Tim Rains Introduces Windows Server 2012 Security from End to Edge and Beyond

Windows Server 2012 is the greatest operating system Microsoft has ever unleashed on your data center. There are so many new features and capabilities that it would take several books to illuminate them all. And with all that goodness comes a number of new and improved security technologies. This is what the book Windows Server…

1

A New Tech Talk Show–Security Talk with Yuri Diogenes and Tom Shinder

Yuri Diogenes and I have worked together on a number of projects over the years – last year we published three new books on TMG, UAG and Forefront Security for Exchange. You can find more information on these books on Yuri’s blog at http://blogs.technet.com/b/yuridiogenes/archive/2010/07/08/new-forefront-books-by-microsoft-press.aspx We also worked together on the TMG Firewall Administrator’s Companion which…

4

URL and Antivirus Filtering for DirectAccess Clients

The question on how to handle DirectAccess clients and Internet security for those clients is always a popular topic. As I’ve mentioned many times in this blog, the overall threat and management profile of the DirectAccess client should be little different than a client that is on the intranet. However, there is one major difference…

19

Does Removing ISATAP for the DNS Block List Impact Security?

If you choose to deploy ISATAP to support your DirectAccess deployment, one of the things you need to do is remove the name ISATAP from the DNS block list if you’re using a Windows DNS server running Windows Server 2003 SP2 or above. By default, these DNS servers will not resolve queries for the names…

0

DirectAccess and Firewalls and NAT

Its seems like we’ve run into a little confusion recently regarding how to deploy the UAG DA server in a firewalled environment. If you look at our documentation for Packet Filtering for the Internet Firewall (http://technet.microsoft.com/en-us/library/ee809062.aspx) you’ll see that we fully support putting a firewall in front of the UAG DA server. —————————————————————————————– Discuss UAG…

7

UAG DirectAccess Server Deployment Scenarios

(Discuss UAG DirectAccess issues on the TechNet Forums over at http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag) A question that I see frequently regarding UAG DirectAccess is “what topology options are available to me? Where’s the best place to put the UAG DA server?”. As with all questions of this type, the answer depends on what your requirements are and what…

13

More on DirectAccess Split Tunneling and Force Tunneling

(Discuss UAG DirectAccess issues on the TechNet Forums over at http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag) When you configure a Windows DA server or UAG DA server-based DirectAccess (DA) solution, the default setting is to enable split tunneling. What split tunneling refers to is the fact that only connections to the corpnet are sent over the DA IPsec tunnels. If…

5

Why Split Tunneling is Not a Security Issue with DirectAccess

(Discuss UAG DirectAccess issues on the TechNet Forums over at http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag) As a member of the Anywhere Access Team with a primary focus on UAG DirectAccess (DA), one of the questions that I hear a lot relates to the security of the solution, due to the fact that split tunneling is enabled by default. If…

17