TMG Client Protection 6NPS – Session 7.

Slides:

Advertisements

Similar presentations

Enabling Secure Internet Access with ISA Server

Advertisements

Paul Vanbosterhaut Managing Director, Vircom Europe January 2007 ModusGate™ 4.4 Smart Assurance Gateway Not Just Warmed-over Open Source Technology…

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.

What's new in Threat Management Gateway (TMG) 2010 Ronald Beekelaar

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

Guide to Operating System Security Chapter 10 Security.

1 Integrating ISA Server and Exchange Server. 2 How works.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

1 Enabling Secure Internet Access with ISA Server.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

Norman SecureSurf Protect your users when surfing the Internet.

2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.

Securing Exchange Server Session Goals: Introduce you to the concepts and mechanisms for securing Exchange Examine the techniques and tools.

Managing Client Access

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.

Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.

Chapter 6: Packet Filtering

Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite

Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.

Safeguarding OECD Information Assets Frédéric CHALLAL Head, Systems Engineering Team OECD.

1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.

Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.

Module 7: Advanced Application and Web Filtering.

Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training WatchGuard XCS What’s New in version 10.1.

Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.

Security fundamentals Topic 10 Securing the network perimeter.

Security fundamentals Topic 9 Securing internet messaging.

Internet Applications (Cont’d) Basic Internet Applications – World Wide Web (WWW) Browser Architecture Static Documents Dynamic Documents Active Documents.

ASP-2-1 SERVER AND CLIENT SIDE SCRITPING Colorado Technical University IT420 Tim Peterson.

SEC304 Enhancing Exchange, OWA and IIS Security with ISA Server Feature Pack 1 Steve Riley Microsoft Corporation

Securing the Network Perimeter with ISA Server 2004 Ravi Sankar IT Professional Evangelist Microsoft.

Regan Little. Definition Methods of Screening Types of Firewall Network-Level Firewalls Circuit-Level Firewalls Application-Level Firewalls Stateful Multi-Level.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Network System Security - Task 2. Russell Johnston.

Security fundamentals

Chapter 40 Internet Security.

BUILD SECURE PRODUCTS AND SERVICES

Chapter 5 Electronic Commerce | Security Threats - Solution

Essential tools for implementing and testing websites

Module 3: Enabling Access to Internet Resources

Enabling Secure Internet Access with TMG

Configuring Windows Firewall with Advanced Security

Securing the Network Perimeter with ISA 2004

Chapter 5 Electronic Commerce | Security Threats - Solution

Threat Management Gateway

Configuring TMG as a Firewall

Information Security Session October 24, 2005

Configuring Internet-related services

Management Suite v2.0 DoubleCheck Manager Management Suite v2.0.

Firewalls Chapter 8.

Hosted Security.

Using Software Restriction Policies

Unit 6.10 – L3 Internet Security

Security Insights: Secure Messaging

Presentation transcript:

TMG Client Protection 6NPS – Session 7

Objectives Understand and implement malware inspection Understand and implement URL filtering Understand E-mail threats and TMG SMTP protection Understand application filter and implement HTTP & HTTPS inspection.

Malware Inspection in TMG Many of the malware found in networks today is brought in on user’s laptops. Many malware are also downloaded by naive users TMG Malware Inspection was designed to detect and stop the evil bits in the HTTP stream that is sent to clients in protected networks before the evil bits can gain access Malware Inspection operates as one of the TMG Web filters.

Malware Inspection in TMG The main goals of TMG Malware Inspection are: Minimize the threat imposed by Web-sourced malware Provide malware defence for hosts in TMG-protected networks Minimize the impact on TMG performance Provide a mechanism that is reliable and flexible By default, TMG installs with a basic malware detection signature database. Can use Microsoft Updates or manually update malware inspection can be enabled globally or on a per rule, source, destination or user basis

Practice: Configuring Malware Inspection Configure Malware Inspection (Page 432) www TMG Win7 Internet DC

URL Filtering How URL Filtering Works URL filtering enhances TMG firewall policies by controlling access to Web sites based on their URL category membership This feature works dynamically. Web sites categorized by the MRS are posted to Microsoft Update (MU) and downloaded from MU by TMG. MRS aggregates reputation data from multiple vendors and uses telemetry to improve data accuracy.

