Welcome to Thomas Shinder's Section

Dr. Thomas W. Shinder is an MCSE and MVP in ISA Firewalls. He has worked as a technology trainer, writer and consultant in the Dallas-Ft. Worth metro area for over a decade, assisting in development and implementation of security strategies for major firms such as Micorosoft, HP, the US Federal Government, and many other Fortune 500 companies. Tom is the CIO of TACTEAM, a writing, training and consulting firm focused on Windows security planning and deployment.

Thomas Shinder's Latest Contributions

DirectAccess: Microsoft's Newest VPN Solution - Part 1: Overview of Current Remote Access Solutions

Date - Jul 08, 2009

Section - Articles / Authentication, Access Control & Encryption

Taking a look at DirectAccess, Microsoft’s latest VPN solution and assessing the current Remote Access Solutions.

Understanding Microsoft’s Secure Remote Access Offerings

Date - Apr 22, 2009

Section - Articles / Misc Network Security

The secure remote access options currently available to Microsoft networks.

Security Zoning for Virtualized Environments

Date - Mar 11, 2009

Section - Articles / Misc Network Security

An important consideration when assessing the security of a virtualized environment: network security zoning.

Deploying IPsec Server and Domain Isolation using Windows Server 2008 Group Policy (Part 4)

Date - Nov 19, 2008

Section - Articles / Windows OS Security

Testing the clients and seeing how the security certificates are assigned and removed automatically and how clients are connected and disconnected from the network.

Deploying IPsec Server and Domain Isolation using Windows Server 2008 Group Policy (Part 3)

Date - Nov 11, 2008

Section - Articles / Windows OS Security

How to configure a NAP IPsec Enforcement policy on the NPS and then moving on to the client systems so that we can use them for testing.

Deploying IPsec Server and Domain Isolation using Windows Server 2008 Group Policy (Part 2)

Date - Oct 29, 2008

Section - Articles / Windows OS Security

Installing and configuring the Network Policy Server, the Health Registration Authority and the subordinate CA.

Deploying IPsec Server and Domain Isolation using Windows Server 2008 Group Policy (Part 1)

Date - Oct 09, 2008

Section - Articles / Windows OS Security

How to put together a NAP solution using IPsec policy enforcement.

Using Group Policy Filtering to Create a NAP DHCP Enforcement Policy (Part 4)

Date - Sep 24, 2008

Section - Articles / Windows OS Security

Setting up the DHCP server to work with the NPS server and the NAP policies, and then configure Group Policy so that NAP policy and NAP components are automatically configured for any machine that belongs to the NAP computers security group in Active Directory.

Using Group Policy Filtering to Create a NAP DHCP Enforcement Policy (Part 3)

Date - Sep 09, 2008

Section - Articles / Windows OS Security

Taking a closer look at the policies created in the previous article and seeing what they do in the NAP DHCP enforcement solution.

Using Group Policy Filtering to Create a NAP DHCP Enforcement Policy (Part 2)

Date - Aug 27, 2008

Section - Articles / Windows OS Security

How to use the NAP policy wizard to automatically create the Network, Health and Connection policies that will be used to control access to the network.

Using Group Policy Filtering to Create a NAP DHCP Enforcement Policy (Part 1)

Date - Aug 14, 2008

Section - Articles / Windows OS Security

How to implement Group Policy to control DHCP Network Access Policy enforcement. This improves the level of granularity you can apply to DHCP enforcement for NAP clients.

Overview of the Windows Server 2008 Firewall with Advanced Security Part 3b: Introduction to Domain Isolation

Date - Jul 23, 2008

Section - Articles / Firewalls & VPNs

Creating the client and server domain isolation rule that will require security (authentication) and also configuring the server to accept inbound ping connections so that we can test the rule.

Overview of the Windows Server 2008 Firewall with Advanced Security Part 3a: Introduction to Domain Isolation

Date - Jul 08, 2008

Section - Articles / Firewalls & VPNs

How to use Group Policy to enforce domain isolation through the use of IPsec.

Overview of the Windows Server 2008 Firewall with Advanced Security Part 2: Inbound and Outbound Firewall Rules

Date - Jun 10, 2008

Section - Articles / Firewalls & VPNs

The inbound and outbound firewall rules that you can create to control incoming and outgoing connections to and from the Windows Server 2008 computer.

Overview of the Windows Server 2008 Firewall with Advanced Security Part 1: Setting the Firewall and IPsec Connection Security Defaults

Date - May 28, 2008

Section - Articles / Firewalls & VPNs

The general settings to configure the Windows Firewall with Advanced Security.

The Windows Server 2008 Connection Manager Administration Kit

Date - May 13, 2008

Section - Articles / Firewalls & VPNs

Taking a look at the Windows Server 2008 CMAK and how you can use it to create secure connectoids for PPTP, L2TP and SSTP remote access VPN client connections.

Configuring the Windows Server 2008 Terminal Services Gateway (Part 2)

Date - Apr 08, 2008

Section - Articles / Authentication, Access Control & Encryption

How to install and configure the TS Gateway and the RDP client; making and testing the connection.

Configuring the Windows Server 2008 Terminal Services Gateway (Part 1)

Date - Mar 26, 2008

Section - Articles / Authentication, Access Control & Encryption

How to put together a working Terminal Services Gateway solution.

