After my earlier post of Windows 7 security, I decided a series of articles detailing the security features of Windows 7 (and Windows Server 2008 R2) and their consequences for the creation of companies.
First I will highlight the features of Microsoft Direct Access, a new feature VPN tunnel type new in Windows 7 and 2008 R2.
Direct Access is essentially a company always on VPN technology that requires no user intervention, is more compatible with the functionality and NAT firewall, and enables remote management of PCs and laptops that are not connected to a user but an Internet connection available .
In order to implement direct access Microsoft requires the use of IPv6, both on your intranet and on the workstation.
This will disable many administrators and organizations, some administrators are now aware of IPv6 and have almost no deployed within their infrastructure.
Technical Overview of Microsoft recommends using the use of 6to4 or Teredo Client, the IPv4 addresses (all?) Add an additional burden for administrators and support costs.
Once you are able to make a connection between your computer and the corporate network, the computer can communicate with IPv6 resources of the company.
Oh wait, you do not have?
This forces you to provide yet another server (known as NAT-PT) on your network to accommodate the communication between the client and IPv4 intranet assets. This is a very complex device, and I am proud to say the complexity is the enemy of security.
One advantage of this technology is that it seamlessly without the user clicking on something to open a VPN connection.
To a large extent this increases the ease and secure access to corporate resources.
It will also allow administrators to ensure that the group policy of the company’s computer when they are applied online and updated anti-virus deployment, etc. without having to connect the user and open their VPN. Microsoft uses a computer company and domain certificates to ensure the integrity of this process automatically.
A disadvantage can leave the user to the WiFi and laptops when not in use. This negates much of the security technologies such as Sophos Security and Data Protection and Microsoft’s own BitLocker technology.
Looking back at the time of the initial efforts of Microsoft, VPN, PPTP, we see them still do not take security seriously.
PPTP is a style, split-tunnel VPN, means that only users accessing the company’s resources protected through the tunnel and could not surf the Internet directly from their unsecured Wi-Fi or other Internet connection.
Microsoft has used this method to the standard direct access to continue a tradition of insecure default settings.
They claim that, for performance reasons, a certain level of truth, but the risk with such endpoints to connect directly with their local computers, the Internet are connected, and unsecured access points, WiFi in public denial of any increase in performance, that can be done by minors.
Most of the attacks on the computer on the Internet to find a job left open when accessing sensitive corporate data is contra-intuitive.
In conclusion, I am by the possibilities this technology offers the ease of access and data security and business applications are encouraged. Deployment, however, requires careful thought about how it should be configured, enabling means security, and especially how to Windows 7, Windows 2008 R2 and migrate to IPv6.