What we have published

Fill 4

ERNW White Paper 53

Security Assessment of Microsoft DirectAccess

Virtual Private Networks (VPNs) are used in many environments to allow the users to securely access their internal resources, which are not accessible otherwise.

Starting from Windows server 2008, Microsoft introduced an IPv6-only VPN technology called DirectAccess, which allows users with specific versions of Windows operating system to remotely, seamlessly and securely connect to their internal network resources. In addition, the nodes and the applications are required to support IPv6 in order to be able to use DirectAccess. In the same context, to overcome the limitation of IPv6 support in today’s Internet infrastructure, DirectAccess facilitate the use of the available IPv6 tunneling technologies which include 6to4, Teredo and IP-HTTPS.

Moreover, unlike the traditional VPN solutions where remote users are obligated to enter some credentials in order to establish a secure connection to their internal networks, DirectAccess lifts this weight off user’s shoulders. Instead, DirectAccess automatically builds the secure connection to the internal resources by relying on different technologies such as Windows domain group policies, public key infrastructure, Kerberos and NT LAN Manager version 2 (NTLMv2) authentication protocol.

In this study, I performed a security assessment for one of the configuration scenarios that is used in DirectAccess technology, by shedding light on major components that are used in this configuration scenario. Furthermore, because DirectAccess is an IPv6 technology, the lion share of this evaluation goes to the IPv6.

This study shows a number of security concerns when DirectAccess is deployed and used in any environment. This study also demonstrates how an attacker with certain knowledge and with the right tools can easily launch many IPv6 attacks against DirectAccess. The security evaluation in this study also proves that using the default configuration to set up the DirectAccess risks the security of both users and internal networks.