URL Filtering User sends a request for a Web site. TMG intercepts the request and determines whether URL categorization is needed. TMG needs to determine the category to which this URL belongs to allow or deny this traffic based on the rules available. If URL categorization is needed, name resolution is done for the URL and the URL is matched to category. When URL categorization is not needed, TMG marks the request as not categorized and logs the category to be used in case it needs to send a denial to the user. The rule allowing the request is then matched and TMG determines whether the rule allows or denies the category. If categorization is needed at the rule, a request marked as not categorized is blocked and a denial is sent to the user; otherwise, the rule verifies the category matched and then TMG allows or denies the action based on whether the rule allows that category.

Practice: Configuring Malware Inspection Configure URL Filtering(Page 470) www TMG Win7 Internet DC

Enhancing E-Mail Protection E-mail has been used by hackers to distribute malicious content to users. Networks have been breached by attacks using malicious code and worms that bypass the protection offered by a common firewall as they tunnel the malicious code through the e-mail protocol as most firewalls don’t inspect e-mail content. As e-mail can include file attachments, hackers can send malicious code in. E.g. The Melissa virus in 1999 and the ILOVEYOU e-mail virus in 2000. Hackers are ableto inject code through e-mail to run custom applications automatically while the end users were reading their e-mail because of the prevalence of the HTML e-mail format; worms and viruses such as the KaK worm, BubbleBoy virus, and Nimda virus have used HTML-rendered e-mail to spread.

E-Mail Attack Methods E-Mail Attachments with Malicious Code Melissa AnnaKournikova SirCam ILOVEYOU Took advantage of trusts between people in your contacts Malformed MIME Headers The Multipurpose Internet Mail Extension (MIME) is an Internet standard MIME headers specify fields such as date, filename, or subject line. In Outlook Express the date and filename fields were susceptible to buffer overflow attacks. Hackers could execute arbitrary code on the victim’s computer e.g. Nimda Embedded Scripts and ActiveX Content HTML Email formats can allow programs or code to be executed on the target computer e.g. KaK worm and BublleBoy virus Spam and Phishing

How SMTP Protection Works Exchange 2007 SPAM protection Exchange 2007 offers strong message filtering capabilities, such as connection filtering, sender and recipient filtering, and sender ID and reputation. Forefront Protection 2010 for Exchange Server Forefront Protection 2010 for Exchange Server extends Exchange Server 2007 e-mail filtering capabilities by adding enhanced malware protection through the use of multiple anti-malware engines. TMG SMTP filter and centralized management The SMTP application filter verifies the SMTP conversation by validating the SMTP verbs against a predefined list and the current SMTP protocol state. TMG also provides a single place from which to manage the e-mail protection features in Exchange 2007 anti-spam and anti-virus and Forefront Protection 2010 for Exchange Server.

HTTP & HTTPS Inspection The Web Proxy Application Filter The main purpose of the Web Proxy application filter is to process HTTP and HTTPS inspection. The Web Proxy filter provides compression, authentication, and caching features through the use of Web filters, which operate as plug-ins to the Web Proxy filter.

HTTP Filter The HTTP Filter is an application-layer filter used by the Web Proxy engine for HTTP protocol application-layer filtering. The HTTP Filter provides granular control over HTTP communication by examining HTTP commands and data. Can’t block the protocol HTTP as this is required for accessing resources on the internet. But many unwanted application also use HTTP i.e. Kazaa, Messenger, WebDav, etc The TMG HTTP Filter helps you restrict traffic by blocking requests according to several HTTP features such as HTTP headers, length and URL patterns, HTTP method, HTTP body content and content-types, and file extensions. TMG HTTP filtering configuration is rule specific, so that you can apply different levels and types of filtering depending on the specific requirements of your firewall policy.

SAMPLE Practical Test Test1 Session 8 Practical & Theory 2 hours Total Theory test 1hour max (Closed book) Practical test 1remaining of the 2 hours (open book ie. Textbook, worksheets and power points ONLY) SAMPLE Practical test