Pro audit program · v1.0

VPN Configuration Audit

Audit your VPN: who can connect, with what, from where, and what they can reach.

General target area
NIST CSF framework
6 controls in this program
Cyentrix Cyentrix Trusted Author

Sign in to run → Back to library

About this program

Audit your VPN: who can connect, with what, from where, and what they can reach.

Risks addressed

Critical Compromised credential gives full intranet access
Medium Split-tunnel leaks internal traffic outbound
High No device posture check before VPN access

Controls (6)

MFA enforced on VPN logins
Critical

MFA enforced on VPN logins

How to test + evidence

Testing procedure: Verify VPN auth flow enforces MFA via IdP or RADIUS-MFA.

Evidence to collect: VPN auth config + auth logs sample.
Device posture check before access
High

Device posture check before access

How to test + evidence

Testing procedure: Endpoint must be company-managed (cert / agent) before VPN tunnel opens.

Evidence to collect: Posture-check policy.
Network access limited to need-to-know subnets
High

Network access limited to need-to-know subnets

How to test + evidence

Testing procedure: VPN clients restricted by group → subnet ACLs, not flat access.

Evidence to collect: ACL export by group.
Modern crypto only (no PPTP / L2TP)
High

Modern crypto only (no PPTP / L2TP)

How to test + evidence

Testing procedure: TLS 1.2+ / IPsec IKEv2; old protocols disabled.

Evidence to collect: VPN config.
VPN logs streamed to SIEM
Medium

VPN logs streamed to SIEM

How to test + evidence

Testing procedure: All auth + session events sent to SIEM.

Evidence to collect: SIEM source inventory.
Idle timeout + reconnection requires reauth
Medium

Idle timeout + reconnection requires reauth

How to test + evidence

Testing procedure: Sessions disconnect after idle window; reconnect requires MFA again.

Evidence to collect: VPN policy export.