Home > IT Blogs > The Windows Server Notebook > Will R2′s DirectAccess leave you vulnerable?
>>VIEW ALL POSTS  

The Windows Server Notebook

«
»
Jul 9 2009   1:40PM GMT

Will R2′s DirectAccess leave you vulnerable?



Posted by: Bcournoyer
Security, Windows Server 2008 R2

We’re continuing to drill into the big new Windows Server 2008 R2 features on the site, the latest of which is Microsoft’s new DirectAccess technology. For those who don’t know, the feature is new to R2 and Windows 7, and is designed (as Microsoft puts it) to give “users the experience of being seamlessly connected to their corporate network any time they have Internet access.”

It works, too (by all accounts).

Now from a user standpoint, this is beyond fantastic. From an IT professional’s perspective though, it’s bound to immediately trigger questions about security.


Greg Shields recently wrote an extremely in-depth article covering exactly what DirectAccess has to offer, describing it as the answer to the following question: “What if I want to access my company applications on my laptop in the airport, but in the exact same way I would if I were sitting at my desk?”

This effectively puts an end to the usual steps involved for remote users to access their company’s internal network (which often times can cause other applications to slow down or fail).

Naturally, there are a host of security steps to take before implementing DirectAccess in your environment (which Microsoft is well aware of), and Greg outlines most of these requirements. The question is, will these potential security risks scare people off?

According to one consultant I spoke with, probably not. “The technology at this point is really irrelevant [from a security perspective],” he said. “It’s really all a matter of policy. The technology itself doesn’t present a problem aside from users turning it on, sending in help desk requests, and so on. Over all though, you still just have to look at what your policies are and try to accomplish them.”

In other words, security implications are always going to be there regardless of what you’re running, so implementing DirectAccess shouldn’t involve anything too out of the ordinary. As Greg wrote in his piece, however, most organizations will likely want to outsource the setup to make sure everything is done right from the start.

If this sounds like something you want to take advantage of, just remember that DirectAccess requires Windows 2008 R2 and Windows 7 Professional (or Ultimate edition, surprisingly) to function.

  Bookmark and Share     Comment     RSS Feed     Email a friend

Comment on this Post

Leave a comment:

Cmoorhead2  |   Jul 9, 2009  3:24 PM (GMT)

Of course security is always a concern, it never goes away. And I am looking forward to evaluating Direct Access. In discussions with Microsoft, I learned that Direct Access knows about the resources back at the office because the names and IP addresses of those resources are pushed down to the connecting client and are stored in memory on the client computer for the length of the connection session. This information is unencrypted! imagine some malware created to examine that information and learn about your internal network! When asked, Microsoft’s response was a long pause followed by a reminder that it was still in beta.