Internet security testing and auditing services company NTA Monitor states in its latest security report that VPN security has improved in the IT industry, while at pharmaceuticals, leisure, and government it's been bad (Techworld).
An excerpt from the NTA Monitor site:
Hills, Technical Director at NTA Monitor, said: "Although the IT sector has clearly improved its security over the past year, that's not the case for everyone. On average, nine vulnerabilities were found per VPN test performed in last year's report; that figure has risen to 11 in this year's report. 73% of tests also discovered at least one medium level flaw, indicating that external users may be able to disrupt services or potentially obtain unauthorized access."
Seventy-three percent of organizations assessed showed one or more medium-level flaws. The most common security chink was that VPN servers could be fingerprinted, since they responded to any source IP address.
This article at CITES (Campus Information Technologies and Educational Services) provides details on the various nodes in VPN access, something for the curious minds to ponder.
Also, the report states that the financial sector seems to be faring well when it comes to security over VPN. With the proliferation of media and more available bandwidth, malware writers also get greater freedom to experiment with a variety of attacks. In that context, how does you company manage to have end-to-end security over VPN?