Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview Jirat Boomuang Technology Specialist Smith Mangmeetakun Technology Specialist.

Similar presentations


Presentation on theme: "Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview Jirat Boomuang Technology Specialist Smith Mangmeetakun Technology Specialist."— Presentation transcript:

1

2 Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview Jirat Boomuang Technology Specialist Smith Mangmeetakun Technology Specialist Microsoft (Thailand) Limited Jirat Boomuang Technology Specialist Smith Mangmeetakun Technology Specialist Microsoft (Thailand) Limited

3 Agenda Introducing ISA Server 2004 Filtering and Policies Server Publishing and VPN Monitoring and Alerts

4 “The advanced application layer firewall, VPN and Web cache solution that enables customers to maximize IT investments by improving network security and performance” ISA Server 2004 Advanced Protection Application layer security designed to protect Microsoft applications Ease of Use Efficiently deploy, manage, and enable new usage scenarios Fast, Secure Access Empowers you to connect users to relevant information on your network in a cost efficient manner

5 Introducing ISA Server 2004 Introducing ISA Server 2004 Explore the User Interface Create Perimeter Network demonstration demonstration

6 Agenda Introducing ISA Server 2004 Filtering and Policies Server Publishing and VPN Monitoring and Alerts

7 Why Application Layer Security Is Crucial Most of today’s attacks are directed against applications Examples: Mail clients (worms, Trojan horse attacks), Web browsers (malicious Java applets) Applications encapsulate traffic in HTTP traffic Examples: Peer-to-peer, instant messaging Traditional firewalls cannot determine what traffic is sent or received Dynamic port assignments require too many incoming ports to be opened Examples: FTP, RPC

8 Application Layer Content: ??????????????????????????????? A Traditional Firewall’s View of a Packet Only packet headers are inspected Application layer content appears as “black box” IP Header: Source Address, Dest. Address, TTL, Checksum TCP Header: Sequence Number Source Port, Destination Port, Checksum Forwarding decisions based on port numbers Legitimate traffic and application layer attacks use identical ports Internet Expected HTTP Traffic Unexpected HTTP Traffic Attacks Non-HTTP Traffic Corporate Network

9 Application Layer Content: MSNBC - MSNBC Front Page

10 Filtering and Policies Filtering and Policies Configure Perimeter-Internal Access Create Internet Access Firewall Policy HTTP Scanning System Policies demonstration demonstration

11 Agenda Introducing ISA Server 2004 Filtering and Policies Server Publishing and VPN Monitoring and Alerts

12 Traditional Web Publishing All traffic using TCP port 80 sent to Web server One Web server per IP address Web Server      Incoming Traffic Internet

13 ISA Server Web Publishing ISA Server inspects HTTP request Only allowed requests are forwarded ISA Server can publish multiple servers Web Servers http:// http://www.contoso.com/../cmd?..http://www.contoso.com/%2E%2Ehttp://www.contoso.com/scripts/  Incoming Traffic Internet

14 Securing SSL Traffic SSL: Confidentiality But No Traffic Inspection SSL Bridging: 1. Client on Internet encrypts communications 2. ISA Server decrypts and inspects traffic 3. ISA Server sends allowed traffic to published server, re-encrypting it if required

15 Easy Configuration and Administration Web Publishing Wizards make configuration easy and prevent configuration mistakes, monitoring tools show Web usage

16 Link Translation Link translation solves problems with absolute references External Client HREF=http://teams/sales teams Web Page Internet HREF=http://teams.contoso.com/sales

17 Outlook Web Access: Traditional Firewall Web traffic to OWA is encrypted Standard SSL encryption Security against eavesdropping and impersonation Limitation: OWA server is the only defense against application layer attacks Exchange Server OWA Traffic Web Server Attacks SSL Tunnel Concept of defense in depth requires inspection of OWA traffic at firewall Internet

