It is likely that a virtual private network (VPN) server, a gateway through which employees working remotely can access the organization's internal network, will be included in the scope agreed to with your client. Ideally, this will be a well-protected part of your client's external infrastructure. If a malicious hacker is able to breach this entry point, then they may well have free reign over a large number of internal systems. In this chapter, we will take a look at common types of VPN technologies: Internet Protocol Security (IPsec) with Internet Key Exchange (IKE) and SSL VPNs (OpenVPN).

What Is a VPN?

Companies and organizations that are split over different geographical regions might want to connect multiple sites or offices over a network. One way to do this is to implement a leased line, which is a dedicated line between locations, leased from a telecommunications company. The cost of such an approach may well be prohibitive for the vast majority of organizations.

An alternative to an actual physical network is to use a virtual network. In other words, companies can make use of the already existing infrastructure of the public Internet. One issue with this approach is that, unlike a dedicated or internal network, this infrastructure will be shared with the general public and subject to the same traffic congestion problems that they experience.

A bigger concern, though, is security. Ideally, all information sent among different ...