{"id":199,"date":"2005-12-09T14:34:00","date_gmt":"2005-12-09T14:34:00","guid":{"rendered":"http:\/\/markwilson.me.uk\/blog\/2005\/12\/wireless-security-and-secure-remote.htm"},"modified":"2007-05-28T16:16:47","modified_gmt":"2007-05-28T15:16:47","slug":"wireless-security-and-secure-remote","status":"publish","type":"post","link":"https:\/\/www.markwilson.co.uk\/blog\/2005\/12\/wireless-security-and-secure-remote.htm","title":{"rendered":"Wireless security and secure remote access"},"content":{"rendered":"<p><!--113413951080060009-->Last night, I attended <a href=\"http:\/\/blogs.technet.com\/steve_lamb\/\">Steve Lamb<\/a>&#8216;s <a href=\"http:\/\/www.microsoft.com\/uk\/technet\/training\/events.mspx\">Microsoft TechNet UK briefing<\/a> on wireless security and secure remote access. I won&#8217;t repeat the entire content here, because Steve has an article in the November\/December issue of Microsoft TechNet magazine, entitled <a href=\"http:\/\/www.microsoft.com\/technet\/technetmag\/issues\/2005\/11\/improvesecurity\/\">improve your web security with encryption and firewall technologies<\/a>, which, when combined with <a href=\"http:\/\/www.microsoft.com\/technet\/technetmag\/issues\/2005\/11\/securitywatch\">Kathryn Tewson and Steve Riley&#8217;s security watch: a guide to wireless security<\/a> article, just about covers the content of the event. Having said that, there were a few more snippets that came out during the presentation, which I&#8217;ve plagiarised (and extended) in the rest of this post&#8230;<\/p>\n<h3>Wireless Security<\/h3>\n<p>Anyone who needs to secure a Wireless network at home should check out Steve Lamb&#8217;s blogcast on <a href=\"http:\/\/www.projecthurricane.com\/itpro\/wpa%20for%20ap%20and%20pc.wmv\">securing a wireless router and Windows XP<\/a> and, although I&#8217;ve already linked it above, I&#8217;ll repeat that <a href=\"http:\/\/www.microsoft.com\/technet\/technetmag\/issues\/2005\/11\/securitywatch\">Kathryn Tewson and Steve Riley&#8217;s security watch: a guide to wireless security<\/a> article is also worth a read. <a href=\"http:\/\/www.microsoft.com\/wifi\/\">Further information is also available on the Microsoft website<\/a>.<\/p>\n<p>Some additional notes that I took during Steve&#8217;s presentation were that:<\/p>\n<ul>\n<li>Wireless network keys can be stored on a USB token.<\/li>\n<li>Wired equivalent privacy (WEP) is often considered insecure but consider the name &#8211; the equivalency part indicates that it offers the same level of security as a wired network. Yes, it can be broken into, but so can a wired network with public access to the building). Wi-Fi Protected Access (WPA) (or preferably WPA2) is better and dynamic WEP is a half-way house, but whatever security is employed, the wireless network still needs to be easy to use.<\/li>\n<li><a href=\"http:\/\/www.remote-exploit.org\/index.php\/Tutorials\">There are sites on the &#8216;net that will show you how to break a wireless (or other) connection<\/a> (if you think it&#8217;s irresponsible of me to link that site, you could also find it using a search engine, so I figure that it&#8217;s better that the methods are well known, than only being known by the bad guys).<\/li>\n<li>Contrary to popular belief, there is no point in securing the SSID for a network as it is transmitted unencrypted (even on a network secured with WPA or WPA2). Ditto for media access control (MAC) addresses, which are easily spoofed.<\/li>\n<li>Even WPA doesn&#8217;t do anything to prevent a denial of service (DoS) attack and WPA2 (802.11i) doesn&#8217;t stop all DoS attacks.<\/li>\n<li>802.1x is port-based authentication and applies equally to both wired and wireless networks. It does have weaknesses, including that it will only authenticate the initial connection. In a wireless configuration, man-in-the-middle (MitM) attacks can be guarded against by requiring the WAP to identify itself using certificates (using a group policy object).<\/li>\n<li>WEP requires Windows XP. WPA requires Windows XP SP1, WPA2 requires Windows XP SP2 and a hotfix (see <a href=\"http:\/\/support.microsoft.com\/?kbid=893357\">Microsoft knowledge base article 893357<\/a>).<\/li>\n<li>The Windows 2000 Internet authentication service (IAS) can be used as the RADIUS server component in a secure wireless deployment; however Windows Server 2003 supports auto-enrolment (which when used for computer and user certificates will make life much easier).<\/li>\n<li>Windows XP will (by default) allow access to its nearest access point, even if it is not secure.