Great news! The Windows Server 2012 Unified Remote Access Planning and Deployment book by Ben Ben-Ari and Bala Natarajan is now available! The book covers in detail how to plan and deploy remote access solutions using Windows Server 2012 VPN and DirectAccess. This book will be an essential reference for anyone preparing to deploy DirectAccess, remote access VPN, or site-to-site VPN using Windows Server 2012. Order your copy now!
Posted by Richard M. Hicks on December 27, 2012
As a part of the December 2012 security update release, Microsoft included a fix to address a security vulnerability in IP-HTTPS, an important component used in DirectAccess on Windows Server 2012. IP-HTTPS is an IPv6 transition protocol that utilizes SSL/TLS to tunnel IPv6 traffic from the DirectAccess client to the DirectAccess server. This vulnerability could potentially allow a DirectAccess client to connect to a Windows Server 2012 DirectAccess server with a revoked computer certificate. It is important to understand that this vulnerability would not grant the DirectAccess client full access to the corporate network unless the DirectAccess client also had an active computer account and the user provided valid domain credentials. Best practices dictate that a lost or stolen DirectAccess computer should have its computer account disabled in addition to revoking its computer certificate. You can find additional information about this vulnerability here.
Posted by Richard M. Hicks on December 12, 2012