What Windows XP’s End of Support Means for Security

This past summer, there was a lot of discussion around the advent of Windows 8, but one topic that was seemingly lost among all of the reviews of the latest operating system (OS) was the encroaching retirement of Windows XP. When you consider that this time next year (April 14th, to be exact,) security fixes, patches for vulnerabilities and updates to software will disappear to the more than 15 percent of midsize and large enterprises still running Windows XP, companies are remiss to not recognize its huge security implications. If companies don’t migrate to Windows 7 or higher, they will leave their entire network and systems vulnerable to malicious exploits targeting the expired OS, like cyber and DDOS attacks, data theft and hacking. In other words, it’s absolutely critical that organizations migrate to a modern OS ASAP. To do this, however, companies will need to do a clean install, meaning they’ll need to transition all user data and reinstall or repackage all of their applications to the new Windows 7 or Windows 8 system. Normally, this can be a time and labor-intensive process, and requires testing all hardware, peripherals and applications to make sure they work with one of Microsoft’s newest OSs. And this means third-party remote access VPN and security software, too – because, while Windows 8 comes will embedded features like DirectAccess and Secure Boot, their pitfalls make it essential to deploy layered security measures in order to effectively lock down a corporate network. So as companies try to beat the clock, where should they turn? For optimal security without breaking the bank, they’ll need robust solutions that...

NCP engineering Supports Microsoft Windows Users’ Evolving Remote Access Needs

Organizations tasked with safely connecting their employees to the corporate network are under pressure to not only accommodate various devices, but also offer multi-platform support. In fact, analysts predict  that through 2017, 90% of enterprises will have two or more mobile operating systems to manage! Adding to this pressure is the recent onslaught of Windows 8-based systems in the enterprise, which means the demand for secure remote access solutions is following suit. Heeding this call for adaptation, NCP engineering has upgraded its enterprise IPsec VPN client suite to offer compatibility with laptops and tablets running Windows 8, in particular, its Professional and Enterprise editions. The centrally managed remote access software also supports devices using Windows 7/Vista/XP 32-/64-bit. NCP has also added several new security benefits to its enterprise IPsec VPN client, including prompting users via warning messages if they fail to log on to hotspots without established Wi-Fi connections. When this occurs, the software solution advises users on creating suitable connection profiles, and helps them determine if alternative network selections are necessary. The NCP Secure Enterprise Client also includes the recently added Access Point Name (APN) management feature, which eliminates the need to manually update each device’s APN when switching out SIM cards from different mobile operators. For more information on the new product version and how NCP is meeting Windows users’ evolving remote access needs, check out the full press release...

NCP engineering Adds Windows 8 Compatibility to New Version of IPsec VPN Entry and Juniper Clients

As new mobile devices and operating systems (OS) are released, mobile workers need to know that their secure remote access solutions are equipped to support them. Given the headaches associated with OS upgrades, such as transitioning to Windows 8, any way to alleviate concerns and mitigate financial burdens is music to the ears of enterprises and end users alike. Recognizing this, NCP has released a new version of the Entry and Juniper Editions of its IPsec VPN client software. Version 9.31 is now fully compatible with Windows 8 (32-/64-bit). By supporting Windows 8, the VPN clients help to maximize enterprises’ remote access investments when upgrading from an older OS such as Windows XP, Windows Vista or Windows 7. So what exactly is different about the new software? The way that users configure the mobile access point from which they access the Internet, for one. Up to this point, users were required to manually tweak the Access Point Name (APN) settings of their mobile devices whenever they switched out SIM cards from one mobile network operator to the next. With the new NCP Secure Clients, however, a new feature has been introduced that eliminates this tedious task by automatically prompting the driver to search for, and configure, the APN via the NetID of the SIM card. This new capability, in conjunction with pre-existing public key infrastructure (PKI), one-time password and token/certificate support, a dynamic firewall, an Internet dialer/connector and seamless roaming functionality, makes for powerful IPsec VPN software. With more of today’s workforce becoming mobilized, the Entry and Juniper editions of the NCP Secure Client ensure that secure remote access...

Q&A on VPNs & DirectAccess with Patrick Oliver Graf, Part 4

This is part four in a series of questions related to DirectAccess and VPNs. Last week we addressed whether Microsoft can improve the implementation of DirectAccess under Windows Server 2012. Earlier in our series we examined the hardware requirements with DirectAccess and whether DirectAccess, in combination with Windows 8, supersedes VPNs.  Question: Do networks that employ the Windows Server 2008 R2 and the Windows Server 2012 also feature the improved configuration and management features of DirectAccess? Patrick Oliver Graf: No, they do not. The improvements for DirectAccess are only available for Windows Server 2012. It can be expected that users will slowly migrate their systems from Windows Server 2008 R2 to version 2012. This means, companies will have to continue living with the restrictions resulting from DirectAccess in a Windows Server 2008 environment for quite a time. Question: Can companies use DirectAccess in combination with a VPN? For example can they use DirectAccess for computers running on Windows 7 and Windows 8 while they need an IPsec/SSL VPN for Windows XP, MacOS, iOS, Android or Linux at the same time? Patrick Oliver Graf: Windows Server 2012 does not change anything in this scenario. DirectAccess can only be used for Windows 7/8 clients. Anybody who wants to use other clients (MacOS, iOS, Android, Linux, Unix) has to setup and operate a parallel VPN infrastructure. Although Windows Server 2012 offers the default setting of an additional installation of VPNs for non-Windows clients upon implementation of DirectAccess, two separate worlds remain if a user also uses clients with other operating systems, other than Windows 7 and 8. This naturally increases the installation, configuration and operating effort....

Q&A on VPNs & DirectAccess with Patrick Oliver Graf, Part 3

This is part three in a series of questions related to DirectAccess and VPNs. Earlier this week we addressed the hardware requirements with DirectAccess and whether DirectAccess, in combination with Windows 8, supersedes VPNs. Question: Its inflexible and complex implementation was one of the greatest weaknesses of DirectAccess in combination with Windows Server 2008 R2. Microsoft has improved Windows server 2012 in this regard. Are there still issues Microsoft could improve or optimize? Patrick Oliver Graf: Microsoft has considerably improved the implementation of DirectAccess under Windows Server 2012. For example, users can now implement DirectAccess through a single console where they had to use several before. Network Access Translation (NAT) is now able to direct incoming remote access connections to a central DirectAccess Server. Through the new features, there is no need for several servers any more. The system furthermore supports global server load balancing. This means that now a Windows 8 client is easily able to log on to the closest network entry point. However, there are still several unsolved issues. In Windows Server 2012 and DirectAccess, multi-site support still causes quite a bit of hassle. Apart from that, multi-site implementations strictly require a Public Key Infrastructure (PKI). This increases the users’ effort and contradicts Microsoft’s statement, maintaining that with Windows 8, setting up secure connections with DirectAccess and Windows Server 2012 has become easier than it is within a VPN infrastructure. According to users’ experiences, it is essential to configure DHCP and DNS entries (Dynamic Host Configuration Protocol / Domain Name Server) of DirectAccess implementations with particular care. This, too, increases the implementation effort and makes the system prone...