<\/li>\n<\/ul>\n<p>Very importantly &#8211; if (like I did), you think that your wireless network (e.g. at home) doesn&#8217;t need to be secured because there&#8217;s no data of value to be had and anyway, you have bandwidth to spare which you don&#8217;t mind your neighbours using, consider the implications of someone using your wireless network to access the Internet and perform illegal activities, which your ISP can trace back to you via your IP address. Having thought about that, I&#8217;ll be buying a new wireless access point very soon.<\/p>\n<h3>Secure Remote Access<\/h3>\n<p>Microsoft are positioning virtual private networking (VPN) technology as no longer the best solution for providing corporate remote access and I tend to agree. The idea of giving an untrusted computer an IP address from the internal network fills me with fear (unless some quarantining is in place). VPNs &#8220;blur&#8221; the network edge and anyway, do remote users need full network access? I&#8217;ve often accidentally printed a document in the office whilst working at home and then had to ask a colleague to retrieve and dispose of it for me (wasting paper, printer resources and somebody else&#8217;s time). Some solutions will use VLAN technology to limit the network access for VPN users &#8211; there are other methods too, especially when considering that 90% of VPN users only really want to read their e-mail. For example, Outlook Web Access, whilst having improved it&#8217;s interface capabilities dramatically with each new release, is still not really a great solution for access from outside the corporate firewall (it&#8217;s good for allowing users to access mail without setting up a MAPI profile, but is heavily reliant on ActiveX controls, which may not be allowed in an Internet cafe, and is also a risk if the remote client has a keylogger installed) &#8211; full client Outlook using HTTPS over RPC on a notebook\/tablet PC is a far better option &#8211; totally transparent from an end user perspective (although still a problem if access is required if an e-mail links back to internal resources to retrieve a document).<\/p>\n<p>Steve Lamb&#8217;s TechNet magazine article (and my previous post on <a href=\"https:\/\/www.markwilson.co.uk\/blog\/2005\/03\/securing-network-using-microsoft-isa.htm\">securing the network using Microsoft ISA Server 2004<\/a>) elaborate on the need for application layer firewalling rather than blindly allowing HTTP and HTTPS traffic through the firewalls. Other measures employed include pre-authentication and URL scanning.<\/p>\n<p>SSL VPNs are another method of providing remote access (even though they are not really VPNs, but are actually just remote desktops in a browser). <a href=\"http:\/\/www.microsoft.com\/windowsserver2003\/technologies\/terminalservices\/\">Windows Terminal Services<\/a> can provide basic SSL VPN functionality, which can also be extended with products from <a href=\"http:\/\/www.citrix.com\/\">Citrix<\/a>.<\/p>\n<p>Operating over the <a href=\"http:\/\/en.wikipedia.org\/wiki\/Remote_Desktop_Protocol\">remote desktop protocol<\/a> (RDP), which is based on the <a href=\"http:\/\/www.itu.int\/\">International Telecommunications Union<\/a> (ITU) T.120 protocol family and is therefore independent of network and transport protocols, these solutions use compression and caching to reduce bandwidth requirements and support network load balancing. Windows Server 2003 brings a number of terminal services enhancements (over Windows 2000) including:<\/p>\n<ul>\n<li>Connection to the console session (in remote administration mode).<\/li>\n<li>Control of RDP options via group policy.<\/li>\n<li>WMI provider for scripted terminal services configuration.<\/li>\n<li>ADSI provider for access to per-user terminal services profiles.<\/li>\n<li>Improvements to the terminal server manager MMC snap-in (reduced automatic server enumeration).<\/li>\n<li>Ability to limit users to a single session.<\/li>\n<li>Improved security:\n<ul>\n<li>Remote Desktop Users security group (which can be used in place of the Everyone group to fine tune access control.<\/li>\n<\/ul>\n<ul>\n<li>128-bit RC4 encryption.<\/li>\n<\/ul>\n<ul>\n<li><a href=\"https:\/\/www.markwilson.co.uk\/blog\/2005\/02\/new-features-of-windows-server-2003.htm\">Software restriction policies<\/a> to limit the applications which users can run.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Securing terminal services comes back to the well-known principle of defence in depth:<\/p>\n<ul>\n<li>A physically secure terminal services server.<\/li>\n<li>A secure operating system configuration.<\/li>\n<li>A secure terminal services configuration.<\/li>\n<li>Network path security.<\/li>\n<li>Using the registry to fine-tune control over terminal server sessions (probably overkill, but using group policy to control access is a similar principle).