Windows,Security,Microsoft,Dir communication Windows 7 Security - Microsoft DirectAccess
The Nokia Mobile Company is the undisputed leader in mobile world, they have latest technology and capability to deliver world class handsets at no extra costs. The N series, E series and C series phones have already rocked the world with th But when we talk about the handsets, undoubtedly, Nokia is the King of mobile phone market and LG stood at the third position. In this article we are concentrating on Nokia E5 from the house of Nokia and LG GM360 Viewty Snap by LG Mobile Com
Following my earlier examination of Windows 7 security, Ihave decided to create a series of articles detailing the security features ofWindows 7 (and Windows Server 2008 R2) and what implications they have for theenterprise.First, I am going to highlight the features of MicrosoftDirectAccess, which is a new VPN-like tunneling feature newly added to Windows7 and 2008 R2.Essentially DirectAccess is an always-on enterprise VPNtechnology that requires no user intervention, is more compatible with firewalland NAT functionality and allows remote management of PCs and laptops that arenot logged in with a user, but have an Internet connection available.In orderto implement DirectAccess, Microsoft requires the use of IPv6 both on yourintranet, and on the workstation.This will turn off many administrators andorganizations, as few administrators today have knowledge of IPv6 and almostnone have it deployed within their infrastructure.Microsofts technical overviewrecommends using 6to4 or Teredo for clients that are using IPv4 addresses (allof them?) adding additional overhead and complexity for administrators tosupport.Once you are able to establish a connection from your computer to theenterprise network, the computer is able to communicate with IPv6 enabledcorporate resources.Oh wait, you dont have any? This requires you to deploy yetanother server (referred to as NAT-PT) on your network to accommodatecommunications between your endpoints and IPv4 only intranet assets.This is avery complex arrangement, and as I am fond of saying complexity is the enemy ofsecurity. One benefit of this technology is that it will seamlessly connectusers without requiring them to click on anything to open a VPN connection.To alarge degree this will increase the ease and security of accessing corporateresources.It will also allow administrators to ensure group policies areapplied to company computers when they are on the Internet, and deployanti-virus updates, etc.without the user having to log in and open their VPN.Microsoftuses strong computer and domain based certificates to ensure the integrity ofthis automatic process.One drawback might be users leaving WiFi enabled andlaptops on when not in use.This defeats much of the security of technologieslike Sophos Security and Data Protection and Microsofts own BitLockertechnologies.Looking back to the days of Microsofts original VPN effort, PPTP,we see they still dont always take security seriously.PPTP was a split-tunnelstyle VPN meaning that users only accessed company resources through theprotected tunnel and could surf the Internet directly through their unsecuredWiFi or other internet connection.Microsoft has chosen this to be the defaultmethod of using DirectAccess as well continuing a tradition of insecure defaultsettings.They proclaim it to be for performance reasons, which has a degree oftruth to it, but the risk associated with allowing endpoints to communicatedirectly with their home LANs, the internet, and unsecured WiFi access pointsin public negates any minor performance increase that may be had.The majorityof attacks against computers are over the web, so leaving a workstation open tothe web while accessing sensitive corporate data is counter-intuitive.Inconclusion, I am quite excited by the possibilities this technology offers tothe ease of access and security of enterprise data and applications.Deployment,though, requires careful thought on how it should be configured, what enablingit means to security, and most of all how you will migrate to Windows 7,Windows 2008 R2 and IPv6. Article Tags: Microsoft Directaccess
Windows,Security,Microsoft,Dir