All posts in category Security

Always On VPN and RRAS on Windows Server Core

Windows Server Core is a refactored version of the full Windows Server operating system. Server Core does not include a Graphical User Interface (GUI) and must be managed via the command line or with PowerShell. The Routing and Remote Access Service (RRAS) is a supported workload on all supported versions of Windows Server including Windows Server 2022. Always On VPN administrators should consider installing and configuring RRAS on Windows Server Core to ensure their VPN infrastructure’s best security and performance.

Server Core Benefits

Windows Server Core is a minimal installation option of the Windows Server operating system that provides numerous benefits, particularly for environments where security, resource efficiency, and reduced maintenance overhead are essential. Here are some of the key benefits of using Windows Server Core.

Minimized Attack Surface – Windows Server Core has a smaller footprint compared to the full GUI version, which means fewer components and services are installed by default. This reduces the potential attack surface and minimizes security vulnerabilities.

Enhanced Security – With fewer components and a reduced attack surface, there are fewer potential vectors for malware or unauthorized access. This makes Windows Server Core a more secure choice for critical server roles like RRAS.

Reduced Maintenance – Since there are fewer components to update, patching and maintaining a Windows Server Core system is quicker and requires less effort. This is especially beneficial in large-scale server deployments.

Improved Stability – By removing the graphical user interface (GUI), Windows Server Core has fewer processes running in the background, leading to a more stable and predictable server environment.

Simplified Management – Windows Server Core is designed for remote administration. It allows the administrator to manage it using command-line tools, PowerShell, or remote management tools like the Remote Server Administration Tools (RSAT) and Windows Admin Center. This makes it easier to manage multiple servers from a single location.

Faster Reboots – Windows Servers require periodic reboots. With Windows Server Core, reboot times are considerably faster, resulting in less downtime during maintenance periods.

RSAT

The Remote Server Administration Tools (RSAT) can be installed on Windows clients and servers to enable remote administration using the familiar Routing and Remote Access Management console (rrasmgmt.msc) and Remote Access Management console (ramgmtui.exe) GUI tools.

Windows Client

To install the Remote Access Management tools on Windows client operating systems, navigate to Settings > Apps > Optional Features. Click Add a feature, select RSAT: Remote Access Management Tools, then click Install.

Optionally the Remote Access Management tools can be installed by running the following PowerShell command.

Add-WindowsCapability -Online -Name Rsat.RemoteAccess.Management.Tools~~~~0.0.1.0

Windows Server

To install the Remote Access Management tools on Windows Server run the following PowerShell command.

Install-WindowsFeature -Name RSAT-RemoteAccess

Windows Admin Center

The Windows Admin Center is a free remote management tool from Microsoft for managing Windows Server (core and GUI) remotely. It is especially helpful for Server Core management as it provides a GUI for many common administrative tasks.

You can download Windows Admin Center here.

Additional Information

Windows Server Core Installation Option

Windows Server Core vs. Desktop

PowerShell Remote Server Administration

Windows Admin Center

2 Comments
by Richard M. Hicks on October 2, 2023  •  Permalink
Posted in Admin Center, administration, Always On VPN, AOVPN, Enterprise, enterprise mobility, Infrastructure, Microsoft, Mobility, Operational Support, PowerShell, Remote Access, Remote Administration, routing, routing and remote access service, RRAS, RSAT, Security, Server Core, VPN, Windows 10, Windows 11, Windows Admin Center, Windows Server 2016, Windows Server 2019, Windows Server 2022
Tagged , , , , , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on October 2, 2023

https://directaccess.richardhicks.com/2023/10/02/always-on-vpn-and-rras-on-windows-server-core/

Windows Server 2012 and 2012 R2 End of Life

DirectAccess on Microsoft Windows

I want to remind you of a critical upcoming milestone that may affect your business. In just 60 days, we will reach the end of support for Windows Server 2012 and Windows Server 2012 R2. As of October 10, 2023, these operating systems will no longer receive security updates or technical support from Microsoft.

End of Support

End of support means your servers will be more vulnerable to security risks and potential threats. It is essential to take action now to ensure your IT infrastructure’s continued security and stability. Upgrading to newer, supported operating systems will protect your data and systems from potential cyber threats and provide access to enhanced features and performance improvements.

Don’t Wait

Now is the time to migrate those remaining workloads for those still running Windows Server 2012 and 2012 R2! Consider the following commonly deployed services that may still be running on Windows Server 2012 or 2012 R2 in your organization.

Remote Access – Windows Server Routing and Remote Access Service (RRAS) is commonly deployed to provide secure remote access for field-based workers. In addition, Absolute Secure Access (formerly NetMotion Mobility) is a widely implemented premium alternative to RRAS. Organizations may be hesitant to migrate these workloads because disrupting remote workers is painful.

DirectAccess – This remote access technology is widely deployed and extremely difficult to migrate. In addition, the complex nature of DirectAccess, with its many intricate interdependencies, poses a significant challenge to organizations migrating this role.