<\/li>\n<\/ul>\n<p>Using the <a href=\"http:\/\/www.microsoft.com\/downloads\/details.aspx?FamilyID=e2ff8fb5-97ff-47bc-bacc-92283b52b310&amp;displaylang=en\">remote desktop web connection<\/a> ActiveX control, terminal services can be provided across the web (and optionally secured using HTTPS). The initial client contact is to http(s):\/\/<em>servername<\/em>\/tsweb\/ and the ActiveX control is downloaded over HTTP (TCP port 80) or HTTPS (TCP port 443). Once the browser has the ActiveX control installed, the user can connect to the terminal server over TCP port 3389.<\/p>\n<p>If full VPN access is still required (and hopefully the methods above will avoid the requirement for this), then VPN server placement must be carefully considered. Running an encrypted PPTP or L2TP+IPSec VPN connection through a standard packet filtering firewall effectively bypasses the firewall as the VPN port will be open on internal and external firewalls and the traffic inside the connection will not be inspected.<\/p>\n<p><a href=\"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/anyone-worried-about-running-microsoft.htm\">Most network administrators will be alarmed if you propose the installation of ISA Server as the corporate firewall<\/a> even though <a href=\"http:\/\/www.microsoft.com\/isaserver\/techinfo\/deployment\/commoncrit.mspx\">ISA Server 2004 has now achieved common criteria evaluation assurance level 4+<\/a>. ISA Server 2004 is a perfectly good firewall (assuming that the underlying Windows platform is also well-managed), but it will probably be easier to justify to network administrators by using ISA as an additional server in the DMZ, or as the inner firewall (between the DMZ and the internal network). This way, the encrypted connection can be terminated at the ISA server and the firewall can inspect the inbound traffic.<\/p>\n<p>Finally, if a VPN connection must be used to extend the corporate network to remote clients, then network quarantine controls should also be put in place. Full <a href=\"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/no-nap-until-longhorn.htm\">network access protection (NAP) is expected with the next version of Windows Server (codenamed Longhorn)<\/a> but even now, Windows Server 2003 SP1 routing and remote access service (RRAS) allows for the provision of <a href=\"http:\/\/www.microsoft.com\/windowsserver2003\/techinfo\/overview\/quarantine.mspx\">network access quarantine control<\/a> for remote clients<a href=\"http:\/\/www.microsoft.com\/windowsserver2003\/techinfo\/overview\/quarantine.mspx\"><\/a>. The current Microsoft implementation involves using the connection manager administration kit (CMAK) to construct a custom RRAS client which includes a number of post-connection actions. Until these are passed, then vendor-specific options remain in place which prevent the remote VPN client from accessing the network. Unfortunately it is also possible for a technically able user to spoof the message which allows the vendor-specific attributes to be removed, but in reality this is a small risk. Microsoft&#8217;s NAP and Cisco&#8217;s network access control (NAC) will make this far more effective, extending the scope of control to include wired and wireless clients (as well as VPN clients).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Last night, I attended Steve Lamb&#8216;s Microsoft TechNet UK briefing on wireless security and secure remote access. I won&#8217;t repeat the entire content here, because Steve has an article in the November\/December issue of Microsoft TechNet magazine, entitled improve your web security with encryption and firewall technologies, which, when combined with Kathryn Tewson and Steve &hellip; <a href=\"https:\/\/www.markwilson.co.uk\/blog\/2005\/12\/wireless-security-and-secure-remote.htm\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Wireless security and secure remote access<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[],"tags":[71,100,101,99,53,43,23],"class_list":["post-199","post","type-post","status-publish","format-standard","hentry","tag-isa","tag-windows-2000","tag-windows-server-2003","tag-windows-xp","tag-remote-access","tag-security","tag-wireless"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Wireless security and secure remote access - markwilson.it<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.markwilson.co.uk\/blog\/2005\/12\/wireless-security-and-secure-remote.htm\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Wireless security and secure remote access - markwilson.it\" \/>\n<meta property=\"og:description\" content=\"Last night, I attended Steve