Configuring TMG as a Firewall

Slides:



Advertisements
Similar presentations
Enabling Secure Internet Access with ISA Server
Advertisements

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Guide to Network Defense and Countermeasures Second Edition
IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
1 Enabling Secure Internet Access with ISA Server.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
A Brief Taxonomy of Firewalls
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Intranet, Extranet, Firewall. Intranet and Extranet.
Chapter 6: Packet Filtering
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Chapter 13 – Network Security
FEATURES & FUNCTIONALITY. Page 2 Agenda Main topics Packet Filter Firewall Application Control Other features.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
FIREWALLS Prepared By: Hilal TORGAY Uğurcan SOYLU.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Module 7: Advanced Application and Web Filtering.
Security fundamentals Topic 10 Securing the network perimeter.
Module 10: Windows Firewall and Caching Fundamentals.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
Role Of Network IDS in Network Perimeter Defense.
Securing the Network Perimeter with ISA Server 2004 Ravi Sankar IT Professional Evangelist Microsoft.
Cryptography and Network Security
Unit 2 Personal Cyber Security and Social Engineering Part 2.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Defining Network Infrastructure and Network Security Lesson 8.
Security fundamentals
Virtual Private Network Access for Remote Networks
CompTIA Security+ Study Guide (SY0-401)
TMG Client Protection 6NPS – Session 7.
Installing TMG & Choosing a Client Type
Module 3: Enabling Access to Internet Resources
Enabling Secure Internet Access with TMG
Configuring Windows Firewall with Advanced Security
IT443 – Network Security Administration Instructor: Bo Sheng
Securing the Network Perimeter with ISA 2004
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Threat Management Gateway
Implementing TMG Server Publishing
Introduction to Networking
CompTIA Security+ Study Guide (SY0-401)
6.6 Firewalls Packet Filter (=filtering router)
Chapter 4: Access Control Lists (ACLs)
Firewalls at UNM 11/8/2018 Chad VanPelt Sean Taylor.
Server-to-Client Remote Access and DirectAccess
Firewalls Purpose of a Firewall Characteristic of a firewall
Setting Up Firewall using Netfilter and Iptables
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
Firewall.
Introduction to Network Security
(DNS – Domain Name System)
Designing IIS Security (IIS – Internet Information Service)
Protection Mechanisms in Security Management
Presentation transcript:

Configuring TMG as a Firewall 6NPS Session 6

Objectives Configure firewall settings Configure intrusion detection Configure IP options filtering Configure IP fragmentation settings Configure TMG to support a network topology Select appropriate templates Define networks Configure route relationships between networks

Network Interface Layer What Is a TCP/IP Packet? Network Interface Layer Destination Address: 0003FFD329B0 Source Address: 0003FFFDFFFF Physical payload Internet Layer Destination: 192.168.1.1 Source: 192.168.1.10 Protocol: TCP IP payload Transport Layer Destination Port: 80 Source Port: 1159 Sequence: 3837066872 Acknowledgment: 2982470625 TCP payload Application Layer HTTP Request Method: Get HTTP Protocol Version: =HTTP/1.1 HTTP Host: =www.contoso.com

What Is Packet Filtering? Packet filters control access to the network at the network layer It does this by inspecting and allowing or denying the IP Packets. Firewalls examine only information in the network and transport layer headers Packet-filtering firewalls can evaluate IP packets using: Destination address Source address IP Protocol and protocol number (TCP, UDP, ICMP), (TCP/6, PPTP/47) Direction (inbound, outbound, or both, for FTP, Receive only, send only or Both) Port Numbers (local and remote ports, fixed or dynamic)

What Is Packet Filtering? Advantages Inspects only network and transport layer headers, therefore very fast filtering Can block IP addresses, or allow IP addresses Can be used for ingress filtering (blocks source IP’s same as your local address) and egress filtering (prevents packets leaving your network with source different from local network) Disadvantages Cannot prevent IP address spoofing or source-routing attacks Cannot prevent IP-fragment attacks (only checks first fragment, others may contain malicious content) Not application aware.

What Is Packet Filtering? Is the … Source address allowed? Destination address allowed? Protocol allowed? Destination port allowed? Web Server Packet Filter TMG

What Is Stateful Filtering? Stateful filtering uses information about the TCP session to determine whether a packet should be blocked or allowed through the firewall. TCP uses three-way handshake This synchronizes the sequence number and acknowledgement number Advantages Ensures all network traffic forwarded by the firewall is part on an existing session, or matches the rules for creating a new session Implements dynamic filtering (opens a port to communicate with a web server) Disadvantages Does not block attacks at application level

What Is Stateful Filtering? Connection Rules Create connection rule Web Server Is packet part of a connection? Web Server TMG

What Is Application Filtering? Application-layer filtering inspects the application data in a TCP/IP packet for unacceptable commands and data Advantages Can stop attacks from sources such as viruses and worms

What Is Application Filtering? Get www.contoso.com Get method allowed? Respond to client Web Server TMG Does the response contain only allowed content and methods?

