Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Edge Protection: A Technical Deep-Dive into Internet Security & Acceleration Server 2006 1.

Published byPosy Cannon Modified over 8 years ago

Similar presentations

Presentation on theme: "Network Edge Protection: A Technical Deep-Dive into Internet Security & Acceleration Server 2006 1."— Presentation transcript:

1 Network Edge Protection: A Technical Deep-Dive into Internet Security & Acceleration Server 2006 1

2 Agenda What Is ISA Server 2006? Technical Review of: Secure Application Publishing Branch Office Security Internet Access Protection ISA on Appliances Summary

3 What is ISA Server 2006? ISA Server 2006 is the integrated edge security gateway that helps protect your IT environment from Internet-based threats while providing your users with fast, more secure access to applications and data. Three Deployment Scenarios Making Exchange, SharePoint and Web application servers available for secure remote access Securely connecting your branch offices and utilizing bandwidth efficiently Protecting your environment from internal users accessing unwanted or harmful content on the Internet

4 Secure Application Publishing 4 “We have multiple applications, and everybody has too many passwords and too many logons. Our goal was to make it so that once an employee gains access to our intranet home page, he or she doesn’t have to log on again to use another application.” – Wendy Lou, IT Security Architect, Northwest Airlines

5 The Concerns An increasing number of employees need access to information hosted on the corporate network 1 Hackers want to steal information on corporate data servers for personal gain. Able to evade current “hardware” firewall by hiding attacks in encrypted sessions 2 Opening “ports” on the corporate firewall to company resources puts the customer at risk of Internet-based attackers 3 Traditional “hardware” firewalls are not specifically built to protect Exchange & SharePoint® Portal Server 4

6 Secure Application Publishing

7 The Solution Single sign-on for access to multiple servers Exchange & SharePoint publishing tools Automatic translation of links to internal shares NTLM, Kerberos authentication support Smartcard & one-time password support Authentication with Active directory via LDAP Load balancing of server farms Pre-authentication so only valid traffic reaches servers Strong user/group based access controls Inspection of encrypted traffic using SSL Bridging

8 ISA 2006 and IAG 2007 ISA 2006 General application access from Web-enabled clients when content-specific policy is not needed IAG 2007 Customizable and differentiated application access based on user identity, content / file attributes, URL and client security state

9 Branch Office Security Much of our business relies on Web-based transactions between our branch offices and the main servers at our head office. Due to bandwidth restrictions at some of the more remote locations, we were limited in the types of solutions we could deploy.” – Josée Corriveau, Applications Architecture and Infrastructure Manager, Desjardins Group

10 The Concerns Branch office employee productivity suffers when they cannot access corporate data at the main office, or when data access is slow. 1 The cost of WAN links is a major line item for many companies with extensive branch office deployments. 2 Companies with large numbers of branch offices need to reduce the overhead in managing thousands of firewall and Web proxy servers. 3 Branches not as tightly managed can lead to increased probability of a security breach that can impact the main office network. 4

11 Branch Office Security

12 The Solution Integrated application-layer firewall, VPN & web proxy BITS support to accelerate software update deployment HTTP traffic compression to minimize bandwidth use Cache Array Routing protocol for efficient cache use Enterprise & array policy model for large deployments DiffServ IP settings for traffic prioritization Answer files on removable media for unattended installation Web caching for faster response times Central policy storage and fast propagation of policy using bandwidth optimizations

13 Internet Access Protection “It’s important that we control users connecting to the Internet for legal reasons. A number of our staff is highly trained medical professionals who need access to information about sensitive issues within sports medicine.” – Mark Richards, Head of Information Systems, English Institute of Sport

14 The Concern Security breaches require that customers determine the source of the breach (what user, on what computer, at what time, using what application). 1 Uncontrolled Internet access can lead to decrease in employee productivity as well as them introducing viruses, worms, Trojan horses, and other exploit code to the internal network 2 A variety of apps can be used to send proprietary info out to the Internet, such as e- mail, newsgroups, peer-to-peer file sharing, instant messaging, and more. 3 Slow or unusable Internet connections can put the company at a competitive disadvantage and reduce overall employee productivity 4

15 Internet Access Protection

16 The Solution Integrated application- layer firewall & web proxy Built-in traffic inspection for over 120 protocols Enhanced protection against DoS, DDoS & DNS attacks Integrated Network Load Balancing for high availability Enhanced worm protection through connection quotas Comprehensive alert triggers & responses Security- enhanced remote management using TLS Fast RAM & on-disk caching for fast web page response times Customizable cache rules for flexibility

17 ISA 2006 on Appliances 1.Hardware comes preloaded, preconfigured, and pretested with ISA Server. 2.Hardened configuration for reduced attack surface. 3.Easy to purchase, set up, and deploy. 4.Out-of-box configuration tools and Web- based administration available

18 More information Configuration Training, Capacity Planner & more tools on http://www.microsoft.com/isaserver http://www.microsoft.com/isaserver Try out FREE virtual labs at http://www.microsoft.com/technet/traincert/virtuallab/isa.mspx http://www.microsoft.com/technet/traincert/virtuallab/isa.mspx 1 Download trials, demos, test environments, & virtual hard disks from http://www.microsoft.com/forefront/edgesecurity/trial.mspx http://www.microsoft.com/forefront/edgesecurity/trial.mspx 2 3

19 Windows ITPro Readers vote ISA Server 2006 as number one in Firewall/Server Category! ISA Server 2006 wins Redmond Reader’s Choice Awards in Software-Based Firewall Category! Summary Secure Application Publishing Branch Office Security Internet Access Protection An integral part of Microsoft Forefront™ Visit http://www.microsoft.com/infrastructurehttp://www.microsoft.com/infrastructure Learn more about how ISA Server 2006 fits in the Forefront & System Center solution Download beta/evaluation software

Download ppt "Network Edge Protection: A Technical Deep-Dive into Internet Security & Acceleration Server 2006 1."

Similar presentations

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Outpost Office Firewall Product presentation. What is Outpost Office Firewall? Software firewall solution designed especially to meet small and medium.

Outpost Office Firewall Product presentation. What is Outpost Office Firewall? Software firewall solution designed especially to meet small and medium.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview

Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview
Microsoft Security Solutions A Great New Way of Making $$$ !!! Jimmy Tan Platform Strategy Manager Microsoft Singapore.

Microsoft Security Solutions A Great New Way of Making $$$ !!! Jimmy Tan Platform Strategy Manager Microsoft Singapore.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.

Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.
At their deskAt their desk In a branchIn a branch On the roadOn the road Protect data & PCsProtect data & PCs Built on Windows Vista foundation Easy.

At their deskAt their desk In a branchIn a branch On the roadOn the road Protect data & PCsProtect data & PCs Built on Windows Vista foundation Easy.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
1 SharePoint Momentum 17K+ Customers, 100M Licenses Leader in Gartner ® Magic Quadrants, Forrester Wave TM Continued Platform and Application Innovation.

1 SharePoint Momentum 17K+ Customers, 100M Licenses Leader in Gartner ® Magic Quadrants, Forrester Wave TM Continued Platform and Application Innovation.
Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.

Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.

Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

Similar presentations

Ads by Google