Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview

Similar presentations


Presentation on theme: "Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview"— Presentation transcript:

1

2 Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview
Jirat Boomuang Technology Specialist Smith Mangmeetakun Microsoft (Thailand) Limited

3 Agenda Introducing ISA Server 2004 Filtering and Policies
Server Publishing and VPN Monitoring and Alerts

4 ISA Server 2004 Advanced Protection Ease of Use Fast, Secure Access
“The advanced application layer firewall, VPN and Web cache solution that enables customers to maximize IT investments by improving network security and performance” Advanced Protection Application layer security designed to protect Microsoft applications Ease of Use Efficiently deploy, manage, and enable new usage scenarios Fast, Secure Access Empowers you to connect users to relevant information on your network in a cost efficient manner

5 demonstration Introducing ISA Server 2004 Explore the User Interface
Create Perimeter Network

6 Agenda Introducing ISA Server 2004 Filtering and Policies
Server Publishing and VPN Monitoring and Alerts

7 Why Application Layer Security Is Crucial
Most of today’s attacks are directed against applications Examples: Mail clients (worms, Trojan horse attacks), Web browsers (malicious Java applets) Applications encapsulate traffic in HTTP traffic Examples: Peer-to-peer, instant messaging Traditional firewalls cannot determine what traffic is sent or received Dynamic port assignments require too many incoming ports to be opened Examples: FTP, RPC

8 A Traditional Firewall’s View of a Packet
Only packet headers are inspected Application layer content appears as “black box” IP Header: Source Address, Dest. Address, TTL, Checksum TCP Header: Sequence Number Source Port, Destination Port, Checksum Application Layer Content: ??????????????????????????????? Forwarding decisions based on port numbers Legitimate traffic and application layer attacks use identical ports Expected HTTP Traffic Corporate Network Unexpected HTTP Traffic Internet Attacks Non-HTTP Traffic

9 ISA Server’s View of a Packet
Packet headers and application content are inspected IP Header: Source Address, Dest. Address, TTL, Checksum TCP Header: Sequence Number Source Port, Destination Port, Checksum Application Layer Content: <html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>MSNBC - MSNBC Front Page</title><link rel="stylesheet" Forwarding decisions based on content Only legitimate and allowed traffic is processed Allowed HTTP Traffic Corporate Network Prohibited HTTP Traffic Internet Attacks Non-HTTP Traffic

10 demonstration Filtering and Policies
Configure Perimeter-Internal Access Create Internet Access Firewall Policy HTTP Scanning System Policies

11 Agenda Introducing ISA Server 2004 Filtering and Policies
Server Publishing and VPN Monitoring and Alerts

12 Traditional Web Publishing
All traffic using TCP port 80 sent to Web server One Web server per IP address Internet Incoming Traffic Web Server

13 ISA Server Web Publishing
ISA Server inspects HTTP request Only allowed requests are forwarded ISA Server can publish multiple servers Internet Incoming Traffic Web Servers

14 Securing SSL Traffic SSL: Confidentiality But No Traffic Inspection
SSL Bridging: Client on Internet encrypts communications ISA Server decrypts and inspects traffic ISA Server sends allowed traffic to published server, re-encrypting it if required

15 Easy Configuration and Administration
Web Publishing Wizards make configuration easy and prevent configuration mistakes, monitoring tools show Web usage

16 Link Translation Link translation solves problems with absolute references Web Page teams Internet External Client HREF=http://teams.contoso.com/sales HREF=http://teams/sales

17 Outlook Web Access: Traditional Firewall
OWA Traffic Internet SSL Tunnel Web Server Attacks Exchange Server Web traffic to OWA is encrypted Standard SSL encryption Security against eavesdropping and impersonation Limitation: OWA server is the only defense against application layer attacks Concept of defense in depth requires inspection of OWA traffic at firewall

