Link to home
Create AccountLog in
Avatar of sunhux
sunhux

asked on

Always-On-VPN or MS Direct Access (or similar products) to protect against Rogue Wifi

To protect our corporate users from being compromised when they
connect to outside Wifi (which may be potentially rogue Wifi), is it
feasible if we implement MS Direct Access or Always-On-VPN?

https://technet.microsoft.com/en-us/library/dd759144(v=ws.11).aspx
https://directaccess.richardhicks.com/tag/directaccess-alternatives/

The products above would establish a tunnel so the rogue Wifi can't
steal credentials nor data & with VPN established, I suppose malwares
can't infect the laptops as the rogue Wifi has no connection to the laptop
(tunnel-protected) or did I get this idea wrong ie can still get infected
even with such tunnel??

We still want the users to be able to access Internet but protect them
in the event they're using a rogue Wifi
Avatar of sunhux
sunhux

ASKER

Btw, is Always-On-VPN FOC or how is it charged?
ASKER CERTIFIED SOLUTION
Avatar of Prabhin MP
Prabhin MP
Flag of India image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of sunhux

ASKER

is Always-On-VPN & Direct Access  free of charge or how is it charged?
Avatar of sunhux

ASKER

Also, just when Wifi connection is established & just before the VPN/tunnel is established
(possibly a split second), is there a chance/risk of infection?
Hi,

More than explaining here, please find the doc regarding the feature.
ALways ON VPN have got with the new feature which direct access doesn't have.
https://directaccess.richardhicks.com/2018/02/05/what-is-the-difference-between-directaccess-and-always-on-vpn/

https://docs.microsoft.com/en-us/windows-serve r/remote/remote-access/vpn/always-on-vpn/always-on-vpn-enhancements
Here is the plan how to deploy the server.
https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/always-on-vpn-deploy-deployment
Avatar of sunhux

ASKER

Thanks, I've read the 2 links earlier before posting but still have doubts, thus the question below:
"Also, just when Wifi connection is established & just before the VPN/tunnel is established
(possibly a split second), is there a chance/risk of infection?"

Any idea on the costing?
always VPN on connection will get initiated before you sign in, it only connects the VPN server once you have the internet connection.
if wifi connection connected after your sign in, the moment internet connection is active, VPN client automatically connect the VPN server and reroute the default gateway to VPN server.
Avatar of sunhux

ASKER

The MS links out there say  Direct Access (& possibly Always-On) will establish VPN/tunnel
prior to signing into Windows.

>if wifi connection connected after your sign in
As such, does it mean that Wifi is connected even before signing into Windows?
Avatar of sunhux

ASKER

For Wifi that requires users to manually connect certainly only get connected
after user signs in but what about those Wifi that were previously set to
'auto-connect'?  Does such Wifi auto-connect before user sign in to Windows?
if your wifi is already known in your machine. it will be connected