Microsoft's SSL-based VPN Solution
The US IT security company Whale is to cooperate with Microsoft to expand Microsoft's Internet Security and Acceleration (ISA) Server to include an SSL-based VPN solution for encrypted network connections.
This emerges from a press release by Whale. Besides an application-level firewall and an expanded Web-cache function Microsoft's ISA Server also offers a VPN solution, which so far has been exclusively IPSec-based.
microsoft -
comments -
22.12.2005 Pirate Bay to offer cheap, unlogged VPN
Back in July 2008, torrent tracker The Pirate Bay announced plans to encrypt the Internet. That hasn't happened yet, but they plan to offer a VPN tunneling service to the public starting April 1.
common -
comments -
24.03.2009Hole Found in Widely Used VPN
Gear
Bug makes VPN products
vulnerable to a denial of
service attack...
pcworld.com -
16.11.2005Configuring Windows Server 2008 as a Remote Access SSL VPN Server (Part 3)
In the first two parts of this series on how to create an SSL VPN server on Windows Server 2008, we went over the basics of VPN networking and then
dived into the configuration of the server. At this point we are ready to finish things up by performing some small configuration changes in the
Active Directory and on the CA Web site. After making these changes, we will focus on the VPN client configuration and finish up by establishing the
SSL VPN connection.
winbeta.org -
14.02.2008Microsoft Buys VPN, SSL
Company
Microsoft on Thursday said it
was acquiring Whale
Communications, a provider of
virtual private network (VPN)
and SSL solutions, as well as
Web application firewalls. The
company's technologies will
be integrated into
Microsoft's Windows Server
and ISA Server products...
betanews.com -
18.05.2006Configuring Windows Server 2008 as a Remote Access SSL VPN Server (Part 2)
If you missed the first part in this article series please read
Configuring
Windows Server 2008 as a Remote Access SSL VPN Server (Part 1) Thomas Shinder: In the first part of this article series
on how to configure Windows Server 2008 as a SSL VPN server, I went over some of the history of Microsoft VPN servers and VPN protocols. We finished
that article up with a description of the example network that well use in this and subsequent articles on configuring the VPN gateway to support SSTP
connections from Vista SP1 clients.
Before we begin, I need to say that I know that there is a step by step guide on how to
configure SSTP connections to Windows Server 2008 on the
www.microsoft.com Web site. The
problem with that article is that I felt it did not reflect a real world environment that uses an enterprise CA for certificate assignment. Because of
that, and some of the issues that were left out of the Microsoft step by step guide, I decided to do this article. I think you will learn a few new
things along the way as you follow along with me.
winbeta.org -
30.01.2008Secure VPN tunneling protocol in development
Microsoft is working on a
remote access tunneling
protocol for Vista and
Longhorn Server that lets
client devices securely access
networks via a VPN from
anywhere on the Internet
without concern for typical
port blocking issues.
The Secure Socket
Tunneling Protocol (SSTP)
creates a VPN tunnel that
travels over Secure-HTTP,
eliminating issues associated
VPN connections based on the
Point-to-Point Tunneling
Protocol (PPTP) or Layer 2
Tunneling Protocol (L2TP) that
can be blocked by some Web
proxies, firewalls and Network
Address Translation (NAT)
routers that sit between
clients and servers.
The protocol,
however, is only for remote
access and will not supoort
site-to-site VPN
tunnels.
Microsoft hopes SSTP will
help reduced help desk support
calls associated with IPSec
VPNs when those connections
get blocked by firewalls or
routers. In addition, SSTP
won?t foster retraining issues
because it does not change the
end-user VPN controls. The
SSTP based VPN tunnel plugs
directly into current
interfaces for Microsoft VPN
client and server
software.
Microsoft plans to ship SSTP
support in Vista Service Pack
1 and in Longhorn Server. The
ship date for Vista SP1 has
not been set, but Longhorn is
expected to ship in the second
half of this year. SSTP will
be included in Longhorn Server
Beta 3, which is set to ship
in the first half of
2007.
