing VPN infrastructure. One of our qualified VPN Security consultants will use industry-leading techniques to identify and assess the configuration of the VPN device, looking for any weaknesses that may lead to compromise.
The service would be delivered as part of the Pentest People Penetration Testing as a Service (PTaaS) and full access to the SecurePortal and other complementary tools would be provided.
The VPN Configuration Assessment allows access to SecurePortal
Until now, the traditional deliverable from a Penetration Test engagement has been a lengthy 100+ page PDF report.
Pentest People have developed a solution to this issue where you interact with your vulnerabilities within the SecurePortal.
Constantly updating Vulnerability Information to stay in touch with the emerging threat landscape.
Receive overview and trend data of all of the current security issues you face in your organisation. All viewable on an interactive dashboard.
Rest assured that your assessments are performed by qualified Security Consultants.
Our specialised team of security consultants hold industry qualifications such as CHECK Team Member & Team Leader, CCIE, CISSP and CEH.
VPN Assessment Service Overview Transcript
So VPN assessments, again, a similar term sort of firewall assessments in a sense that the differ on a per client basis. So our typical VPN assessment would include a questionnaire that we sent to the client to interrogate how their VPN or VPN is, in most cases, setup use cases for VPNs. You know, the the policies and procedures that are surrounding the VPN, in an in an attempt to understand how that VPN is supposed to be used, and then how we can better secure that. So some things that we might look at when we’re doing that type of assessment is the documentation surrounding users, you know, of that VPN, how they can access services over the over the VPN, how the VPN is accessed. Sort of the change management around the VPN itself, alongside obviously, you know, interrogate and solve encryption and password policies, management of the VPNs.
What that will typically look like is sort of a day with a consultant sat down working through the questionnaire, sort of one by one. We’ll work through each question one by one, understand the client’s answer and attempt to provide advice, you know, surrounding those areas of concern. And then off the back of it produced sort of a remediation plan. So they’ll get an Excel sheet with their answers to the left are recommendations to the right that they can then go and apply to their VPN to make sure you know, the processes and procedures around the VPN, as well as the technical controls are in place to prevent people accessing it and making sure that it’s managed properly.
Understand the VPN security issues you face through a very thorough assessment from a qualified security consultant.
- Identify Security Vulnerabilities within your VPN Configuration allowing you to proactively remediate any issues that arise
- Improve your security posture, allowing you to reduce the threat of a cyber attack occurring against your business
- Comply with various regulatory bodies who mandate regular Network Security Testing be performed within your infrastructure
- Be able to prove to your supply chain that you are taking the necessary precautions to ensure your strong security posture
- Be able to focus efforts on important security issues by identifying the high-risk items identified in the VPN Testing report
Asked Questions About VPN Configuration Security Testing
A VPN Configuration Review is where a Pentest People security consultant will look at the configuration from your VPN devices to ensure that they are configured in the correct way using the latest technologies. Any potential security issues will be raised and remediation advice provided.
We can assess the configurations of all major VPN Devices vendors. If you want to check if we can assess your VPN Device then please get in touch with us and we will be happy to confirm this.
Absolutely! If your VPN is managed by a third party we have found this is an even stronger case to perform this type of review to ensure that you are receiving a secure level of service that is protecting your core network infrastructure.
The deliverable from this service is a full VPN Configuration Report that is uploaded to our SecurePortal and available for you to interact with.
This differs from the competition in the way this is delivered and we believe this is a much clearer way to work with and manage the results of the assessment.