Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enabling Secure Internet Access with ISA Server

Published byKathryn Addams Modified over 10 years ago

Similar presentations

Presentation on theme: "Enabling Secure Internet Access with ISA Server"— Presentation transcript:

1 Enabling Secure Internet Access with ISA Server

2 Enabling Secure Access to Internet Resources
What Is Secure Access to Internet Resources? Users can access the resources that they need The connection to the Internet is secure The data that users transfer to and from the Internet is secure Users cannot download malicious programs from the Internet Secure access to the Internet also means that the user’s actions comply with the organization’s security or Internet usage policy.

3 What Is Secure Access to Internet Resources
Only users who have permission to access the Internet can access the Internet. These users can use only approved protocols and applications to access Internet resources. These users can gain access only to approved Internet resources, or these users cannot gain access to denied Internet resources These users can gain access to the Internet only in accordance with any other restrictions the organization may establish, such as when and from which computers access is permitted.

4 How ISA Server Enables Secure Access to Internet Resources
ISA Server provides the following functionality to enable secure access Implementing ISA Server as a firewall Implementing ISA Server as a proxy server. Using ISA Server to implement the organization’s Internet usage policy

5 Configuring ISA Server as a Proxy Server
What Is a Proxy Server? A proxy server is a server that is situated between a client application and a server to which the client connects. All client requests are sent to the proxy server. The proxy server creates a new request and sends the request to the specified server. The server response is sent back to the proxy server, which then replies to the client application. A proxy server can provide enhanced security and performance for Internet connections. Using a proxy server is to make the user’s connection to the Internet more secure.

6 Configuring ISA Server as a Proxy Server
Proxy servers make the Internet connection more secure in the following ways: User authentication Filtering client requests Content inspection Logging user access Hiding the internal network details

7 How Proxy Servers Work How Does a Forward Proxy Server Work?
How Does a Reverse Web Proxy Server Work?

8 How Does a Forward Proxy Server Work?
When a proxy server is used to secure outbound Internet access, it is configured as a forwarding proxy server. Forward proxy servers are usually located between a Web or Winsock application running on a client computer on the internal network and an application server located on the Internet

9 How Does a Forward Proxy Server Work?

10 1. A client application, such as a Web browser, makes a request for an object located on a Web server. The client application checks its Web proxy configuration to determine whether the request destination is on the local network or on an external network. 2. If the requested Web server is not on the local network, the request is sent to the proxy server. 3. The proxy server checks the request to confirm that there is no policy in place that blocks access to the requested content. 4. If caching is enabled, the proxy server also checks if the requested object exists in its local cache. If the object is stored in the local cache and it is current, the proxy server sends the object to the client from the cache. If the page is not in the cache or if the page is out of date, the proxy server sends the request to the appropriate server on the Internet.

11 5. The Web server response is sent back to the proxy server
5.The Web server response is sent back to the proxy server. The proxy server filters the response based on the filtering rules configured on the server. 6. If the content is not blocked and it is cacheable, ISA Server saves a copy of the content in its cache and the object is then returned to the client application that made the original request.

12 How Does a Reverse Web Proxy Server Work?

13 A user on the Internet makes a request for an object located on a Web server that is on an internal network protected by a reverse proxy server. The client computer performs a DNS lookup using the fully qualified domain name (FQDN) of the hosting server. The DNS name will resolve to the IP address of the external network interface on the proxy server. 2. The client application sends the request for the object to the external address of the proxy server

14 3.The proxy server checks the request to confirm that the URL is valid and to ensure that there is a policy in place that allows access to the requested content. 4. The proxy server also checks whether the requested object already exists in its local cache. If the object is stored in the local cache and it is current, the proxy server sends the object to the client from the cache. If the object is not in the cache, the proxy server sends the request to the appropriate server on the internal network. 5. The Web server response is sent back to the proxy server. 6. The object is returned to the client application that made the original request

15 How to Configure ISA Server as a Proxy Server

16 How to Configure Web and Firewall Chaining
ISA Server 2004 Standard Edition supports the chaining of multiple servers running ISA Server together to provide flexible Web proxy services

17 How to Configure Web and Firewall Chaining

18 Configuring Access Rule Elements
By default, ISA Server 2004 denies all network traffic between networks connected to the ISA Server computer. Configuring an access rule is the only way to configure ISA Server so that it will allow traffic to flow between networks

19 What Are Access Rule Elements
Access rule elements are configuration objects in ISA Server that you use to create access rules. Example:you may want to create an access rule that allows only HTTP traffic, ISA Server provides an HTTP protocol access rule element that you can use when creating the access rule

20 Access Rule Element Types
Description Protocols defines protocols that you can use in an access rule. User Sets defines a group of one or more users to which a rule will be explicitly applied, or which can be excluded from a rule. Content Types provides common content types to which you may want to apply a rule. Schedules allows you to designate hours of the week during which the rule applies Network Objects . allows you to create sets of computers to which a rule will apply, or which will be excluded from a rule.