What is NIS? Network Inspection System Traffic analysis mechanism Able to discover invalid traffic based on static signatures TMG expands on this by evaluating 3 aspects of the network traffic: Protocol state The expected condition of the protocol at any point in time Message structure The validation of a message according to the protocol definition Message context The validation of a message in the context of the protocol state NIS operations are driven by signature definitions. created by Microsoft Malware Protection Centre (MMPC) A form of IPS (Intrusion Prevention System)

What is Intrusion Detection? Intrusion detection is a means of detecting when an attack against a network is attempted or in progress An IDS inspects all traffic in and out of the network and identifies patterns that may indicate a network or system attack IDS provide for configuring alerts or responses to intrusion attempts

What is Intrusion Detection? Alert the administrator Port scan limit exceeded All ports scan attack TMG

How TMG Filters Network Traffic 3 Application filtering Web Filters 2 Stateful and protocol filtering Web Proxy Filter Application Filters Rules Engine Firewall Service Firewall Engine 4 TCP/IP Kernel mode data pump Packet filtering 1

TMG Support for Multiple Networks TMG uses networks to define blocks of IP addresses that may be directly attached to the TMG computer or IP addresses that may be remote networks TMG uses these networks as components when you create access rules TMG supports unlimited networks

What is Multi-networking? Multi-networking means that you can configure multiple networks on TMG and configure network and access rules to inspect and filter all network traffic between all networks Allows for flexible options for network configurations Configurations include Three-legged firewall Two perimeter networks Two internal networks VPN client and VPN remote-site networks

Default Networks Enabled in TMG When TMG is installed with at least two network cards, it is configured with a default set of networks Local Host – Represents the TMG computer, traffic to and from TMG, not through External – All IP addresses that are not explicitly associated with any other network. Un-trusted Internal – All IP addresses that were specified as internal during the installation process VPN Clients – Addresses of currently connected VPN Clients Quarantined VPN Clients – Addresses of VPN clients that have not cleared quarantine Also see note on page 222, Network Sets, define groupings of networks. Default sets All Networks and All Protected Networks

How to Configure Network Rules When you enable networks or network objects on TMG, you can configure network rules that define how network packets will be passed between networks or between computers Network rules determine whether there is a relationship between two network entities and what type of relationship is defined Network relationships can be configured as; Route – client requests from the source network are directly routed to the destination network NAT – TMG replaces the IP address of the client on the source network with its own IP address. A NAT relationship is directional

How to Configure Network Rules Default network rules are; Local Host Access – defines a route relationship between Local Host network and all other networks VPN Clients to Internal Network – defines a route relationship among the Internal network and the Quarantined VPN Clients and the VPN Clients network Internet Access – defines a NAT relationship among the internal network, the Quarantined VPN Clients, and the VPN Clients networks and the External network.

What Are Perimeter Networks? A perimeter network is a network that is separated from an internal network and the Internet Perimeter networks allow external users to gain access to specific servers that are located on the perimeter network while preventing direct access to the internal network

What Are Perimeter Networks? Firewall Firewall Internet Internal Network

Benefits of Using a Perimeter Network? A perimeter network provides an additional layer of security: Between the publicly accessible servers and the internal network Between the Internet and confidential data or critical applications stored on servers on the internal network Between potentially nonsecure networks such as wireless networks and the internal network Use defense in depth in addition to perimeter network security

Network Perimeter Configuration Options Bastion host – only a single firewall between the Internet and the internal network Three-legged configuration – creates a perimeter network that gives users on the Internet limited access to network resources on the perimeter network while preventing unwanted traffic to computers on the local network Back-to-Back configuration – places the perimeter network between two firewalls.

