WindowSecurity.com Newsletter – February 2014

The WindowSecurity.com monthly newsletter is out! In this month’s edition I talk in detail about IPv6 security. IPv6 is coming fast, and in fact, for most networks it is already deployed and running! I’m sure this will be a surprise to many, but IPv6 has been enabled by default and preferred since Windows Vista. You’ve got IPv6 running on your network, but most likely you aren’t managing it, and this is a big security risk. Read this month’s newsletter to learn more!

WindowSecurity.com

Configure Client-based Remote Access VPN to Windows Azure Virtual Networks

I really enjoy working with Windows Azure. Being able to spin up virtual machines in the cloud is great, especially when you have access to nearly limitless capacity! In addition, having access to pre-defined workloads like SQL is a tremendous blessing. No more spending an hour building a SQL server for a quick lab. I can have one up and running in 5 minutes now! Of course accessing virtual machines running in Windows Azure is extremely important. In the past I’ve written about using site-to-site VPN to enable cross-premises network connectivity to Windows Azure, and in my article this month on CloudComputingAdmin.com I describe in detail how to enable and configure client-based remote access VPN to virtual networks in Windows Azure. Check it out!

Configure Client-based Remote Access VPN to Windows Azure Virtual Networks

Troubleshooting Name Resolution Issues on DirectAccess Clients

Often network connectivity issues can be traced directly to issues involving name resolution. The most common tool used to troubleshoot name resolution issues is NSlookup. If you’re a systems administrator there’s no doubt you’ve used this tool. However, NSlookup does not always work as expected on DirectAccess clients when they are away from the corporate network. Read my latest blog post at directaccess.richardhicks.com to find out how to use NSlookup and Resolve-DnsName on DirectAccess clients in the field.

Hacked via RDP

Hacked via Remote Desktop Protocol (RDP)? It can happen! Brian Krebs’ post shows that there is an underground market for valid remote desktop connections that can be purchased for use by cybercriminals for a wide variety of nefarious purposes. Out of necessity I once published RDP to a Windows server using Forefront TMG 2010 for a short time. I was amazed at how many connection attempts were made! Obviously there are bots that scan the Internet incessantly looking for open RDP ports and when they are found, they try common username and password combinations in an attempt to successfully authenticate. No doubt my IP addresses was recorded in a database in spite of the fact that a login was not successful. It is possible that a vulnerability in RDP with remote execution might be found in the future, at which point I’m certain they would return in attempt to leverage the vulnerability to gain access to my system. In this case the connection was only required temporarily, and I don’t make it a practice to expose RDP directly to the public Internet.

Protecting yourself from these types of attack is simple using established security best practices. DO NOT expose RDP directly to an untrusted network. Access to remote desktop solutions (Microsoft RDP, VNC, etc.) should be performed only via a secure channel such as VPN or Remote Desktop Gateway. Authentication best practices should be followed closely, including the enforcement of long, complex passwords and ideally multi-factor authentication like Windows Azure Multi-Factor Authentication (MFA). Windows Azure MFA is cloud-based, but can also work with on-premises security solutions. Read my article on ISAserver.org to see how I configured Forefront TMG 2010 to work with Windows Azure MFA.

Follow these rules and don’t be a victim!

rdp

Working with Windows Azure Virtual Networks

Great news! I recently accepted a new writing assignment for TechGenix latest web property, CloudComputingAdmin.com. Here I’ll be writing about cloud technologies, including public, private, and hybrid cloud solutions. You can expect that my focus will be primarily with Microsoft cloud solutions, including Windows Azure, Windows Server 2012/R2, Hyper-V, and System Center. In addition, because of my expertise and extensive experience in the fields of networking and security, you can expect many articles closely related to those topics as well.

My first article is Working with Windows Azure Virtual Networks. Read it today!

windows_azure