10-Step Security and Vulnerability Assessment Plan
Use this plan to ensure your information system controls are correctly implemented.
Virtual private networks, commonly known as VPNs, are indispensable tools for communication between networks. They are especially useful to mobile workers who need to access network resources from remote locations, and the convenience of being able to access those resources from a Web browser is an added bonus.
The IPsec framework is the most common network layer security control used to provide private communication over public networks. While VPNs created using IPsec provide some data protection in terms of access control, confidentiality, replay protection, integrity and data origin authentication, they can't completely eliminate them. Flaws in software and algorithms, along with insecure configuration settings and values, can make them vulnerable to attack.
The National Institute of Standards and Technology recently uploaded the Guide to IPsec VPNs to help administrators and other IT pros reduce networking risks. Download this guidelines document to get an overview of the types of security controls that you can implement in your organization to provide safeguards for your TCP/IP network communications.