ISA Server 2004

Microsoft’s Goals Security is a top priority for Microsoft, and we are committed to helping our customers protect their intellectual property and data RemediationInnovation

Approximately 70 percent of all Web attacks occur at the application layer - Gartner From 2000 to 2002 reported incidents rose from 21,756 to 82,094 – CERT, 2003 Nearly 80 percent of 445 respondents surveyed said the Internet has been a frequent point of attack, up from 57 percent just four years ago – CSI/FBI Computer Crime and Security Survey Security Issues Today At Risk The Soft Underbelly

Customer Impact Application Layer Attacks Identity Theft Web Site Defacement Unauthorized Access Modification of Data, Logs and Records Theft of Proprietary Information Service Disruption Implications Compliance: Sarbanes Oxley Gramm Leach Bliley US Patriot HIPPA The Privacy Act (CA) Litigation File Sharing File Sharing Piracy Piracy HR Issues HR Issues Shareholder Suits Shareholder Suits

Security - Defense In Depth Data and Resources Application Defenses Host Defenses Network Defenses Perimeter Defenses Assume Prior Layers Fail Perimeter Defenses: Packet Filtering, Stateful Inspection of Packets, Intrusion Detection Network Defenses: VLAN Access Control Lists, Internal Firewall, Auditing, Intrusion Detection Host Defenses: Server Hardening, Host Intrusion Detection, Auditing Application Defenses: Validation Checks, Verify HTML / Cookies Source, Secure IIS Data and Resources: Databases, Network Services and Applications, File Shares

TWC At The Perimeter Security in depth begins at the perimeter Limits access from outside to known ports Blocks reconnaissance Blocks casual trespass The central place to enforce network policy Privacy in depth ends at the perimeter Can block known ports used by Trojans Reliability enabled at the perimeter Keeps DoS attacks on the “outside” Manages network load with proxy cache Integrity enabled at the perimeter VPN termination creates “virtual” company network

Traditional Firewalls Wide open to advanced attacks Code Red, Nimda Code Red, Nimda SSL-based attacks SSL-based attacks Performance vs. security tradeoff Bandwidth too expensive Bandwidth too expensive Too many moving parts Too many moving parts Limited capacity for growth Not easily upgradeable Not easily upgradeable Don’t scale with business Don’t scale with business Hard to manage Security is complex Security is complex IT already overloaded IT already overloaded

Perimeter Security Evolution Wide open to advanced attacks Application-level protection Performance vs. security tradeoff Security and performance Limited capacity for growth Extensibility and scalability Hard to manage Easier to use

“The advanced application layer firewall, VPN and Web cache solution that enables customers to maximize IT investments by improving network security & performance” Introducing: ISA Server 2004 Advanced protection Fast, Secure Access Ease of use

Microsoft ISA Server 2004 Multi-layer firewall, VPN and Web cache solution Secures the network edge with advanced application-layer protection Application-aware intelligent security with stateful inspection protects against the latest types of threats Easy to use and rich management tools reduce TCO and help prevent firewall misconfiguration An integrated solution that enabled diverse deployment scenarios with secure anytime / anywhere access to applications and data Enhances user productivity with fast web access, protects network infrastructure investments What it is What it does Key Features

Microsoft ISA Server 2004 Next-generation security Application- aware Simplified management Integrated solution Enables diverse scenarios Multi-layer protection All-new user interface Secure, fast access to business applications Government certification New features

Application Layer Filtering Modern threats call for deep inspection Protects network assets from exploits at the application layer: Nimda, Slammer... Provides the ability to define a fine grain, application level, security policy Best protection for Microsoft applications Application filtering framework Built in filters for common protocols HTTP, SMTP, RPC, FTP, H.323, DNS, POP3, Streaming media Scenario-driven design Extensible plug-in architecture

Industry-Leading Performance Optimized performance architecture Industry-leading application filtering performance Optimized for real life usage scenarios Scale up with additional CPUs Network computing magazine app. level firewalls review (3/03) full inspection performance [Mbps]: Symantec FW Sidewinder Checkpoint NG FP3 ISA 2000 FP1 Raw throughput performance [Mbps]: ISA 2000 (Dec 2000) Gbps ISA 2004 (Today) * * Beta results How? Design improvements IP Stack improvements Hardware improvements

Ease of Use Unified firewall policy Keeps administration costs low Simplified administration tools Reduces training costs

Task-Based Administration All tools for common tasks in one place Reduced risk of misconfiguration

Monitoring and Reporting Real-time monitoring for troubleshooting Variety of report formats summarizes Internet activity and performance

Adjusts to Network Changes Flexibility to support most network types Templates simplify many deployments Fast, easy deployment

ISA Server 2004 Architecture

Network Design Any number of networks Packet filtering on all interfaces NAT or routing between networks VPN as network Local host as network Per-network policies Any topology, any policy CorpNet_1 CorpNet_n Net A Internet VPN ISA 2004 DMZ_n DMZ_1 Local Host Network

Comprehensive Protection Filtering at all levels TCP/IP Firewall Engine Firewall Service Application Filters Web Proxy Filter Policy Engine Local Policy Store Enterprise Policy Store (EE) Web Filters Packet layer filtering 1 Protocol layer filtering 2 Application layer filtering 3 ISA Server

