The NSA's Central Security Service -- that's the part that's supposed to work on defense -- has released two documents (a full and an abridged version) on securing virtual private networks. Some of it is basic, but it contains good information.

Maintaining a secure VPN tunnel can be complex and requires regular maintenance. To maintain a secure VPN, network administrators should perform the following tasks on a regular basis:

• Reduce the VPN gateway attack surface
• Verify that cryptographic algorithms are Committee on National Security Systems Policy (CNSSP) 15-compliant
• Avoid using default VPN settings
• Remove unused or non-compliant cryptography suites
• Apply vendor-provided updates (i.e. patches) for VPN gateways and clients