Presentation is loading. Please wait.

Presentation is loading. Please wait.

Extending ForeFront beyond the limit www.AGATSolutions.com TMGUAG ISAIAG AG Security Suite.

Published byAnnabel Tull Modified over 9 years ago

Similar presentations

Presentation on theme: "Extending ForeFront beyond the limit www.AGATSolutions.com TMGUAG ISAIAG AG Security Suite."— Presentation transcript:

1 Extending ForeFront beyond the limit www.AGATSolutions.com TMGUAG ISAIAG AG Security Suite

2 AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending Forefront (ISA/TMG IAG/UAG) functionality to solve complex architectures and requirements, typically implemented in large, complex and well secured networks. To learn more about our solutions please visit our website at http://www.agatSolutions.comhttp://www.agatSolutions.com

3 Main Filter list ActiveSync AG Authentication Relay AG Remote Cert Auth AG SSO AG Multiplexer AG Access Controller Secured File Upload

4 AG Active Sync Filter

5 AG ActiveSync - introduction ActiveSync is a data protocol used to synchronize end user devices with Exchange server. More and more companies encourage their employees to work with their mobile devices implementing Bring Your Own (BYO) strategy to save money and improve efficiency. But from a security point of view, mobile smart phones are in fact mini computers and should be treated from a security aspect as a potential threat.

6 AG ActiveSync - requirement Typically the exchange server is published using ISA/TMG or IAG/UAG. Organizations have the need to control the content published to the client (ie iPhone, windows mobile) to ensure that the content published is compatible with the device security level requirements.

7 AG ActiveSync filter solution AG ActiveSync Filter is a solution for controlling who and what to Sync when users connect to Exchange server with mobile devices. The ActiveSync filter allows configuring publishing rules according to device type and Exchange objects (mail, events, tasks and contacts). In addition, the filter can block publishing of attachments and can perform content filtering.

8 AG ActiveSync - Architecture

9 AG ActiveSync filter features Managing filter rule configuration by device type (iPhone, windows mobile etc). Allowing or blocking by DeviceType (specific phones) or DeviceID (specific users) Allowing or blocking Sync of the following objects: Mail messages, Contacts, Tasks and calendar events Allowing or blocking Sync of attachments in mails messages or events. Filtering by words in subject of mail and calendar events. Allowing meeting requests to be published even when mail is blocked. Filtering by the sender's domain name Optional authentication manager add on solution.authentication manager Support ActiveSync 4.5

10 AG Active Sync - Use cases When publishing exchange data via IAG / UAG or ISA / TMG to mobile devices and there are security requirements to block documents / attachments from syncing to mobile clients. A need to block class types (mail, task, contact or event) from being synchronized. Blocking mails or events by words in content. Restricting less secured phones from syncing mails/attachments Blocking internal mails from being synced

11 AG ActiveSync Authentication Manager

12 General description The Authentication manager is a solution for identifying users using ActiveSync without Active Directory. It is needed when there is no active directory user & pass management (and typically use certificate authentication ). The solution forces the ActiveSync to authenticate against the manager instead of active directory

13 AG Authentication Manager - Architecture

14 AG Authentication Manager - Features Strong Security level solution with something you have and something you know. Zero client installation Create user name and password Change mobile device by user Change password by user User management Configuration of User name and password policy The solution is an optional add on to the AG ActiveSync filter

15 AG Authentication Relay

16 General description The Authentication Relay filter allows users to authenticate using a digital certificate when the application is protected by more than one ForeFront server in a cross domain architecture. The solution does not require any domain trust relationship between the front and back domains.

17 AG Authentication Relay (cont) The solution is based on two web filters: In the front server Relay filter signs the user’s name (after being authenticated by ISA) and time stamp and submits the signed data in the request header. In the back server the Consumer filter verifies that the message was received from the front ISA and then performs the authentication to the required application...

18 AG Authentication Relay (cont) Architecture Option A- Basic Authentication Relay

19 AG Authentication Relay (cont) Architecture Option B- Strong Authentication Relay

20 AG Authentication Relay – Use cases When more than one ISA is protecting the application and smart card authentication is needed. When there is a single front end ISA in the external domain protecting several sub-networks that are using ISA. Typically when using IAG as a gateway and several ISA servers are protecting the internal domains. When you need the client ’ s certificate at the back end of multiple ISA architecture.

21 AG Remote Cert Auth

22 AG Remote Cert Auth- Description Enable to perform certificate authentication using an LDAP that is not in the same domain as the ISA server.

23 AG Remote Cert Auth -Use cases When users are using smart cards to login and the LDAP is in a different domain than the ISA. Typically when organization is securing the LDAP / Active directory in a separate domain then the ISA

24 AG SSO

25 AG SSO - Description Add user certificate and LDAP properties to header request for application authentication.

26 AG SSO - Use cases When your web application is not configured to use Windows authentication and user identity is needed. Properties from LDAP are needed for the application. When you need to pass the client certificate to your internal IIS.

27 AG Multiplexer

28 AG Multiplexer - Description Enable transmitting the user's request via a single point of access to several internal destinations according to user organization unit or group Automatically generate a menu page listing all accessible URLs.

29 AG Multiplexer – Use cases When you need to provide a single point of access to all users to browse to different web applications. When routing users is needed according to the location in the Organization Unit (OU) or Group. Typically when the network is divided into several subnets/domains managed separately. Avoid publishing many internal sites.

30 AG Access Controller

31 AG Access Controller- Description The filter extends the ISA web publishing rule system with additional criteria. Supports configuring the web publishing rules based on user OU or Group. Enables working with an LDAP server that is not in the same domain as the ISA/IAG.

32 AG Access Controller - SSL VPN Allows filtering users that use SSL VPN. Enables identifying the user in SSL VPN in order to prevent anonymous requests entering the firewall

33 AG Secured File Upload

34 AG Secured File Upload- Description Fast file content verification Verify that the extension of the file matches the file content Pass file to antivirus to check virus in content Block dangerous content before reaching internal site.

35 END See more filters available on http://www.agatsolutions.comhttp://www.agatsolutions.com

Download ppt "Extending ForeFront beyond the limit www.AGATSolutions.com TMGUAG ISAIAG AG Security Suite."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
The Natural way for Secure Mobile Email v.1.4 www.AGATSolutions.com.

The Natural way for Secure Mobile v.1.4
Secure Lync mobile Authentication

Secure Lync mobile Authentication
Secure SharePoint mobile connectivity

Secure SharePoint mobile connectivity
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
1 Integrating ISA Server and Exchange Server. 2 How email works.

1 Integrating ISA Server and Exchange Server. 2 How works.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
The World's Most Secured Browsing Solution COCKPIT4i is a radically new, powerful solution that protects against the security risks posed by exposure to.

The World's Most Secured Browsing Solution COCKPIT4i is a radically new, powerful solution that protects against the security risks posed by exposure to.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Managing Client Access

Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Similar presentations

Ads by Google