Extensibility NDIS Policy Engine Firewall EngineIP Stack Firewall Service Application Filter API Application Filter Web Proxy Filter Web Filter API Application Filter Application Filter Application Filter Web Filter Web Filter

Firewall Policies Flexible Rule Structure   Allow   Deny   Source network   Source IP address   Destination network   Destination IP address   Destination site   Protocol   IP Port / Type Published server Published Web site Schedule Filtering properties action on traffic from user from source to destination with conditions   User   Group

Enabling Diverse Customer Scenarios

Such As… Secure access via the Internet Enable web applications on the Internet Secure partner connectivity Secure remote access Remote branch office Rich internet access policies Fast user web access Protect users from malicious traffic

Controlling Traffic The challenges of controlling traffic: VPN? Outlook? OWA? IMAP4? POP3? Malformed SMTP, malicious attachments ISA Server helps protect mail servers: Easy configuration of client access using a wizard Support for all major mail protocols Content filtering of SMTP-based Support for Outlook Web Access (OWA): Content inspection Attachment blocking Strong authentication

Outlook Client Access The challenge of providing access for Outlook clients RPC cannot pass securely across traditional firewalls because requires secondary ports ISA Server helps secure RPC traffic: Application-layer filtering allows only traffic that is negotiated between client and server ISA Server can enforce RPC encryption RPC server (Exchange) RPC client (Outlook) ServiceUUIDPortExchange{ aabbcc…4402 AD replication { ddeeff-…3544 MMC{ gghhii-…9233 Server maintains table of RPC services Client: Port for { bb... ? Server: Port 4402 TCP 135 Client: Data Exchange over port 4402

Blocking Web Server Attacks Internet ISA Server The challenge of securing Web servers: Web servers are under constant attack from the Internet Most of today’s attacks against Web servers are contained in HTTP requests ISA Server blocks attacks before they reach Web servers Application-layer filtering inspects the content of HTTP requests and responses Administrator-defined filters can block virtually any traffic pattern while allowing legitimate traffic

Blocking Embedded Protocols HTTP deep content inspection example P2P IM Tunneling Software Internet Conventional Firewall ISA Server 2004 InternalUserInternalUser In the beginning… P2P apps used fix ports Your Firewall can block fixed ports. Admins had granular control of their networks traffic Applications got smarter… Applications started to use the HTTP Protocol as a transport protocol. While good for users, administrators lost granular control of their networks ISA Server 2004 gives you back that control The deep HTTP protocol inspection Blocks tunneled traffic at the edge

Inspecting Encrypted Traffic The challenge of encrypted Web traffic: Traffic to Web servers must be encrypted to ensure confidentiality, but encrypted traffic bypasses firewall inspection ISA Server SSL Bridging SSL Traffic to your Web server is encrypted across the Internet, ensuring confidentiality ISA Server decrypts the traffic, performing application- layer inspection to help secure the Web server ISA Server forwards allowed traffic to Web server Internet ISA Server Web Server Traditional Firewall SSL SSL or HTTP

VPN Access The challenge of providing VPN access: Configuring secure remote access is time-consuming, difficult and expensive. Remote clients extend the perimeter of the corporate network. VPNs with ISA Server Client or site-to-site VPN connections Utilizes VPN features in Windows Server 2003 Supports PPTP and L2TP/IPsec, IPsec Tunnel Mode Integration with third-party VPN servers Full integration with firewall policy Easy configuration using wizards Network quarantine

Accelerating Internet Access The challenge of providing fast Internet access: Insufficient bandwidth hampers productivity, providing more bandwidth is expensive ISA Server accelerates access to Web content and decreases bandwidth needs: Web caching keeps local copies of Web content Serving content from the cache accelerates responses to user requests and saves bandwidth No configuration required, but extensive customization possible, if desired GET Client Client 2 Internet ISA Server

Integrated Solution Enterprise-class features for any business Realize savings through integration One-stop solution for Internet access Firewall, access control, caching, publishing, and VPN in a single component Centralized administration Full logging and extensive reporting Real-time monitoring

Call to Action No IIS, Exchange or SQL Server deployment is complete without Microsoft ISA Server Protect your network from the Internet and accelerate Internet access Save time and resources by securely connecting any size office to the Internet Trust a firewall with an excellent track record

Reasons to Upgrade Improve on Microsoft Internet Security and Acceleration Server 2000 Advanced application-layer protection Improved ease of use High performance Multiple network support New policy model Application-layer filtering Better performance Integrated policy enforcement for VPN clients VPN client quarantine Multiple network support New policy model Application-layer filtering Better performance Integrated policy enforcement for VPN clients VPN client quarantine Support for more protocols Packet filtering on all interfaces Better RPC publishing New authentication options Real-time monitoring Easier administration tools Support for more protocols Packet filtering on all interfaces Better RPC publishing New authentication options Real-time monitoring Easier administration tools

Summary ISA Server 2004 Delivers Next-generation edge security Application-aware Integrated solution Simplified management Enables diverse scenarios Key features Multi-layer protection Secure access to business applications Simplified management