VPN · ZTNA · SASE · VDI
Remote Access Infrastructure
Security Assessment
Configuration review, passive control validation, and active penetration testing across your entire remote access stack - delivered through NST Assure.
Schedule Assessment View Services
Remote access is the new perimeter. We assess VPN gateways, Zero Trust architectures, virtual desktop environments, SASE deployments, and privileged access pathways - combining configuration review with active exploitation - delivered through NST Assure, our PTaaS platform for continuous assurance.
01
IPSEC, SSL VPN & GATEWAY HARDENING
VPN & Gateway Security
Assesses the configuration, deployment, and resilience of VPN concentrators and remote access gateways.
Gateway configuration - cipher suites, protocol versions, and tunnel-establishment hardening
Split tunnelling review - traffic-routing policies, DNS leakage, and bypass exposure
Authentication controls - MFA enforcement, certificate validation, and credential-handling policies
Vulnerability exposure - CVE-driven assessment of gateway firmware and known exploit paths
Logging & visibility - session monitoring, audit-trail completeness, and anomaly-detection coverage
Let's Start →
VPN GATEWAY ASSESSMENT
Gateway Firmware & CVE Exposure
Critical
Cipher & Protocol Configuration
Config
Split Tunnelling & DNS Leakage
Routing
MFA & Certificate Enforcement
Auth
IPSEC
SSL VPN
SPLIT TUNNEL
MFA
02
IDENTITY-AWARE ACCESS & MICROSEGMENTATION
Zero Trust & ZTNA Architecture
Validates Zero Trust implementation from identity verification and device posture to continuous authorisation enforcement.
Identity verification - user and device trust signals, contextual access policies, and conditional enforcement
Device posture assessment - OS compliance, endpoint health checks, and managed-device validation
Microsegmentation - application-level isolation, lateral-movement prevention, and policy granularity
Continuous authorisation - session re-evaluation, real-time revocation, and risk-adaptive access
ZTNA broker testing - proxy-bypass resilience, connector hardening, and trust-boundary enforcement
Let's Start →
ZERO TRUST VALIDATION
ZTNA Broker Bypass & Trust Boundary
Critical
Microsegmentation & Lateral Movement
Segment
Device Posture & Health Validation
Posture
Continuous Auth & Session Re-eval
Cont.
ZTNA
ZERO TRUST
POSTURE
MICRO-SEG
03
VIRTUAL DESKTOP, DAAS & SESSION CONTROLS
VDI & Remote Desktop Security
Evaluates virtual desktop environments and remote workspace deployments for session isolation, data-leakage, and access-control gaps.
Session Isolation - virtual-machine escape, cross-session data leakage, and tenant boundary validation
Clipboard & print controls - data-exfiltration paths through clipboard, drive mapping, and print redirection
Thin-client hardening - endpoint configuration, firmware integrity, and USB-device restrictions
RDP/Citrix/VMware - protocol-specific vulnerabilities, gateway security, and authentication bypass
DaaS posture - cloud-hosted desktop security, image-management hygiene, and patching cadence
Let's Start →
VIRTUAL DESKTOP VECTORS
Session Escape & Cross-Tenant Leak
Escape
Clipboard & Print Data Exfiltration
DLP
RDP / Citrix / VMware Exploitation
Proto
DaaS Image & Patching Hygiene
DaaS
VDI
RDP
CITRIX
DAAS
04
SD-WAN, SWG, CASB & FWAAS POLICY
SASE & SSE Architecture Security
Validates the converged security stack across your SASE and SSE deployments - from edge policy to cloud-delivered controls.
SD-WAN security - overlay-network segmentation, encryption enforcement, and branch-edge hardening
Secure Web Gateway - URL filtering, TLS inspection, and content-policy bypass testing
CASB policy validation - shadow-IT detection, sanctioned-app controls, and data-loss prevention rules
Firewall-as-a-Service - cloud-edge rule-set review, microsegmentation, and east-west policy enforcement
Unified policy coherence - cross-component policy consistency, failover behaviour, and bypass resilience
Let's Start →
SASE / SSE STACK REVIEW
SD-WAN Overlay & Edge Hardening
Edge
SWG TLS Inspection & Policy Bypass
SWG
CASB Shadow-IT & DLP Controls
CASB
FWaaS Rule-Set & Failover Testing
FWaaS
SASE
SD-WAN
CASB
SSE
05
JUMP SERVERS, CREDENTIAL VAULTS & ADMIN PATHWAYS
Privileged Access & PAM Security
Evaluates the security of privileged access pathways - from jump-server architecture to credential vaulting and session governance.
Jump-server architecture - bastion-host hardening, access-path isolation, and network segmentation
Credential vaulting - secret-rotation policies, vault-access controls, and emergency break-glass procedures
Session recording & monitoring - audit completeness, real-time alerting, and tamper-resistance
Just-in-time access - privilege-elevation workflows, approval chains, and time-bound access enforcement
Admin pathway isolation - dedicated admin workstations, tier-model enforcement, and lateral-movement prevention
Let's Start →
PRIVILEGED ACCESS VECTORS
Jump-Server Compromise & Pivot
Critical
Credential Vault Access & Rotation
Vault
JIT Privilege Elevation Abuse
JIT
Admin Tier-Model & Lateral Movement
Tier
PAM
VAULT
JIT ACCESS
BASTION
06
NST ASSURE - PTAAS DELIVERY
NST Assure - Standards & Continuous Assurance
Findings mapped to industry frameworks and delivered through NST Assure for collaborative remediation.
NIST 800-207 - Zero Trust architecture alignment and maturity assessment
CIS Benchmarks - platform-specific hardening validation across VPN and VDI infrastructure
NIST 800-46 - telework and remote access security guidance alignment
NST Assure platform - real-time reports, trackers, POC artefacts, and revalidation workflows
Continuous assurance - configuration drift monitoring and posture tracking across change cycles
Let's Start →
NST ASSURE - STANDARDS & DELIVERY
NIST 800-207 Zero Trust
ZTA
CIS Benchmarks - VPN & VDI
CIS
NIST 800-46 Telework Security
NIST
NST Assure - PTaaS Platform
Delivery
NST ASSURE
NIST 800-207
CIS
PTAAS

