Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител

Published byAileen Sparks Modified over 8 years ago

Similar presentations

Presentation on theme: "ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител"— Presentation transcript:

1 ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com

2 Agenda Firewall evolution ISA2004 Overview More features drilldown Scenarios and demos

3 Firewall Evolution

4 Traditional Firewalls Wide open to advanced attacks Code Red, Nimda Code Red, Nimda SSL-based attacks SSL-based attacks Performance vs. security tradeoff Bandwidth too expensive Bandwidth too expensive Too many moving parts Too many moving parts Limited capacity for growth Not easily upgradeable Not easily upgradeable Don’t scale with business Don’t scale with business Hard to manage Security is complex Security is complex IT already overloaded IT already overloaded Problem Implications Implications

5 ISA2004 Overview

6 What is ISA2004 Full blown edge firewall Wide variety of firewall edge scenarios VPN, Proxy & Cache Very easy to use Easy installation & setup Easy policy configuration Reduced risk of configuration mistakes Advanced protection for MS applications Built in MS-specific filters Defense in Depth High performance Highly secure platform

7 Scenarios Edge Firewall Multi Networks DMZ Web Caching Secure Publishing Exchange Web servers Others Remote Access (VPN) Branch office Remote site security S2S VPN – Including IPSec (for interop) Integrated Solution Single edge security solution Easy Unified management

8 What’s new vs. ISA2000 ? Support for multiple networks New integrated single policy model Intuitive UI Application Layer Filtering improvements Logging & monitoring Integrated VPN Security Enhancements And more…

9 Multiple Networks

10 ISA 2000 networking model Internal Network Internet DMZ 1 Single “outbound” policy Single “outbound” policy “In” (LAT) and “out” (Internet, DMZ)“In” (LAT) and “out” (Internet, DMZ) ISA 2000 Static PF Only Static filtering from DMZ to InternetOnly Static filtering from DMZ to Internet

11 The new networking model Network A Internet DMZ 1 DMZ 2 Network B VPN Network Any number of networks Any number of networks Assigned relationships Assigned relationships Per network policy VPN represented as network ISA 2004 Isolation of the firewall host

12 Demo 1: Connecting networks

13 New Policy Model

14 ISA 2000 rules Basic ISA 2000 rules: Protocol rules Site and Content rules Static packet filters Publishing rules Web publishing rules Other filtering configuration Other ISA 2000 rules: Address translation rules Web routing rules Cache rules Configuration policy Firewall policy

15 ISA 2004 Policy Rules Single rule base Rules evaluated in order Support for multiple networks Integration with application filtering – part of rule System rules for built in policies Rich set of building blocks

16 User Interface

17 The User Interface Drag & Drop toolbox Task pane for common tasks Wizards Network templates Dashboard Policy Editor Toolbox Network Templates Task Bars MMC…On Steroids!

18 Application Layer Filtering

19 IP/Port filtering is not enough Hackers attack via application layer vulnerabilities (Nimda, Slammer...) HTTP - the carrier protocol Users need the ability to define a fine grain, application level security policies. Firewalls need to understand applications, beyond TCP/IP

20 ISA 2004’s application filtering Open platform for app layer filtering Built in filters for common protocols Scenario-driven design (protect Exchange, IIS) Rich partners community

21 Logging and Monitoring

22 ISA Server 2004 Monitoring Goals Server Status – It’s a critical service Troubleshooting – Quick and easy Investigations – Attacks, mistakes Future Planning – optimizing network performance

23 ISA 2004 Monitoring Tools Dashboard – centralized view Alerts – One place for all problems Sessions – Active sessions view Services – ISA services status Connectivity – Connectivity to network svcs Logging – Powerful viewer of ISA logs Reports – Top users, Top sites, Cache hits…

24 Dashboard

25 Logging

26 Reports

27 Security Enhancements

28 Engine Security Enhancements Session quota restrictions Restriction of user sessions (protection against Denial of Service attacks) IP options filtering Filter out individual options Lockdown mode Restrict firewall machine access on service failures Fail to most secure mode

29 And there’s more… Authentication improvements RADIUS OWA Form authentication Secure ID Integrated VPN IPSec tunnel mode for interoperability Quarantine support Full control over RRAS Performance Improvements Kernel and user mode improvements Web proxy improvements due to integration into the firewall

30 Demo 2: Secure publishing Publishing Internal Mail Server SMTPPOP3/IMAP4RPC Publishing Internal Exchange 2003 Server Publishing Outlook web access Publishing RPC over HTTP Publishing RPC interfaces (NtFrs etc.)

31 QuestionsQuestions

32 © 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Download ppt "ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител"

Similar presentations

Faith Allington Program Manager Microsoft Corporation WSV322.

Faith Allington Program Manager Microsoft Corporation WSV322.
Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview

Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview
Remote Desktop Services

Remote Desktop Services
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Firewall Configuration Strategies

Firewall Configuration Strategies
Secure Messaging Nick Hall & James Clifford Microsoft.

Secure Messaging Nick Hall & James Clifford Microsoft.
Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation

Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation
Access Controls Supervised by: Dr.Lo’ai Tawalbeh Prepared by: Abeer Saif.

Access Controls Supervised by: Dr.Lo’ai Tawalbeh Prepared by: Abeer Saif.
Microsoft Internet Security & Acceleration Server Dave Sayers Technical Specialist Microsoft UK.

Microsoft Internet Security & Acceleration Server Dave Sayers Technical Specialist Microsoft UK.
Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.

Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.
ISA Server 2004. Microsoft’s Goals Security is a top priority for Microsoft, and we are committed to helping our customers protect their intellectual.

ISA Server Microsoft’s Goals Security is a top priority for Microsoft, and we are committed to helping our customers protect their intellectual.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Chapter 11: Dial-Up Connectivity in Remote Access Designs

Chapter 11: Dial-Up Connectivity in Remote Access Designs
Appliance Firewalls A Technology Review By: Brent Huston T h e B l a c k H a t B r i e f i n g s July 7-8, 1999 Las Vegas.

Appliance Firewalls A Technology Review By: Brent Huston T h e B l a c k H a t B r i e f i n g s July 7-8, 1999 Las Vegas.
Winter 2005-2006 Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Similar presentations

Ads by Google