ISA 2006 / TMG 2010: DISABLE CLIENT-INITIATED SSL RENEGOTIATION, PROTECTING AGAINST DOS ATTACKS AND MALICIOUS DATA INJECTION

In these days we received a considerable number of support requests asking for more info about SSL/TLS Renegotiation and the risk it introduces of being exposed to DoS attacks and malicious code injections. The requests in object were focused on ISA/TMG products, considering they are used as reverse proxy for web publishing purposes, but the…


How to implement PEAP-MSCHAPv2 as authentication method for VPN connections in TMG 2010

As you may know, there is a known security vulnerability for the authentication method MS-CHAPv2. The following TechNet article provides some detailed information about it: Microsoft Security Advisory (2743314) Unencapsulated MS-CHAP v2 Authentication Could Allow Information Disclosure http://technet.microsoft.com/en-us/security/advisory/2743314 You may consider moving away from PPTP VPN connections which are configured to use this authentication method…


Using Forefront TMG 2010 to Secure Access to Your Cloud Services

If you read the article Economics of the Cloud published last November on Microsoft on the Issues blog, you will see the that Microsoft analysis “uncovers economies of scale for cloud that are much greater than commonly thought”. As more and more business start to move to the cloud there is also the aspect of…