Configuring Windows Server 2008 as a Remote Access SSL VPN Server (Part 3)

Date - Feb 14, 2008

Section - Articles / Authentication, Access Control & Encryption

We will perform some small configuration changes in the Active Directory and on the CA Web site. Then we will focus on the VPN client configuration and finish up by establishing the SSL VPN connection.

Configuring Windows Server 2008 as a Remote Access SSL VPN Server (Part 2)

Date - Jan 30, 2008

Section - Articles / Authentication, Access Control & Encryption

The steps required to get a simple three machine SSTP VPN client/server solution to work.

Configuring Windows Server 2008 as a Remote Access SSL VPN Server (Part 1)

Date - Jan 08, 2008

Section - Articles / Authentication, Access Control & Encryption

A high level overview of VPN networking technologies and a description of Microsoft VPN protocols, highlighting the advantages of the new SSTP VPN protocol.

Using a Split DNS to Support Small Business Remote Access Connections

Date - Jul 13, 2004

Section - Articles / Authentication, Access Control & Encryption

Small businesses are getting into the remote access market. No, I don’t mean that small businesses are becoming ISPs. What I do mean is that small businesses want to be able to access information stored on machines located on their small business network no matter where they go, in the same way big businesses do it.

Using Client Certificate Authentication with IIS 6.0 Web Sites

Date - Jun 24, 2004

Section - Articles / Web Server Security

In spite of the fact that there’s no such thing as a secure network, there are still a lot of things you can do that doesn’t require you to take a second mortgage on your home and thousands of man-hours. This is especially true when it comes to providing secure access to Microsoft IIS Web servers.

Port Scanning ISA Server

Date - Jul 17, 2002

Section - Articles / Misc Network Security

When I wrote my series on how to secure your ISA Server installation, I had it in mind that ISA Server administrators could use the information to confirm whether or not their ISA Server installations we’re secure. We got some good feedback on the series, but you wanted more! Specifically, you wanted to know how you could test (via port scanning tools) what ports and services were visible and available on the external interface of the ISA server.

Creating a Poor Man’s DMZ Part 1 - Using TCP/IP Security

Date - Jul 17, 2002

Section - Articles / Windows Networking

A common issue that pops up on the www.isaserver.org web boards is how to configure a DMZ segment on a trihomed ISA Server. Setting up a trihomed ISA Server with a directly attached segment acting as a DMZ is fairly simple.

VPN Client Security Issues

Date - Jul 17, 2002

Section - Articles / Firewalls & VPNs

You've implemented a ISA/VPN Server to allow secure remote connections to your internal network. While you might have configured your VPN Server in a secure manner, what about your VPN clients? In this article I'll talk about important issues regarding VPN client configuration and how it impacts network security.

Configuring Gateway to Gateway L2TP/IPSec VPNs Part 2: Configuring the Infrastructure

Date - Jul 17, 2002

Section - Articles / Firewalls & VPNs

In part 1 of this series on how to configure an L2TP/IPSec gateway to gateway VPN solution, we examined how to configure the certificate infrastructure and assign machine certificates on the local network. This week, we’ll complete our gateway to gateway VPN configuration.

Configuring Gateway to Gateway L2TP/IPSec VPNs Part 1: Configuring the Infrastructure

Date - Jul 17, 2002

Section - Articles / Firewalls & VPNs

Configuring a gateway to gateway VPN is easy using ISA Server. The reason why it’s so easy is that the Local and Remote VPN Wizards make the setup a virtual no-brainer. Well, it’s a no-brainer when you’re configuring PPTP VPN gateways. But if you’re in the market for a high security L2TP/IPSec gateway to gateway VPN, you probably have either been trying to avoid it like the plague or you are pulling your hair out trying to figure out how to make it work!

Securing the ISA Server Configuration - ISA Server Security Checklist (Part 2)

Date - Jul 17, 2002

Section - Articles / Firewalls & VPNs

In part one of our ISA Server Security checklist series, we talked about how to secure the operating system and network interfaces on the ISA Server. In part 2 we'll focus on ISA Server specific configuration issues that you can use to optimize security.

Securing the Operating System and the Interface

Date - Jul 17, 2002

Section - Articles / Windows OS Security

ISA Server is all about security. ISA is about securing network access into and out of the internal network. But after you’ve done all of your configuring, how do you know that you’ve done an adequate job of securing the internal network and the system that ISA Server is running on?

Configuring VPN Access in a Back to Back ISA Server Environment

Date - Jul 16, 2002

Section - Articles / Firewalls & VPNs

VPNs have been a topic of growing interest for the last couple years. However, since the tragic events in New York City in September of 2001, the subject has become red-hot. Why? Business and network managers now have a greater awareness that the weakest link in any design, whether it be a network or a business, is too high a level of centralization. Distributed systems are highly fault tolerant and difficult to bring down, while centralized systems can be brought to their knees with a single blow.

How to Block Dangerous Instant Messengers Using ISA Server

Date - Jul 16, 2002

Section - Articles / Authentication, Access Control & Encryption

I get a lot of questions about how can ISA Server be used to block dangerous applications. What is a dangerous application?

Configuring ISA Server For Inbound VPN Calls

Date - Jul 16, 2002

Section - Articles / Firewalls & VPNs

You've implemented a ISA/VPN Server to allow secure remote connections to your internal network. While you might have configured your VPN Server in a secure manner, what about your VPN clients? In this article I'll talk about important issues regarding VPN client configuration and how it impacts network security.