Virtual Private Network (VPN) assessments provide an assurance of the integrity and confidentiality of a network, implied by their presence and use. It is imperative that confidence in the security infrastructure is not impaired by an extension of the trust boundaries outside the organisation's physical perimeter.

In a VPN implementation, remote systems are provided with a secure route for internal network access. Potentially such access is obtained from physically insecure locations.

This network presence; coupled with potential flaws in authentication mechanisms, implementation framework or configuration state; could result in the compromise of network boundaries from an external VPN endpoint. Such a compromise may lead to the VPN becoming a conduit for an attack on the organisation's internal network infrastructure.