Our Approach

Our Remote Access Infra Security Assessment includes an in-depth assessment of critical components of Remote Access infrastructure like NAC, AAA solutions, MFA, VPN Gateways, and software applications. Our tried and tested Assess-Validate-Respond (AVR) model-based assessment leverages a unique hybrid approach for identifying all possible remote access security issues.

Work Process Image

Configuration Review

We begin by understanding the organization's Remote Access goals, strategies and control objectives and then review the device security posture to identify how the current logical controls protect critical assets, sensitive data stores, and business-critical interconnections in accordance with the organization’s business and security objectives. The review covers Rule Sets, Policies, Logging and Auditing, and Compliance and delivers a comprehensive Risk Assessment report with remediation advisory.

Work Process Image

Passive Control Validation

Our comprehensive configuration review focuses exclusively on evaluating rules and configurations within the context of your specific solution. While configurations are examined, the effectiveness of the implemented controls and rules raises questions. To address this, we leverage the Control Validation exercise, a crucial step in ensuring the Solution's robustness. In this approach, we conduct an in-depth assessment without actively testing the Solution. Instead, we tactfully explore device-contextual techniques to challenge the existing controls, aiming to identify any potential weak points and bypass RA rules configured within.

Work Process Image

Active Penetration Testing

Active Penetration Testing involves rigorous, intrusive testing directly against the Solution itself. By subjecting the Solution to deliberate attempts to overwhelm or breach it, we gain valuable insights into its resilience and capacity to withstand attacks, ultimately enhancing its ability to enforce controls effectively.

Ready to assess your remote access infrastructure?
Share your requirements - we'll scope an assessment aligned to your remote access stack and architecture.
Get in Touch
NIST 800-207 aligned VPN · ZTNA · SASE · VDI Active & passive testing NST Assure PTaaS delivery