Ok, I was confused with the original SecurityCatalyst post that VPNs were not security devices, but I saw this again from cdman over at Hype-Free along with the statement that NAT is also not a security measure.
Perhaps I am missing something, but is that correct? I may not consider NATs first purpose to be a security purpose, but it certainly does help. Would I rather have (or feel more secure) using a NAT device or by direct one-to-one mapping to a publicly routable IP? Would I rather have people make remote connections over the Internet alone or with VPN? These answers seem fairly obvious to me, and so do the reasons for those answers.
I understand that a VPN does not give absolute security. I also understand NAT only goes so far and its real purpose was to avoid the problem with the “limited” address space of ipv4.
The frustration in these really do offer some security, whether by design or by coincidence. We try very hard to tell people and organizations to do secure things, but to say a VPN is not a security device? Talk about confusing everyone, including the techs.