Microsoft officials also say
they are working with partners
-- the company declined to
name -- on adding SSTP to
other client devices besides
Vista.
jcxp.net -
20.01.2007Security: What Microsoft Can Teach Apple
Is Apple's approach to Mac OS X 10.5 security about stupidity or arrogance? Maybe Apple needs to learn something from Microsoft.
Last night, I read an
Heise Security report about Leopard's
firewall being turned off by defaultor turning off a previously active firewall during the upgrade from an earlier Mac OS X version. I can confirm
that the upgrade flips off the firewall, and without warning.
There are other troubling changes going on under the hood, too. For
example, Apple's new Back to My Mac feature either turned on without my authorization or turned on during installation. I'm still early stages
testing and hadn't gotten around to this feature. I ran Leopard all day yesterday, periodically using Cisco VPN client to connect to my corporate
network. This morning, when I launched the VPN client, a Leopard popup warned that the new Back to My Mac feature and VPN cannot operate at the same
time; a handy link flipped off the service. But who turned it on in the first place?
winbeta.org -
30.10.2007Microsoft's new VPN tunnel using SSL is coming
I am very happy to announce that SSTP will be first time released to all our TAP and techbeta customers via coming Vista SP1 beta and Windows Server
2008 RC0 release.
To get your hands dirty with SSTP, work with your Microsoft TAP contact if you are part of Windows TAP program.
If not, you can be a part of Windows techbeta program via enrolling to
http://connect.microsoft.com and get the Windows beta bits.
To do a SSTP pilot or lab deployment, all you
need is:
1) A machine running Vista SP1 beta or Windows server 2008 RC0 or later - acting as VPN client
2) A
machine running Windows server 2008 RC0 or later - acting as VPN server
Please enroll and get your set-up ready. Soon, we will
provide all the documents (like step-by-step guide) on our web site. For more questions on SSTP, see
http://blogs.technet.com/rrasblog/archive/tags/SSTP/default.aspx For any queries, feel free to connect with
us via our email address as given above
Samir Jain
Lead Program Manager (samirj@online.microsoft.com)
RRAS,
Windows Enterprise Networking
winbeta.org -
13.09.2007Microsoft Sued Over VPN Technology
Software company VirnetX filed
suit against Microsoft
Thursday, accusing the Redmond
company of infringing on two
of its patents regarding
virtual private networking...
betanews.com -
15.02.2007Configuring Windows Server 2008 as a Remote Access SSL VPN Server (Part 1)
Remote Access is one of todays big things. As an increasing number of people need access to information stored on work and home computers, the
ability to access that information from anywhere is critical. Gone are the days when you could say Ill get that information to you when I get to my
computer. You need that information now if you want to be competitive in todays business environment.
In the stone age of
computing, the way to remotely access information on your computer was to use a dial-up connection. RAS dial-up connections worked over regular POTS
(Plain Old Telephone Service) lines and had speeds that ranged up to around 56kbps. Speed was a major problem with dial-up RAS connections, but an
even bigger problem was the cost of the connections when a long distance number was required for access.
winbeta.org -
08.01.2008Google Testing Out Free Wi-Fi
Service
UPDATED Google is
testing out a free wireless
hotspot service in two
locations, company officials
acknowledged Tuesday. News of
Google Wi-Fi spread following
a new download called Google
Secure Access that lets users
connect to Google's VPN in
order to keep their Internet
connection secure from prying
eyes when using Wi-Fi...
betanews.com -
21.09.2005No Rush to Adopt Vista
Windows Vista has been on the
market for nearly a month now,
but enterprise users and
industry experts agree that
Microsoft's latest and
greatest OS still isn't yet
ready to replace XP.
The problem is not with
the software itself--by most
accounts, Vista is technically
solid--but with myriad
peripheral issues that
Microsoft must work out to
take the pain out of using
Vista.
Take
patching, for example. On
December 12, Microsoft
released an Internet Explorer
7 fix that improved the
performance of IE's phishing
filter. The software had been
bogged down by Web sites with
a large number of frames, and
users had been complaining.
