1. Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa

2. Module 1 Introduction

3. The Purpose of the ISA Server  Microsoft® Internet Security and Acceleration Server 2000 (ISA Server) is an extensible enterprise firewall and Web cache server built on the Windows® 2000 operating system security, management and directory for policy-based access control, acceleration and management of internetworking.  ISA Server Enterprise Edition adds support for clustering, but makes modifications to the local domain's Microsoft Active Directory® active directory schema. For evaluation purposes, you should set up a four-computer test environment that is isolated from your production network.  With the ISA Server Standard Edition, you can review the core firewall and caching functionality of ISA Server without an update to your Active Directory schema.

4. The Purpose of The ISA Server (cont.)  ISA Server 2000 is an intelligent application layer firewall and Web caching server that helps protect the network from external attacks and from exploits that may originate from the internal network behind the ISA Server 2000 machine.  The ISA Server 2000 Web cache helps network users reduce overall bandwidth utilization and can provide for a faster Web access experience for campus Internet users by returning popular Web content from the ISA Server 2000 Web cache on the local network instead of from a increasingly congested Internet.  ISA Server can provide value to information technology managers, network administrators, and information security professionals who are concerned about the security, performance, manageability, or operating costs of their networks.  ISA Server can be used in a wide range of scenarios, from small schools, districts and satellite campuses to major, multi-campus systems and statewide networks.

5. End of Module

6. Module 2 ISA Server Installation

7. Installation Process

8. Installation Process (cont.)

17. End of Module

18. Module 3 Network Security

19.  The Threat (Internet) –Hackers/Crackers –Script Kiddies  Type of Firewalls –Traditional –Application

20. Hackers/Cracker  Skill Level –High Level  Motivation –Test Skill Level –Monetary Gain –Freedom

21. Script Kiddies  Skill Level –Low to Medium Level  Motivation –Imitation –Curiosity –Build Skill Level

22. Traditional Firewall  OSI Layer 3 & Layer 4  NAT  Function of SPI firewall –source address, destination address, source port, destination port and direction –Denial of Service (DoS) attacks, Ping of Death, SYN Flood, LAND Attack, and IP Spoofing (Pattern)  Great at lower level protocol attacks

23. Application Firewall (Proxies)  OSI Layer 7  Application Level Filtering (Going up the OSI Layer) –OS vulnerabilities, Application vulnerabilities –Nimda, Code Red, SQL Slammer worm, SQL poisoning –Most likely to spread via email or unfiltered/open port

24. End of Module

25. Module 4 ISA Server to the Rescue

26. ISA Server Architecture  Standalone  Enterprise –Firewall –Cache Proxy –Integrated

27. ISA Server as a Standalone [1]

28. ISA Server in the Enterprise [1]

29. Multi-layered Firewall  Static and Dynamic packet filtering  Circuit Filtering (ISA Client)  Application Filtering

30. Features of ISA Server  Stateful Inspection  Secure Server Publishing  Intrusion Detection  Client Transparency (SecureNAT)  Strong Authentication  SDK

31. Stateful Inspection  Allows ISA Server to determine the state of a given session  Configurable through access policy rules that open ports automatically (dynamic IP packet filtering)  Excellent for filtering streaming media applications

32. Secure Publishing  Web Server  Email Server (Exchange)  Servers are Never Exposed

33. Intrusion Detection  Licensed technology from Internet Security Systems  Administrator can set triggers  Triggers can be configured to stop the firewall, write to system log or run script

34. Client Transparency  SecureNAT  No client to install  Configurable for outbound traffic

35. Software Development Kit SDK  Create Custom Extensions  Comes with Sample Code  Detailed Documentation

36. Authentication Web Proxy Incoming/Outgoing Web Traffic  Basic (plain text) (Not Strong!)  Digest  Integrated Windows (NTLM & Kerberos)  Client Certificates  Pass-through authentication

37. End of Module

38. Module 5 A Closer Look to The ISA Server Management Tool

39. Management Console

40. ISA Server – Web Publishing Feature

41. ISA Server – Web Publishing Feature (cont.)

54. ISA Server – Web Cashing Feature

55. ISA Server – Web Cashing Feature (cont.)

61. Module 6 SQL Slammer Filter

62. Creating a Filter for SQL Slammer  Create a definition  Create a rule

63. Step 1 – Create Definition

64. Step 2

65. Step 3

66. Step 4

67. Step 5

68. Step 6

69. Step 7 – Create Rule

70. Step 8

71. Step 9

72. Step 10

73. Step 11

74. Step 12

75. Step 13

76. End of Module

77. Conclusion  ISA Server was designed to meet the needs of Internet- enabled business by providing enterprise-class security, fast Web caching performance and powerful unified management tools built for Windows 2000 and 2003 Server.  ISA Server provides a multilayered firewall with built-in intrusion detection to keep internal networks safe.  ISA Server provides businesses with secure, fast Internet connectivity built on the powerful management features of Windows 2000 and 2003 Server.  ISA Server provides scalability for both small and enterprise class environments

78. Resources  [1] http://www.microsoft.com/isaserver/http://www.microsoft.com/isaserver/  [2] http://www.isaserver.orghttp://www.isaserver.org  [3] http://www.techiwarehouse.com/Articles/20 02-12-23.html http://www.techiwarehouse.com/Articles/20 02-12-23.html  [4] http://labmice.techtarget.com/BackOffice/IS AServer2000/default.htm http://labmice.techtarget.com/BackOffice/IS AServer2000/default.htm

79. Glossary  Kerberos - a secure method for authenticating a request for a service in a computer network. Kerberos was developed in the Athena Project at the Massachusetts Institute of Technology (MIT).  NTLM - a Microsoft-Proprietary protocol that authenticates users and computers based on an authentication challenge and response.  Stateful Inspection - Stateful inspection is an advanced firewall architecture that was invented by Check Point Software Technologies in the early 1990s. Inspects the header of packets.  NAT - Network Address Translation (NAT) is the translation of an Internet Protocol address used within one network to a different IP address known within another network.