All posts in category Transport Layer Security

What’s New in Absolute Secure Access v13

Recently I wrote about NetMotion Mobility’s acquisition by Absolute Software. Absolute Secure Access (formerly NetMotion Mobility) is an enterprise VPN and Zero Trust Network Access (ZTNA) solution that includes fine-grained policy enforcement to restrict network access based on a wide range of parameters, including IP address, protocol, port, application, time of day, location, and type of network (e.g., wired, Wi-Fi, wireless, etc.), available bandwidth, battery level, and more. It also includes integrated Network Access Control (NAC), which administrators can use to inform access policy decisions based on device security and configuration posture. Now, Absolute has created its first major release since the acquisition – Absolute Secure Access v13.

Secure Web Gateway

Absolute Secure Access is already the most comprehensive and compelling enterprise VPN and ZTNA solution available today. With the release of Absolute Secure Access v13, the solution now includes cloud-based Secure Web Gateway integration, providing administrators with increased visibility and control of web traffic outside the tunnel. Not all web traffic must flow through the secure web gateway. Administrators can use policy to selectively route web traffic through the secure web gateway to meet their requirements.

Enhanced Security

The secure web gateway feature of Absolute Secure Access v13 includes the following enhanced security features.

Web Filtering

The secure web gateway allows administrators to restrict access based on web category (e.g., gambling, malware sites, personal storage, etc.). Administrators can allow or deny access based on risk level or use the destination’s categorization to take policy action to restrict access further or require additional authentication.

TLS Inspection

The secure web gateway can terminate HTTPS (SSL/TLS) sessions to perform traffic inspection and granular content categorization based on the full URL. The TLS inspection certificate is added dynamically to the local computer certificate store.

Virus Scan

The secure web gateway performs malware and virus scans on web content and files, preventing users from downloading malicious software.

Remote Browser Isolation

Remote Browser Isolation (RBI) executes web browsing sessions on a remote, isolated system to prevent potential malware threats. It enhances security by ensuring malicious content is contained and executed away from the user’s device.

Content Disarm and Reconstruction

Content Disarm and Reconstruction (CDR) is a security feature that eliminates dynamic content from downloaded files and guards against zero-day vulnerabilities undetected by antivirus scans.

Data Loss Prevention

Data Loss Prevention (DLP) is designed to prevent sensitive or confidential data from being leaked, accessed, or shared inappropriately, ensuring data security and compliance with regulations.

Policy Enhancements

Absolute Secure Access policies now include actions that can be taken based on information from the secure web gateway. For example, if a user visits a risky category like Malware Sites, additional security features such as antivirus scan, CDR and DLP enforcement, and RBI can be enforced. In addition, administrators can now force reauthentication when users roam between networks.

Summary

Absolute Secure Access v13 significantly upgrades previous versions of Absolute Secure Access and NetMotion Mobility. The security enhancements associated with the new secure web gateway service will tremendously increase an organization’s security posture and eliminate the need for additional web security solutions. Absolute Secure Access has powerful security enforcement technologies with policy and NAC to ensure the highest level of security for today’s mobile workforce.

Learn More

Are you interested in learning more about Absolute Secure Access? Would you like a demonstration of this enterprise VPN and Zero-Trust Network Access solution? Fill out the form below, and we’ll provide more information.

Leave a comment
by Richard M. Hicks on August 7, 2023  •  Permalink
Posted in Absolute, Absolute Secure Access, Absolute Software, Enterprise, enterprise mobility, Mobility, NetMotion, NetMotion Mobility, NetMotion Software, Secure Web Gateway, Security, SSL and TLS, TLS, Transport Layer Security, VPN, Zero Trust, Zero Trust Network Access
Tagged , , , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on August 7, 2023

https://directaccess.richardhicks.com/2023/08/07/whats-new-in-absolute-secure-access-v13/

Always On VPN and the PSPKI PowerShell Module

Certificates are a crucial part of a secure Always On VPN implementation. Certificates are phishing-resistant forms of authentication that, when configured correctly, provide robust and multifactor authentication for remote access users and devices.

AD CS

Most commonly, certificates are issued by an on-premises Microsoft Active Directory Certificate Services (AD CS) server. Administrators configure and deploy a Certification Authority infrastructure to issue and manage user and device authentication certificates in their organization. CA certificates are also required on the VPN server to support Always On VPN device tunnel connections and IKEv2 user tunnel connections. The NPS server also requires an enterprise CA certificate. Of course, the CA can issue certificates for other purposes, including Wi-Fi authentication, document signing, and code signing, just to name a few.

PSPKI

PSPKI is a PowerShell module available in the PowerShell Gallery for configuring, managing, and troubleshooting Microsoft AD CS. Created by Vadims Podans of PKI Solutions, PSPKI includes over 100 functions for various AD CS and certificate-related tasks. Always On VPN administrators will find this PowerShell module helpful when configuring and troubleshooting certificate-related issues for their Always On VPN deployments.

Note: The AD CS remote server administration tools (RSAT) must be installed to access all of the PSPKI module’s functionality.

Installation

Run the following PowerShell command to install the PSPKI PowerShell module.

Install-Module -Name PSPKI

Always On VPN and PSPKI

Always On VPN Administrators will immediately find a few PSPKI functions helpful when implementing and supporting Always On VPN.

Test-WebServerSSL – This function will connect to a remote web server and display details about the TLS certificate included in the response. This can be especially helpful when troubleshooting SSTP VPN connections.