18 How ISA Server Protects OWA
OWA Traffic Internet SSL Tunnel Web Server Attacks Inspection Authentication Exchange Server Authentication Unauthorized requests are blocked before they reach the Exchange server Enforces all OWA authentication methods Optional forms-based authentication prevents caching of credentials Inspection Invalid HTTP requests, or requests for non-OWA content, are blocked Inspection of SSL traffic before it reaches the Exchange server Confidentiality Ensures encryption of traffic over the Internet Can prevent the downloading of attachments to client computers

19 RPC and Traditional Firewalls
RPC Server (Exchange) Open port 135 for incoming traffic Open every port that RPC might use for incoming traffic Port 4402: Data Server: Port 4402 TCP 135: Port for {0E4A… ? Internet RPC Client (Outlook) Traditional firewalls can’t provide secure RPC access

20 ISA Server enables secure remote e-mail access using Outlook
RPC and ISA Server RPC Server (Exchange) Initial connection: Only allows valid RPC traffic Blocks non-Exchange queries Secondary connection Only allows connection to port used by Exchange Enforces encryption Port 4402: Data Server: Port 4402 TCP 135: Port for {0E4A… ? Internet RPC Client (Outlook) ISA Server enables secure remote access using Outlook

21 How RPC over HTTP Works RPC over HTTP encapsulates RPC traffic inside HTTP Internal Web server (RPC proxy) extracts RPC traffic from HTTP Advantage: Most firewalls allow HTTP traffic Problem: Traditional firewalls leave the RPC proxy exposed to Web-based attacks RPC Traffic Internet HTTP Traffic Web Server Attacks

22 How ISA Server Protects RPC over HTTP
ISA Server terminates SSL tunnel Inspects HTTP traffic for protocol compliance Blocks requests for all URLs except No direct connections from Internet to RPC Proxy Server Application layer protection for HTTP traffic RPC Traffic Internet Web Server Attacks

23 Easy Configuration and Administration
Mail Publishing Wizard makes configuration easy and prevents configuration mistakes

24 Network Access Quarantine
Client script checks whether client meets corporate security policies Personal firewall enabled? Latest virus definitions used? Required patches installed? If checks succeed, client gets full access If checks fail, client gets disconnected after timeout period Goal: Prevent VPN clients that don’t meet security requirements from accessing network

25 VPN Quarantine Process
ISA Server assigns client to Quarantined VPN Clients network, allowing access to limited resources. 2 Quarantine Resources Script on client computer checks configuration settings. 3 ISA Server assigns client to VPN Clients network, providing access to internal network. 5 Script sends “success” notification to ISA Server. 4 VPN Client 1 Client computer connects.

26 VPN Quarantine Components
Connection Manager Administration Kit (CMAK) Connection Manager profile ISA 2004 VPN client VPN tunnel RRAS Dial up Firewall Service Script RQS svc RQC.exe TCP 7250

27 demonstration Server Publishing and VPN Create Web Listener
Publish Web Site Publish Exchange for OWA Link Translation Enable VPN

28 Agenda Introducing ISA Server 2004 Filtering and Policies
Server Publishing and VPN Monitoring and Alerts

29 Monitoring and Alerts Dashboard

30 Monitoring and Alerting
Real-time view of firewall activity Flexible alerting mechanism to warn of problems or suspicious activity Intrusion attempts Lack of connectivity Etc.

31 Logging Detailed logging of all firewall activity
Choice of logging mechanisms Local database SQL Server Text files

32 Reports Summaries of firewall activity
Detailed information of types of traffic, user activities and more Can be scheduled Viewable with Web browser Export data for further analysis

33 Session Summary ISA Server 2004 provides many benefits
Advanced application layer firewall VPN Web cache solution ISA Server 2004 offers many improvements over ISA Server 2000 Enhanced user interface New features Improved functionality

34 Business Value Through Innovation

35 © 2004 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

36 © 2004 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.


Download ppt "Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview"

Similar presentations


Ads by Google