asked on
Always-On-VPN or MS Direct Access (or similar products) to protect against Rogue Wifi
To protect our corporate users from being compromised when they
connect to outside Wifi (which may be potentially rogue Wifi), is it
feasible if we implement MS Direct Access or Always-On-VPN?
https://technet.microsoft.com/en-us/library/dd759144(v=ws.11).aspx
https://directaccess.richardhicks.com/tag/directaccess-alternatives/
The products above would establish a tunnel so the rogue Wifi can't
steal credentials nor data & with VPN established, I suppose malwares
can't infect the laptops as the rogue Wifi has no connection to the laptop
(tunnel-protected) or did I get this idea wrong ie can still get infected
even with such tunnel??
We still want the users to be able to access Internet but protect them
in the event they're using a rogue Wifi
connect to outside Wifi (which may be potentially rogue Wifi), is it
feasible if we implement MS Direct Access or Always-On-VPN?
https://technet.microsoft.com/en-us/library/dd759144(v=ws.11).aspx
https://directaccess.richardhicks.com/tag/directaccess-alternatives/
The products above would establish a tunnel so the rogue Wifi can't
steal credentials nor data & with VPN established, I suppose malwares
can't infect the laptops as the rogue Wifi has no connection to the laptop
(tunnel-protected) or did I get this idea wrong ie can still get infected
even with such tunnel??
We still want the users to be able to access Internet but protect them
in the event they're using a rogue Wifi
Anti-Virus AppsWireless NetworkingNetwork SecurityVPNSecurity
Last Comment
Prabhin MP
ASKER
Btw, is Always-On-VPN FOC or how is it charged?
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
is Always-On-VPN & Direct Access free of charge or how is it charged?
ASKER
Also, just when Wifi connection is established & just before the VPN/tunnel is established
(possibly a split second), is there a chance/risk of infection?
(possibly a split second), is there a chance/risk of infection?
Hi,
More than explaining here, please find the doc regarding the feature.
ALways ON VPN have got with the new feature which direct access doesn't have.
https://directaccess.richardhicks.com/2018/02/05/what-is-the-difference-between-directaccess-and-always-on-vpn/
https://docs.microsoft.com/en-us/windows-serve r/remote/remote-access/vpn
Here is the plan how to deploy the server.
https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/always-on-vpn-deploy-deployment
More than explaining here, please find the doc regarding the feature.
ALways ON VPN have got with the new feature which direct access doesn't have.
https://directaccess.richardhicks.com/2018/02/05/what-is-the-difference-between-directaccess-and-always-on-vpn/
https://docs.microsoft.com/en-us/windows-serve r/remote/remote-access/vpn
Here is the plan how to deploy the server.
https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/always-on-vpn-deploy-deployment
ASKER
Thanks, I've read the 2 links earlier before posting but still have doubts, thus the question below:
"Also, just when Wifi connection is established & just before the VPN/tunnel is established
(possibly a split second), is there a chance/risk of infection?"
Any idea on the costing?
"Also, just when Wifi connection is established & just before the VPN/tunnel is established
(possibly a split second), is there a chance/risk of infection?"
Any idea on the costing?
always VPN on connection will get initiated before you sign in, it only connects the VPN server once you have the internet connection.
if wifi connection connected after your sign in, the moment internet connection is active, VPN client automatically connect the VPN server and reroute the default gateway to VPN server.
if wifi connection connected after your sign in, the moment internet connection is active, VPN client automatically connect the VPN server and reroute the default gateway to VPN server.
ASKER
The MS links out there say Direct Access (& possibly Always-On) will establish VPN/tunnel
prior to signing into Windows.
>if wifi connection connected after your sign in
As such, does it mean that Wifi is connected even before signing into Windows?
prior to signing into Windows.
>if wifi connection connected after your sign in
As such, does it mean that Wifi is connected even before signing into Windows?
ASKER
For Wifi that requires users to manually connect certainly only get connected
after user signs in but what about those Wifi that were previously set to
'auto-connect'? Does such Wifi auto-connect before user sign in to Windows?
after user signs in but what about those Wifi that were previously set to
'auto-connect'? Does such Wifi auto-connect before user sign in to Windows?
if your wifi is already known in your machine. it will be connected