Convert-PfxToPem – This is a handy utility for converting a PFX file to the PEM format. This is commonly required when importing CA certificates on non-Microsoft platforms, security devices, and load balancers.

Convert-PemToPfx – Occasionally, administrators must convert a certificate and private key in PEM format to PFX to install on a Windows server. This tool allows administrators to perform this task easily.

Get-CertificationAuthority – This function quickly enumerates all enterprise CA servers and displays information about their hostname, accessibility, service status, and type.

Ping-ICertInterface – This function helps troubleshoot CA connectivity issues. Administrators can quickly determine if a CA is reachable and capable of issuing a certificate using this command.

Get-CaTemplate – This command displays a list of certificate templates published on the specified target CA server. The certificate template’s display name and the minimum support CA version are provided. In addition, the output indicates if certificate autoenrollment is enabled on the template.

Much More

The PSPKI PowerShell module for AD CS has many tools for configuring and managing AD CS. PSPKI recently received a major update to version 4.0. Download and install PSPKI today. It will make your life easier, I can assure you!

Additional Information

PSPKI PowerShell Module – PowerShell Gallery

PSPKI PowerShell Module – GitHub

AOVPNTools PowerShell Module – PowerShell Gallery

AOVPNTools PowerShell Module – GitHub

InboxAccountingDatabaseManagement PowerShell Module

InboxAccontingDatabaseManagement – PowerShell Gallery

InboxAccountingDatabaseManagement – GitHub

4 Comments
by Richard M. Hicks on June 20, 2023  •  Permalink
Posted in Active Directory, administration, Always On VPN, AOVPN, authentication, certificates, Deployment, Encryption, Enterprise, enterprise mobility, GitHub, IKEv2, Infrastructure, Microsoft, Mobility, Multifactor Authentiction, NPS, Operational Support, PEAP, PKI, PowerShell, Protected EAP, public key infrastructure, Remote Access, routing and remote access service, RRAS, Secure Socket Tunneling Protocol, Security, SSL, SSL and TLS, SSTP, systems management, TLS, Transport Layer Security, troubleshooting, Update, user tunnel, VPN, Windows 10, Windows 11, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022
Tagged , , , , , , , , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on June 20, 2023

https://directaccess.richardhicks.com/2023/06/20/always-on-vpn-and-the-pspki-powershell-module/

SSL and TLS Training for Always On VPN Administrators

Understanding Transport Layer Security (TLS) is essential for Always On VPN administrators. TLS (formerly Security Sockets Layer, or SSL) is used not only for Secure Socket Tunneling Protocol (SSTP), the protocol of choice for the Always On VPN user tunnel in most deployments, but many other technologies such as secure websites and email, Remote Desktop Protocol (RDP), secure LDAP (LDAPS), and many more. High-quality, affordable TLS training is challenging to find, however.

UPDATE! This course has been further discounted for a limited time. Details below!

Practical TLS

Thankfully, Ed Harmoush from Practical Networking has a fantastic training course called Practical TLS that meets these requirements. It is the most comprehensive TLS training course I’ve seen and is surprisingly affordable too!

Course Content

The Practical TLS training course includes the following modules.

  • Module 1 – SSL/TLS Overview (free preview!)
  • Module 2 – Cryptography
  • Module 3 – x509 Certificates and Keys
  • Module 4 – Security through Certificates
  • Module 5 – Cipher Suites
  • Module 6 – SSL/TLS Handshake
  • Module 7 – TLS Defenses

TLS 1.3

The Practical TLS training course does not yet include a module on the newest TLS protocol, TLS 1.3. However, it is due out imminently! Ed is working on the content as we speak, and a preview module is included in the course today. Look for the final TLS 1.3 module soon.

Bonus Content

In addition to excellent TLS training, the course includes free OpenSSL training! Administrators working with certificates in non-Microsoft environments are sure to find this helpful. Understanding OpenSSL will benefit administrators working with network and security appliances such as firewalls and load balancers.

Enroll Now

The cost of the Practical TLS training course is regularly $297.00. It is a perpetual license, so you can view the content whenever you like and as often as you wish. You will also have access to future updates, such as the upcoming TLS 1.3 module. In addition, you can save $100.00 on the course by using promotional code RICHARDHICKS when you sign up. Don’t hesitate. Register for Practical TLS training now!

Special Discount

For a limited time, you can use the code PracticalTLS13 to get this entire course for just $49.00! This won’t last long, so register soon!

Additional Information

Practical Networking Blog

Practical TLS Training Course – $100 Off!

OpenSSL Training Course

Microsoft Always On VPN and TLS 1.3

Microsoft Always On VPN SSTP Security Configuration

Microsoft Always On VPN SSTP Certificate Renewal

Microsoft Always On VPN SSTP with Let’s Encrypt Certificates

Leave a comment
by Richard M. Hicks on September 6, 2022  •  Permalink
Posted in ADC, administration, Always On VPN, AOVPN, certificates, Cryptography, ECC, education, Elliptic Curve Cryptography, Encryption, Enterprise, enterprise mobility, IP-HTTPS, learning, Mobility, OpenSSL, PKI, Remote Access, routing and remote access service, RRAS, Secure Socket Tunneling Protocol, Security, SSL and TLS, SSTP, TLS, TLS 1.3, Training, Transport Layer Security, user tunnel, video, VPN, Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022
Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on September 6, 2022

https://directaccess.richardhicks.com/2022/09/06/ssl-and-tls-training-for-always-on-vpn-administrators/

« Older Posts