18 Web Server Attacks How ISA Server Protects OWA Authentication Unauthorized requests are blocked before they reach the Exchange server Enforces all OWA authentication methods Optional forms-based authentication prevents caching of credentials Inspection Invalid HTTP requests, or requests for non-OWA content, are blocked Inspection of SSL traffic before it reaches the Exchange server Confidentiality Ensures encryption of traffic over the Internet Can prevent the downloading of attachments to client computers Exchange Server OWA Traffic SSL Tunnel Inspection Authentication Internet

19 RPC and Traditional Firewalls Open port 135 for incoming traffic Open every port that RPC might use for incoming traffic RPC Server (Exchange) RPC Client (Outlook) TCP 135: Port for {0E4A… ? Port 4402: Data Server: Port 4402 Traditional firewalls can’t provide secure RPC access Internet

20 RPC and ISA Server RPC Server (Exchange) RPC Client (Outlook) TCP 135: Port for {0E4A… ? Port 4402: Data Server: Port 4402 Internet Initial connection: Only allows valid RPC traffic Blocks non-Exchange queries Secondary connection Only allows connection to port used by Exchange Enforces encryption ISA Server enables secure remote access using Outlook

21 RPC over HTTP encapsulates RPC traffic inside HTTP Internal Web server (RPC proxy) extracts RPC traffic from HTTP Advantage: Most firewalls allow HTTP traffic Problem: Traditional firewalls leave the RPC proxy exposed to Web-based attacks How RPC over HTTP Works RPC Traffic Web Server Attacks Internet HTTP Traffic

22 How ISA Server Protects RPC over HTTP ISA Server terminates SSL tunnel Inspects HTTP traffic for protocol compliance Blocks requests for all URLs except No direct connections from Internet to RPC Proxy Server Application layer protection for HTTP traffic RPC Traffic Web Server Attacks Internet

23 Easy Configuration and Administration Mail Publishing Wizard makes configuration easy and prevents configuration mistakes

24 Network Access Quarantine Client script checks whether client meets corporate security policies Personal firewall enabled? Latest virus definitions used? Required patches installed? If checks succeed, client gets full access If checks fail, client gets disconnected after timeout period Goal: Prevent VPN clients that don’t meet security requirements from accessing network

25 VPN Quarantine Process VPN Client Quarantine Resources Client computer connects. 1 ISA Server assigns client to Quarantined VPN Clients network, allowing access to limited resources. 2 Script on client computer checks configuration settings. 3 Script sends “success” notification to ISA Server. 4 ISA Server assigns client to VPN Clients network, providing access to internal network. 5   

26 VPN Quarantine Components ISA 2004VPN client VPN tunnel Dial up Script RQC.exeRQS svc TCP 7250 Firewall Service RRAS Connection Manager Administration Kit (CMAK) Connection Manager profile

27 Server Publishing and VPN Server Publishing and VPN Create Web Listener Publish Web Site Publish Exchange for OWA Link Translation Enable VPN demonstration demonstration

28 Agenda Introducing ISA Server 2004 Filtering and Policies Server Publishing and VPN Monitoring and Alerts

29 Monitoring and Alerts Dashboard

30 Monitoring and Alerting Real-time view of firewall activity Flexible alerting mechanism to warn of problems or suspicious activity Intrusion attempts Lack of connectivity Etc.

31 Logging Detailed logging of all firewall activity Choice of logging mechanisms Local database SQL Server Text files

32 Reports Summaries of firewall activity Detailed information of types of traffic, user activities and more Can be scheduled Viewable with Web browser Export data for further analysis

33 Session Summary ISA Server 2004 provides many benefits Advanced application layer firewall VPN Web cache solution ISA Server 2004 offers many improvements over ISA Server 2000 Enhanced user interface New features Improved functionality

34 Business Value Through Innovation

35 © 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

36 © 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.


Download ppt "Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview Jirat Boomuang Technology Specialist Smith Mangmeetakun Technology Specialist."

Similar presentations


Ads by Google