Three-legged configuration Back-to-back configuration Bastion host Three-legged configuration LAN Perimeter Network Web Server LAN Back-to-back configuration Perimeter Network LAN

Practice: Configuring Perimeter Network Add Perimeter Network (Page 224) Create Network Rules (Page 226) Win7 www TMG Internet DC

How to Implement Network Templates To implement a network template, run the Network Template Wizard as part of the getting started wizard Select the firewall access policy that best matches your corporate security guidelines

How to Implement Network Templates Bastion host Three-legged configuration LAN Perimeter Network Web Server LAN Back-to-back configuration Deploy the 3-Leg Perimeter template Deploy the Edge Firewall template LAN Perimeter Network Deploy the Front-End or Back-End template Deploy the Single Network Adapter template for proxy and caching only

NIS (Network Inspection Systems) NIS uses signatures of known vulnerabilities from the Microsoft Malware Protection Center to help detect and block malicious traffic. Before Forefront TMG can start blocking known vulnerability attacks, you must download the latest NIS signature set from either Microsoft Update or Windows Server Update Services (WSUS).

Practice: Configuring NIS Configure NIS (Network Inspection System) (page 311) Test NIS Win7 www TMG Internet DC

Intrusion Detection Options Intrusion detection on TMG: Compares network traffic and log entries to well-known attack methods and raises an alert when an attack is detected Detects well-known IP attacks Includes application filters for DNS and POP that detect intrusion attempts at the application level

How to Configure Intrusion Detection

IP Preferences Configuration Options IP preferences are used to: Block or enable network traffic that has an IP option flag set You can block all packets with IP options, or selected packets Block or enable network traffic where the IP packet has been split into multiple IP fragments Blocking IP fragments may affect streaming audio and video, and L2TP over IPSec traffic Enable or disable IP routing With IP routing enabled, TMG forwards IP packets between networks without recreating the packet

How to Configure IP Preferences

Practice: Configuring Intrusion Detection Modify the default intrusion detection configuration (page 324) Test intrusion detection Win7 www TMG Internet DC

What Are Application Filters? Application filters can: Enable firewall traversal for complex protocols Enable protocol-level intrusion detection Enable protocol-level content filtering Generate alerts and log events Application Server TMG

What Are Web Filters? Web filters can: Scan and modify HTTP requests Scan and modify HTTP responses Block specified responses Log and analyze traffic Encrypt and compress data Implement custom authentication schemes Web Server TMG

Why Use Application and Web Filters? Application and Web filters provide: Protection against malicious code by blocking packets that have worm or virus characteristics Protection against user actions by blocking the download of harmful programs or ensuring that some types of data do not leave the network Protection against specific network connections by blocking connection attempts by specific applications Integration with third-party or custom filters that have been developed using the application filter API or the Web filter API

Application and Web Filter Architecture Filters 3 Web Filter API Web Proxy Filter 2 Application Filters Rules Engine Application Filter API Firewall Service 4 1 Firewall Engine

How the HTTP Web Filter Works Use HTTP filtering to: HTTP filtering is rule specific so you can configure different filters for each access or publishing rule Filter traffic from internal clients to other networks Filter traffic from Internet clients to internal Web servers HTTP filters enable filtering of HTTP packets based on several criteria

How to Configure HTTP Web Filter Configure maximum header length Configure maximum payload length Configure maximum URL and query length

How to Configure HTTP Web Filter Methods Configure allowed or blocked methods

How to Configure HTTP Web Filter Extensions Configure allowed or blocked extensions

How to Configure HTTP Web Filter Headers Configure headers that will be blocked Configure server header settings Configure Via header settings

How to Configure HTTP Web Filter Signatures Configure blocked signatures

How to Identify an HTTP Application Signature HTTP Request Request Header GET.http://www.contoso.com/.HTTP/1.0. .Accept:.image/gif,.image/x-xbitmap, .image/jpeg,.image/pjpeg, .application/vnd.ms-excel, .application/vnd.ms-powerpoint, .application/msword,.*/*. .Accept-Language:.en-us. .If-Modified-Since:.Fri,.11.Oct.2002.20:30:04.GMT. .If-None-Match:."06ee8fa6471c21:428". .User-Agent:.Mozilla/4.0.(compatible;.MSIE.6.0; .Windows.NT.5.1). .Host:.www.contoso.com. .Proxy-Connection:.Keep-Alive... HTTP Header Signature

Best Practice: HTTP Filter Configuration for Web Publishing To configure a baseline HTTP filter: Configure maximum header, payload, URL and query lengths Verify normalization and do not block high-bit characters Allow only GET, HEAD, and POST Block executable and server side includes extensions Block potentially malicious signatures Use the httpfilterconfig.vbs script from the TMG CD to import and export HTTP filter configurations

Practice: Configuring HTTP Filtering Testing HTTP Connections with Default HTTP Filter Importing and Testing Sample HTTP Filter Settings Modifying HTTP Filter Settings External Web Intranet Web Server TMG Internet DC

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.