IT security and hence also VPN security is best described by three goals that have to be attained:
Privacy (Confidentiality): The data transferred should only be available to the authorized.
Reliability (Integrity): The data transferred must not be changed between sender and receiver.
Availability: The data transferred must be available when needed.
All of these goals have to be achieved by using reliable software, hardware, Internet service providers, and security policies. A security policy defines responsibilities, standard procedures, and disaster management and recovery scenarios to be prepared for the worst. Understanding maximum damage and the costs of the worst possible catastrophe can give an idea of how much effort has to be spent in security issues. Security policies should also define organizational questions like:
Who has the key to the server room when the administrator is on holiday?
Who is allowed to bring a private laptop?
How are the cables protected?
How is a...