Microsoft patched
the problem for Windows XP and
Server 2003 users, but not for
Vista. That update will come
after the consumer release of
Vista hits the market some
time in January, according to
a spokeswoman for Microsoft's
public relations agency. And
although Microsoft is now
issuing security patches for
Vista, performance-related
updates such as the phishing
filter are being handled on a
case-by-case basis, she said.
jcxp.net -
30.12.2006Symantec Aims for PC-Level Security on Mobile Devices
Symantec Corporation has
released its first suite of
security software (Symantec
Mobile Security Suite 5.0) for
Microsoft's Windows Mobile
devices which add VPN (virtual
private network), data
encryption, antispam and other
features to Symantec current
antivirus offering. Symantec
has also offered a suite of
antivirus and firewall for
Symbian OS and plans to
release an upcoming version
5.0 to match the release for
Windows Mobile. Some of the
technology in the suite,
primarily VPN and encryption,
is licensed from BlueFire
Security Technologies,
according to Symantec
spokesman Brian Modena. The
suite is scheduled to become
available in May through
Symantec and enterprise
resellers and system
integrators. Mobile operators
may also sell the suite as
optional or standard features
on devices, or on a monthly
service basis. A consumer
version of the suite, priced
at US$79.95 per device and
dubbed Norton Mobile Security
5.0 for Windows Mobile, is due
in the same time frame.
The number of threats
for mobile devices are minute
compared to PC viruses, so
companies haven't seen as
much of a need for protection
on them, said Paul Miller,
managing director of mobile
and wireless at Symantec. But
if left unguarded, handsets
could become attackers' next
major path into company
networks, he said. Companies
will be able to encrypt
everything on a handheld
device and its storage cards,
or just selected files, using
256-bit AES encryption. If a
device falls into the wrong
hands, administrators can wipe
off the data remotely or set
it up so the data is
eliminated after a specified
number of password attempts.
The antivirus component keeps
users from accessing infected
files and lets administrators
regularly scan devices. The
antispam feature can filter
out and delete spam text
messages. Also included is a
tool (Internet Protocol
Security VPN) for keeping
devices that are not compliant
with policies off the network,
and a mechanism for keeping
employees from using selected
features of a device. The
suite also includes an audit
log feature that keeps track
of activity on the device so
the company can see everything
that happened after it fell
out of the employee's hands,
Miller said.
neowin.net -
27.03.2007Nokia, Intel beef up new network security appliance
Nokia added a new appliance to its network security range that has more processing muscle -- the first product to come out of its collaboration with
Intel.
The
IP2450 is intended for large enterprises and
service providers doing high-end network monitoring. It features two quad-core Intel processors.
Running Check Point Software
Technologies' SecureXL VPN (virtual private network) and firewall software, the appliance can handle as much as 9Gbps of traffic using Nokia's IPSO
6.O OS. Adding two Nokia Accelerated Data Path (ADP) cards boosts throughput to 20Gbps. ..
winbeta.org -
06.09.2007SSL VPNs might not be as secure as you think
SSL VPNs can be compromised in a way that enables them to take over remote users' machines and potentially cause mischief inside the networks they
attach to, according to research presented at the Black Hat conference.
The problem can exist with Web clients that install
themselves on remote machines at the start of SSL VPN sessions, said Michael Zusman, a senior consultant for the Intrepidus Group.
winbeta.org -
08.08.2008iPhone gets Exchange support, aims for BlackBerry
Apple has licensed ActiveSync from Microsoft and will build push e-mail, calendar, contacts, and global address lists in the next release of iPhone
software.
Apple will also roll in essential enterprise features, such as stronger authentication and more broadly compatible
remote access (VPN). But most important for large enterprises, Apple's next release will support Exchange Server's central management for policies,
fleet configuration and remote data wiping.