Lamb&#8216;s Microsoft TechNet UK briefing on wireless security and secure remote access. I won&#8217;t repeat the entire content here, because Steve has an article in the November\/December issue of Microsoft TechNet magazine, entitled improve your web security with encryption and firewall technologies, which, when combined with Kathryn Tewson and Steve &hellip; Continue reading Wireless security and secure remote access\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.markwilson.co.uk\/blog\/2005\/12\/wireless-security-and-secure-remote.htm\" \/>\n<meta property=\"og:site_name\" content=\"markwilson.it\" \/>\n<meta property=\"article:published_time\" content=\"2005-12-09T14:34:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2007-05-28T15:16:47+00:00\" \/>\n<meta name=\"author\" content=\"Mark Wilson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@markwilsonit\" \/>\n<meta name=\"twitter:site\" content=\"@markwilsonit\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mark Wilson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/12\\\/wireless-security-and-secure-remote.htm#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/12\\\/wireless-security-and-secure-remote.htm\"},\"author\":{\"name\":\"Mark Wilson\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"headline\":\"Wireless security and secure remote access\",\"datePublished\":\"2005-12-09T14:34:00+00:00\",\"dateModified\":\"2007-05-28T15:16:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/12\\\/wireless-security-and-secure-remote.htm\"},\"wordCount\":1567,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"keywords\":[\"Microsoft ISA Server\",\"Microsoft Windows 2000\",\"Microsoft Windows Server 2003\",\"Microsoft Windows XP\",\"Remote access\",\"Security\",\"Wi-Fi\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/12\\\/wireless-security-and-secure-remote.htm#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/12\\\/wireless-security-and-secure-remote.htm\",\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/12\\\/wireless-security-and-secure-remote.htm\",\"name\":\"Wireless security and secure remote access - markwilson.it\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#website\"},\"datePublished\":\"2005-12-09T14:34:00+00:00\",\"dateModified\":\"2007-05-28T15:16:47+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/12\\\/wireless-security-and-secure-remote.htm#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/12\\\/wireless-security-and-secure-remote.htm\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/12\\\/wireless-security-and-secure-remote.htm#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Wireless security and secure remote access\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/\",\"name\":\"markwilson.it\",\"description\":\"get-info -class technology | write-output &gt; \\\/dev\\\/web\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\",\"name\":\"Mark Wilson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"width\":800,\"height\":800,\"caption\":\"Mark Wilson\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\"},\"description\":\"A Chartered IT Professional, with recent experience in technology leadership, IT strategy and practice management roles, Mark Wilson is an Enterprise Architect in the Advisory and Management Group at risual. During a career spanning more than two decades, Mark has gained widespread recognition as an expert in his field including both industry and national press exposure. In addition to certifications from Microsoft, VMware, Red Hat, The Open Group and Axelos, Mark held a Microsoft Most Valuable Professional (MVP) award for three years and is now part of the MVP Reconnect programme. Mark is also well-known on social media and maintains an award-winning blog.\",\"sameAs\":[\"http:\\\/\\\/www.markwilson.co.uk\\\/\",\"https:\\\/\\\/www.instagram.com\\\/markwilsonuk\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/markawilson\\\/\",\"https:\\\/\\\/x.com\\\/markwilsonit\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCWHlZCoHRTocdvtrOJ2IL4A\"],\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/author\\\/mark-wilson\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Wireless security and secure remote access - markwilson.it","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.markwilson.co.uk\/blog\/2005\/12\/wireless-security-and-secure-remote.htm","og_locale":"en_GB","og_type":"article","og_title":"Wireless security and secure remote access - markwilson.it","og_description":"Last night, I attended Steve Lamb&#8216;s Microsoft TechNet UK briefing on wireless security and secure remote access. I won&#8217;t repeat the entire content here, because Steve