PKI – This is likely the most common enterprise service to be found running on Windows Server 2012 and 2012R2. Most organizations relying on Windows Active Directory Certificate Services (AD CS) to issue and manage enterprise certificates are reluctant to move this workload once it is deployed. This service is much easier to migrate than you might think! It can be done without disruption as well.

Consulting Services

We understand that upgrading might require careful planning and coordination, and our team is here to support you throughout the transition process. Don’t delay – take this opportunity to safeguard your organization’s data and systems by upgrading to the latest Windows Server version or exploring cloud-based solutions.

Get In Touch

Please don’t hesitate to contact us for further assistance or any questions regarding the upgrade process. Together, let’s ensure your business remains secure and productive. You can get started today by booking a free one-hour consultation to discuss your migration strategy. Just fill out the form below and I’ll provide more information.

Leave a comment
by Richard M. Hicks on August 14, 2023  •  Permalink
Posted in Active Directory Certificate Services, AD CS, administration, Always On VPN, AOVPN, Certificate Services, certificates, DirectAccess, end of life, Enterprise, enterprise mobility, Infrastructure, Microsoft, Mobility, Operational Support, PKI, Professional Services, public key infrastructure, Remote Access, RRAS, Security, VPN, Windows Server 2012, Windows Server 2012 R2
Tagged , , , , , , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on August 14, 2023

https://directaccess.richardhicks.com/2023/08/14/windows-server-2012-and-2012-r2-end-of-life/

What’s New in Absolute Secure Access v13

Recently I wrote about NetMotion Mobility’s acquisition by Absolute Software. Absolute Secure Access (formerly NetMotion Mobility) is an enterprise VPN and Zero Trust Network Access (ZTNA) solution that includes fine-grained policy enforcement to restrict network access based on a wide range of parameters, including IP address, protocol, port, application, time of day, location, and type of network (e.g., wired, Wi-Fi, wireless, etc.), available bandwidth, battery level, and more. It also includes integrated Network Access Control (NAC), which administrators can use to inform access policy decisions based on device security and configuration posture. Now, Absolute has created its first major release since the acquisition – Absolute Secure Access v13.

Secure Web Gateway

Absolute Secure Access is already the most comprehensive and compelling enterprise VPN and ZTNA solution available today. With the release of Absolute Secure Access v13, the solution now includes cloud-based Secure Web Gateway integration, providing administrators with increased visibility and control of web traffic outside the tunnel. Not all web traffic must flow through the secure web gateway. Administrators can use policy to selectively route web traffic through the secure web gateway to meet their requirements.

Enhanced Security

The secure web gateway feature of Absolute Secure Access v13 includes the following enhanced security features.

Web Filtering

The secure web gateway allows administrators to restrict access based on web category (e.g., gambling, malware sites, personal storage, etc.). Administrators can allow or deny access based on risk level or use the destination’s categorization to take policy action to restrict access further or require additional authentication.

TLS Inspection

The secure web gateway can terminate HTTPS (SSL/TLS) sessions to perform traffic inspection and granular content categorization based on the full URL. The TLS inspection certificate is added dynamically to the local computer certificate store.

Virus Scan

The secure web gateway performs malware and virus scans on web content and files, preventing users from downloading malicious software.

Remote Browser Isolation

Remote Browser Isolation (RBI) executes web browsing sessions on a remote, isolated system to prevent potential malware threats. It enhances security by ensuring malicious content is contained and executed away from the user’s device.

Content Disarm and Reconstruction

Content Disarm and Reconstruction (CDR) is a security feature that eliminates dynamic content from downloaded files and guards against zero-day vulnerabilities undetected by antivirus scans.

Data Loss Prevention

Data Loss Prevention (DLP) is designed to prevent sensitive or confidential data from being leaked, accessed, or shared inappropriately, ensuring data security and compliance with regulations.

Policy Enhancements

Absolute Secure Access policies now include actions that can be taken based on information from the secure web gateway. For example, if a user visits a risky category like Malware Sites, additional security features such as antivirus scan, CDR and DLP enforcement, and RBI can be enforced. In addition, administrators can now force reauthentication when users roam between networks.

Summary

Absolute Secure Access v13 significantly upgrades previous versions of Absolute Secure Access and NetMotion Mobility. The security enhancements associated with the new secure web gateway service will tremendously increase an organization’s security posture and eliminate the need for additional web security solutions. Absolute Secure Access has powerful security enforcement technologies with policy and NAC to ensure the highest level of security for today’s mobile workforce.

Learn More

Are you interested in learning more about Absolute Secure Access? Would you like a demonstration of this enterprise VPN and Zero-Trust Network Access solution? Fill out the form below, and we’ll provide more information.

Leave a comment
by Richard M. Hicks on August 7, 2023  •  Permalink
Posted in Absolute, Absolute Secure Access, Absolute Software, Enterprise, enterprise mobility, Mobility, NetMotion, NetMotion Mobility, NetMotion Software, Secure Web Gateway, Security, SSL and TLS, TLS, Transport Layer Security, VPN, Zero Trust, Zero Trust Network Access
Tagged , , , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on August 7, 2023

https://directaccess.richardhicks.com/2023/08/07/whats-new-in-absolute-secure-access-v13/

« Older Posts
Newer Posts »