Reverse engineering: Understanding application (Web) complexity

    Part 1: the problem. With UAG, you can provide remote access towards many types of applications:   ·         Web applications: The “client” is in this case a simple browser, and dialog with go through UAG that will act as the reverse proxy. ·         “TCP” applications: the “client” of the application is an executable…

0

UAG Activity Logging

When you connect an application through UAG, all the user activity will be logged by the system. The reason is that it is not only a “technical” gateway (that will pass back and forth the HTTP requests), but an “application layer” one (that will also inspect and provide security). In this post, I would like…

0

Understanding (and extending) UAG Web SSO capabilities

First of all, I would like to thank Matthieu Martineau (matthieu.martineau@piservices.fr) (Gold Partner, MCSE and MCT) with whom I had the opportunity to investigate some of the breaking scenarios I mention at the end of this post In the wide range of services you get when publishing Web application with UAG, we have the ability…

4

Tracing UAG : don’t be blind ;-)

Tracing a product is always a good thing. First, it helps you to understand how it works internally and so enhance your own skills… second, it helps you to understand why such expected feature or configuration is not working fine. With IAG (previous version of UAG) we used several technics like registry keys, config files,…

3

Changing the policy error message (graphical)

The purpose of UAG is to provide “remote access” (more an employee term) and “application publishing” (more a partner or customer term). This means that UAG has to be ready to “talk” to people that are not IT specialists at all.     Security policy is very important since it gives you a wide range…

0

Understanding workstation analysis, under the hood

When you connect UAG, in an internal phase called “install and detect” the UAG client will download from the UAG server a file named Detection.VBS.      This Detection.vbs file contains all the “VBS” code that will analyze the client machine. This file is located in the InternalSite directory of the UAG Server.    …

0

Understanding workstation analysis and security policy

Workstation analysis and security policy are the key features proposed by UAG to provide security at the application layer. Whereas firewall will operate at the network layer (filter by IP or TCP Port range), the application layer will look at “what” the user is trying to do and will correlate a lot more information in…

0

ISA ? TMG ? IAG ? TMG ?

This December, a lot of changes happened in the Microsoft security portfolio. After more than 1 year of strong investments, Microsoft launched the “2010” versions of both “ISA” and “IAG” :   * IAG Server becomes now “Forefront Unified Access Gateway” (UAG) with strong investment on mobility and application publishing. * ISA Server becomes now…

1

Strong authentication using your Brain : IAG and Gridsure.

Gridsure, a UK company, has created a very nice way to provide strong authentication. Strong authentication combines what you know (login, password) and what you have (something physical). In the long list of strong authentication mechanisms we know Smartacards, tokens, and more recently we have seen products capable of using the “mobile phone” as a…

0