A traditional firewall’s view of a packet Application Layer Content ?????????????????????? Only packet headers are inspected –Application layer content appears as “black box” IP Header Source Address, Dest. Address, TTL, Checksum TCP Header Sequence Number Source Port, Destination Port, Checksum Forwarding decisions based on port numbers –Legitimate traffic and application layer attacks use identical ports Internet Expected HTTP Traffic Unexpected HTTP Traffic Attacks Non-HTTP Traffic Corporate Network
ISA Server’s view of a packet Packet headers and application content are inspected Application Layer Content MSNBC - MSNBC Front Page <link rel="stylesheet" IP Header Source Address, Dest. Address, TTL, Checksum TCP Header Sequence Number Source Port, Destination Port, Checksum Forwarding decisions based on content –Only legitimate and allowed traffic is processed Internet Expected HTTP Traffic Unexpected HTTP Traffic Attacks Non-HTTP Traffic Corporate Network
Updated security architecture Advanced Protection Application layer security designed to protect Microsoft applications Deep content inspection Enhanced, customizable HTTP protocol filters Comprehensive and flexible policies Stateful routing for all IP protocols Enhanced Exchange Server Integration Support for Outlook RPC over HTTP Enhanced Outlook Web Access security Easy to use configuration wizards Fully integrated VPN Unified firewall -- VPN filtering Site-to-site IPsec Tunnel Mode support Network access quarantine Secure Internet Information Server and SPS SSL Bridging for IIS and SPS Easy to use Web publishing wizards AD, RADIUS, SecurID authentication
New management tools and UI Ease of Use Efficient and cost effective network security Multi-network architecture Unlimited network definitions and types Firewall policy applied to all traffic Per network routing relationships Network templates and wizards Wizard simplifies routing configuration Easy setup for common network topologies Easily customized for sophisticated scenarios Visual policy editor Firewall policy with single, ordered rule-base Drag and drop editing, scenario-driven wizards XML-based configuration import and export Enhanced trouble-shooting Monitoring dashboard Real-time log viewer Content sensitive task panes
Commitment to integration Fast, Secure Access Empowers you to connect users to relevant information on your network in a cost efficient manner Enhanced architecture High speed data transport Utilizes latest Windows and PC hardware High speed application filtering platform Web cache Updated policy rules Serve content locally Pre-fetch content during low activity periods Internet access control User- and group-based Web usage policy Extensible by third parties Comprehensive authentication New support for RADIUS and RSA SecurID User- and group-based access policy Third-party extensibility
Call to Action Give ISA 2004 a try Consider buying SBS Premium instead of SBS Standard. If managing hardware firewalls, CHECK FOR FIRMWARE UPDATES.
For more information: Amy’s ISA in SBS blog: http://isainsbs.blogspot.com ISA Server Resource site http://www.isaserver.org Dana’s security blog: http://silverstr.ufies.org Firewall Dashboard http://www.scorpionsoft.com Dana Epp Microsoft Security MVP