Sometime back i had a debate with one of the information security team on Direct Access 2012 the Next Generation Remote Access Solution ,They pointed out some of the security risk in direct access .The major ones were as follows
1. IP-HTTPS connection doesn’t display ISP IP information when Direct Access Clients connect via internet to the corp Network
2.how to get the information on how long the DA client was connected via Internet
3.How to track what all resources were access in crop network via Direct Access client .
The answers to the above concerns raised by most of the security teams are possible in Direct Access 2012 and trust me the Security Teams will be well convinced by the Direct Access Advance logging
The ISP public IP information is not displayed in Direct Access console for IP-HTTPS traffic is due to SSL and TSL encryption hence it cannot be displayed in Direct Access Management console .
But these information can be fetched from Component Event Logging in Direct Access Server .Below are the options you need to check in event viewer to fetch these information for audit purpose ,also these can be integrated by the SIEMS.
Good to see that …Cheers:)
LikeLike