21 How to Configure Access Rule Elements
ISA Server includes several default access rule elements

22 How to Configure User Set Elements
access rule specifies which users will be allowed or denied access by the access rule. To limit access to Internet resources based on users or groups, you must create a user set element. When you limit an access rule to specific users, users must authenticate before they are granted access. For each group of users, you can define the type of authentication required

23 How to Configure User Set Elements
All Authenticated Users:This set includes all users who have authenticated using any type of authentication. All Users:This set includes all users, both authenticated and unauthenticated. System and Network Service:This user set includes the Local System service and the Network service on the computer running ISA Server. This user set is used in some system policy rules

24 How to Configure User Set Elements
In ISA Server

25 How to Configure Content Type Elements
Create a new content type element, or use one of the existing content type elements when you create an access rule. Content type elements define Multipurpose Internet Mail Extensions (MIME) types and file name extensions. When a client such asMicrosoft Internet Explorer downloads information from the Internet using HTTP or File Transfer Protocol (FTP), the content is downloaded in either MIME format or as a file with a specified file name extension.

26 How to Configure Content Type Elements
Content type elements apply only to HTTP and FTP traffic that is tunneled in an HTTP header. When a client requests HTTP content, ISA Server sends the request to the Web server. When the Web server returns the object, ISA Server checks the object’s MIME type or its file name extension, depending on the header information returned by the Web server. ISA Server determines if a rule applies to a content type that includes the requested filename extension, and processes the rule accordingly ISA Server is preconfigured with the following content types: Application, Application data files, Audio, Compressed files, Documents, Hypertext Markup Language (HTML) documents, Images, Macro documents, Text, Video, and Virtual Reality Modeling Language (VRML).

27 In ISA server

28 How to Configure Schedule Elements
To configure access to the Internet based on the time of day. ISA Server : Weekends:Defines a schedule that includes all times on Saturday and Sunday Work Hours:Defines a schedule that includes the hours between 09:00 (9:00 A.M.) and 17:00 (5:00 P.M.) on Monday through Friday

29 In ISA server:

30 How to Configure Network Objects
to define which Web sites or servers users can or cannot access Networks: A network rule element represents a network, which is all the computers connected EX:Internal, External, Branch Office Network Sets: A network-set rule element represents a grouping of one or more networks Ex:All Protected Networks

31 How to Configure Network Objects
Computer: A computer rule element represents a single computer, identified by its IP address Ex:DC1 (IP Address: ). Address Ranges: An address range is a set of computers represented by a continuous range of IP addresses Ex:All DCs (IP Address Range: – ).

32 How to Configure Network Objects
Subnets: A subnet represents a network subnet, specified by a network address and a mask. Ex:Branch Office Network (IP Addresses /24). Computer Sets: A computer set includes a collection of computers identified by their IP addresses, a subnet object, or an address-range object Ex:All DCs and Exchange Servers

33 How to Configure Network Objects
URL Sets: URL sets specify one or more URLs grouped together to form a set. Ex:Microsoft Web Site ( Domain Name Sets: Domain name sets define one or more domain names as a single set, so that you can apply access rules to the specified domains

34 How to Configure Network Objects
In ISA server

35 Configuring ISA Server Authentication
to limit access to Internet resources based on users or groups ISA Server Authentication Options: Basic authentication: Basic authentication sends and receives user information as plaintext and does not use encryption Digest authentication: Digest authentication passes authentication credentials through a process called hashing. Hashing creates a string of characters based onthe password but does not send the actual password across the network, ensuring that no one can capture a network packet containing the password and impersonatethe user.

36 Integrated Windows authentication:
Uses either the Kerberos version 5 authentication protocol or NTLM protocol, both of which do not send the user name and password across the network. Digital certificates authentication: Requests a client certificate from the client before allowing the request to be processed. Users obtain client certificates from a certification authority that can be internal to your organization or a trusted external organization. Remote Authentication Dial-In User Service RADIUS is an industry-standard authentication protocol.

37 ISA Server Clients and Authentication
SecureNAT Clients: For SecureNAT clients, there is no user-based authentication Restrict access to the Internet based only on network rules and other access rules If an access rule requires authentication, SecureNAT clients will be blocked from accessing the resources defined by the rule

38 Firewall Clients When ISA Server authenticates a Firewall client, it uses the credentials of the user making the request on the computer running the Firewall client

39 Configuring Access Rules for Internet Access
What Are Access Rules

40 How to Configure Access Rules

41

42

43

44

Download ppt "Enabling Secure Internet Access with ISA Server"

Similar presentations

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
The Internet Useful Definitions and Concepts About the Internet.

The Internet Useful Definitions and Concepts About the Internet.
Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.

Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.

Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.

Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
Managing Client Access

Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

Similar presentations

Ads by Google