has an article in the November\/December issue of Microsoft TechNet magazine, entitled improve your web security with encryption and firewall technologies, which, when combined with Kathryn Tewson and Steve &hellip; Continue reading Wireless security and secure remote access","og_url":"https:\/\/www.markwilson.co.uk\/blog\/2005\/12\/wireless-security-and-secure-remote.htm","og_site_name":"markwilson.it","article_published_time":"2005-12-09T14:34:00+00:00","article_modified_time":"2007-05-28T15:16:47+00:00","author":"Mark Wilson","twitter_card":"summary_large_image","twitter_creator":"@markwilsonit","twitter_site":"@markwilsonit","twitter_misc":{"Written by":"Mark Wilson","Estimated reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/12\/wireless-security-and-secure-remote.htm#article","isPartOf":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/12\/wireless-security-and-secure-remote.htm"},"author":{"name":"Mark Wilson","@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"headline":"Wireless security and secure remote access","datePublished":"2005-12-09T14:34:00+00:00","dateModified":"2007-05-28T15:16:47+00:00","mainEntityOfPage":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/12\/wireless-security-and-secure-remote.htm"},"wordCount":1567,"commentCount":0,"publisher":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"keywords":["Microsoft ISA Server","Microsoft Windows 2000","Microsoft Windows Server 2003","Microsoft Windows XP","Remote access","Security","Wi-Fi"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.markwilson.co.uk\/blog\/2005\/12\/wireless-security-and-secure-remote.htm#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/12\/wireless-security-and-secure-remote.htm","url":"https:\/\/www.markwilson.co.uk\/blog\/2005\/12\/wireless-security-and-secure-remote.htm","name":"Wireless security and secure remote access - markwilson.it","isPartOf":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#website"},"datePublished":"2005-12-09T14:34:00+00:00","dateModified":"2007-05-28T15:16:47+00:00","breadcrumb":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/12\/wireless-security-and-secure-remote.htm#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.markwilson.co.uk\/blog\/2005\/12\/wireless-security-and-secure-remote.htm"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/12\/wireless-security-and-secure-remote.htm#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.markwilson.co.uk\/blog"},{"@type":"ListItem","position":2,"name":"Wireless security and secure remote access"}]},{"@type":"WebSite","@id":"https:\/\/www.markwilson.co.uk\/blog\/#website","url":"https:\/\/www.markwilson.co.uk\/blog\/","name":"markwilson.it","description":"get-info -class technology | write-output &gt; \/dev\/web","publisher":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.markwilson.co.uk\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":["Person","Organization"],"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468","name":"Mark Wilson","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","url":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","width":800,"height":800,"caption":"Mark Wilson"},"logo":{"@id":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1"},"description":"A Chartered IT Professional, with recent experience in technology leadership, IT strategy and practice management roles, Mark Wilson is an Enterprise Architect in the Advisory and Management Group at risual. During a career spanning more than two decades, Mark has gained widespread recognition as an expert in his field including both industry and national press exposure. In addition to certifications from Microsoft, VMware, Red Hat, The Open Group and Axelos, Mark held a Microsoft Most Valuable Professional (MVP) award for three years and is now part of the MVP Reconnect programme. Mark is also well-known on social media and maintains an award-winning blog.","sameAs":["http:\/\/www.markwilson.co.uk\/","https:\/\/www.instagram.com\/markwilsonuk\/","https:\/\/www.linkedin.com\/in\/markawilson\/","https:\/\/x.com\/markwilsonit","https:\/\/www.youtube.com\/channel\/UCWHlZCoHRTocdvtrOJ2IL4A"],"url":"https:\/\/www.markwilson.co.uk\/blog\/author\/mark-wilson"}]}},"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":448,"url":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/no-nap-until-longhorn.htm","url_meta":{"origin":199,"position":0},"title":"No NAP until Longhorn","author":"Mark Wilson","date":"Monday 30 May 2005","format":false,"excerpt":"Last year I commented that network access protection (NAP) had slipped from a planned feature pack for ISA Server 2004 to Windows Server 2003 Release 2 (R2). Well, it seems