Apple wants to tag BlackBerry, which Apple claims is the only enterprise handset
outselling iPhone.
winbeta.org -
06.03.2008Windows Server "7" feature: Direct Connect
Microsoft IT (the internal IT organisation) is currently running a pilot called "Direct Connect". Direct Connect is like Outlook Anywhere where you
connect to the internal Exchange Server from outside the corporate network without a VPN connection but through RPC_over_HTTPs) Direct connect uses
IPv6 and IPSec to build a tunnel from outside the coprporate network to any resource that needs to access internal network (fileshares, LOB
applications) This pilot will end up as feature in the server edition of Windows 7. It will require a trusted identity like smartcards.
winbeta.org -
06.11.2007LANDesk Simplifies Remote Laptop Administration
LANDesk Software is turning to hardware to help its customers more easily manage mobile
laptops and remote PCs over the Internet.
The new LANDesk Management Gateway Appliance, which will be announced Oct. 24 and
delivered with a new release of the LDMS (LANDesk Management Suite), allows administrators to more easily manage laptops and PCs outside the corporate
firewall, without having to implement a VPN.
"This securely brokers the connection between a managed client and LDMS," said
Nathan McLain, product manager for LANDesk, in South Jordan, Utah. Using Secure Socket Layer encryption, "Our pipe is encrypted across the whole
route."
winbeta.org -
20.10.2007Tech Insight: Microsoft's IPSec
Microsofts support of the IP Security (IPSec) standard was enhanced with the release of Windows Vista this year, and interest in the technology will
likely grow with the introduction of Windows 2008. For smaller organizations, IPSec could prove to be a cheap alternative to other network access
control (NAC) technologies, or a stepping stone to a full implementation of Microsoft's Network Access Protection (NAP) in large enterprises. Either
way, its time for organizations to take a closer look at IPSecs capabilities.
Since Windows 2000, IPSec has been included in
every Microsoft Windows desktop and server operating system. As a staple of the operating system, its surprising that more companies don't take
advantage of the technology, but many IT professionals still labor under the notion that IPSec is a VPN technology only used for remote connectivity.
winbeta.org -
22.12.2007Internet security appliance runs Windows XP Embedded
Taiwanese system integrator AR Infotek has announced a Internet security appliance platform that supports low- and high-power Intel processors and
Windows XP Embedded. The 1U rack-mountable Teak 5010 can be configured with four gigabit Ethernet and four 10/100 Ethernet interfaces.
The Teak 5010 targets network appliance applications requiring significant processing power, including SSL VPN, firewall, load balancing, and
intrusion detection systems, according to the company. It can be specified with an Intel Pentium M or Celeron M CPU clocked up to 2GHz. The processor
connects to Intel's 915GM northbridge and up to 1.5GB of DDR2 RAM via a front-side bus clocked at either 400MHz or 533MHz, while the southbridge is
Intel's ICH6-M part.
winbeta.org -
19.12.2007PGP creator shows off VoIP encryption app
PGP creator Phil Zimmermann is
now focusing his crypto skills
on making VoIP calls more
secure. At the Black Hat
security convention in Las
Vegas, he showed off his
latest version of the Zfone
client that encrypts VoIP
calls. Zfone can be easily
used with most VoIP clients
and, according to Zimmermann,
will appear in future
hardware-based VoIP phones.
Zfone itself
is actually a daemon that runs
under your VoIP client in the
IP protocol stack. It
implements the ZRTP protocol
which is an extension of the
regular VoIP RTP protocol.
Zimmermann, along with Alan
Johnston and PGP CTO Jon
Callas, submitted the protocol
to the IETF as a draft
standard last year.
Zimmermann told
us, You can still use your
favorite client on top and
Zfone secures the call.
Basically
you can think of Zfone as a
VPN client for your VoIP
because it provides an
encrypted tunnel for calls.
The protocol adds four bytes
of authentication on every
voice packet and encrypts the
RTP data payload with AES
128-bit or higher encryption.
Zimmermann said the protocol
is lightweight and modern
computers shouldnt experience
any noticeable CPU slowdown...
winbeta.org -
03.08.2007