that has changed. Confirming what I wrote last March, when I blogged about the need for network segmentation and remediation,\u2026","rel":"","context":"In \"Microsoft Windows Server 2008\"","block_context":{"text":"Microsoft Windows Server 2008","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/windows-server-2008"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":203,"url":"https:\/\/www.markwilson.co.uk\/blog\/2005\/12\/securing-my-wireless-network.htm","url_meta":{"origin":199,"position":1},"title":"Securing my wireless network","author":"Mark Wilson","date":"Thursday 22 December 2005","format":false,"excerpt":"Last week I wrote about upgrading my wireless network. It's been running well since then, so this afternoon I decided to go ahead with stage 3 - configuring wifi protected access (WPA). As I haven't set up a RADIUS server here, and to be honest, it would be overkill for\u2026","rel":"","context":"In \"Security\"","block_context":{"text":"Security","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/security"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1005,"url":"https:\/\/www.markwilson.co.uk\/blog\/2008\/03\/windows-server-2008-and-wireless-networking.htm","url_meta":{"origin":199,"position":2},"title":"Windows Server 2008 and wireless networking","author":"Mark Wilson","date":"Sunday 2 March 2008","format":false,"excerpt":"Last week I wrote about how Windows Server 2008 can be used as a great workstation OS too... then I realised that I didn't have any wireless networking capabilities. Although Device Manager reported that my device was working properly, there were no networks available for connection. I wondered if that\u2026","rel":"","context":"In \"Microsoft Windows Server 2008\"","block_context":{"text":"Microsoft Windows Server 2008","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/windows-server-2008"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":461,"url":"https:\/\/www.markwilson.co.uk\/blog\/2006\/07\/windows-mobile-device-security.htm","url_meta":{"origin":199,"position":3},"title":"Windows Mobile device security","author":"Mark Wilson","date":"Thursday 13 July 2006","format":false,"excerpt":"Over the years, I've attended various presentations featuring mobile access to data but most of them have been along the lines of \"look at all this cool stuff I can do\". Last week I was at the Microsoft IT Security Summit and saw a slightly different angle on things as\u2026","rel":"","context":"In \"Microsoft Windows Mobile\"","block_context":{"text":"Microsoft Windows Mobile","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/windows-mobile"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":830,"url":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/some-more-about-terminal-services-gateway-servers.htm","url_meta":{"origin":199,"position":4},"title":"Some more about Terminal Services Gateway Servers","author":"Mark Wilson","date":"Tuesday 10 July 2007","format":false,"excerpt":"In an earlier post, I mentioned Austin Osuide's recent Windows Server User Group presentation on Terminal Services Gateway Server and what follows is some of the detail from that session. Terminal Services Gateway Server is a server role in Windows Server 2008 - effectively a protocol translator that allows authorised\u2026","rel":"","context":"In \"Microsoft Windows Server 2008\"","block_context":{"text":"Microsoft Windows Server 2008","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/windows-server-2008"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":700,"url":"https:\/\/www.markwilson.co.uk\/blog\/2006\/04\/putting-pki-into-practice.htm","url_meta":{"origin":199,"position":5},"title":"Putting PKI into practice","author":"Mark Wilson","date":"Sunday 9 April 2006","format":false,"excerpt":"Recently, I blogged about public\/private key cryptography in plain(ish) English. That post was based on a session which I saw Microsoft UK's Steve Lamb present. A couple of weeks back, I saw the follow-up session, where Steve put some of this into practice, securing websites, e-mail and files. Before looking\u2026","rel":"","context":"In \"Microsoft Windows\"","block_context":{"text":"Microsoft Windows","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/windows"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/199","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=199"}],"version-history":[{"count":0,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/199\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=199"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=199"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=199"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}