Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa
Module 1 Introduction
The Purpose of the ISA Server Microsoft® Internet Security and Acceleration Server 2000 (ISA Server) is an extensible enterprise firewall and Web cache server built on the Windows® 2000 operating system security, management and directory for policy-based access control, acceleration and management of internetworking. ISA Server Enterprise Edition adds support for clustering, but makes modifications to the local domain's Microsoft Active Directory® active directory schema. For evaluation purposes, you should set up a four-computer test environment that is isolated from your production network. With the ISA Server Standard Edition, you can review the core firewall and caching functionality of ISA Server without an update to your Active Directory schema.
The Purpose of The ISA Server (cont.) ISA Server 2000 is an intelligent application layer firewall and Web caching server that helps protect the network from external attacks and from exploits that may originate from the internal network behind the ISA Server 2000 machine. The ISA Server 2000 Web cache helps network users reduce overall bandwidth utilization and can provide for a faster Web access experience for campus Internet users by returning popular Web content from the ISA Server 2000 Web cache on the local network instead of from a increasingly congested Internet. ISA Server can provide value to information technology managers, network administrators, and information security professionals who are concerned about the security, performance, manageability, or operating costs of their networks. ISA Server can be used in a wide range of scenarios, from small schools, districts and satellite campuses to major, multi-campus systems and statewide networks.
End of Module
Module 2 ISA Server Installation
Installation Process
Installation Process (cont.)
End of Module
Module 3 Network Security
The Threat (Internet) –Hackers/Crackers –Script Kiddies Type of Firewalls –Traditional –Application
Hackers/Cracker Skill Level –High Level Motivation –Test Skill Level –Monetary Gain –Freedom
Script Kiddies Skill Level –Low to Medium Level Motivation –Imitation –Curiosity –Build Skill Level
Traditional Firewall OSI Layer 3 & Layer 4 NAT Function of SPI firewall –source address, destination address, source port, destination port and direction –Denial of Service (DoS) attacks, Ping of Death, SYN Flood, LAND Attack, and IP Spoofing (Pattern) Great at lower level protocol attacks
Application Firewall (Proxies) OSI Layer 7 Application Level Filtering (Going up the OSI Layer) –OS vulnerabilities, Application vulnerabilities –Nimda, Code Red, SQL Slammer worm, SQL poisoning –Most likely to spread via or unfiltered/open port
End of Module
Module 4 ISA Server to the Rescue
ISA Server Architecture Standalone Enterprise –Firewall –Cache Proxy –Integrated
ISA Server as a Standalone [1]
ISA Server in the Enterprise [1]
Multi-layered Firewall Static and Dynamic packet filtering Circuit Filtering (ISA Client) Application Filtering
Features of ISA Server Stateful Inspection Secure Server Publishing Intrusion Detection Client Transparency (SecureNAT) Strong Authentication SDK
Stateful Inspection Allows ISA Server to determine the state of a given session Configurable through access policy rules that open ports automatically (dynamic IP packet filtering) Excellent for filtering streaming media applications
Secure Publishing Web Server Server (Exchange) Servers are Never Exposed
Intrusion Detection Licensed technology from Internet Security Systems Administrator can set triggers Triggers can be configured to stop the firewall, write to system log or run script
Client Transparency SecureNAT No client to install Configurable for outbound traffic
Software Development Kit SDK Create Custom Extensions Comes with Sample Code Detailed Documentation
Authentication Web Proxy Incoming/Outgoing Web Traffic Basic (plain text) (Not Strong!) Digest Integrated Windows (NTLM & Kerberos) Client Certificates Pass-through authentication
End of Module
Module 5 A Closer Look to The ISA Server Management Tool
Management Console
ISA Server – Web Publishing Feature
ISA Server – Web Publishing Feature (cont.)
ISA Server – Web Cashing Feature
ISA Server – Web Cashing Feature (cont.)
Module 6 SQL Slammer Filter
Creating a Filter for SQL Slammer Create a definition Create a rule
Step 1 – Create Definition
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7 – Create Rule
Step 8
Step 9
Step 10
Step 11
Step 12
Step 13
End of Module
Conclusion ISA Server was designed to meet the needs of Internet- enabled business by providing enterprise-class security, fast Web caching performance and powerful unified management tools built for Windows 2000 and 2003 Server. ISA Server provides a multilayered firewall with built-in intrusion detection to keep internal networks safe. ISA Server provides businesses with secure, fast Internet connectivity built on the powerful management features of Windows 2000 and 2003 Server. ISA Server provides scalability for both small and enterprise class environments
Resources [1] [2] [3] html html [4] AServer2000/default.htm AServer2000/default.htm
Glossary Kerberos - a secure method for authenticating a request for a service in a computer network. Kerberos was developed in the Athena Project at the Massachusetts Institute of Technology (MIT). NTLM - a Microsoft-Proprietary protocol that authenticates users and computers based on an authentication challenge and response. Stateful Inspection - Stateful inspection is an advanced firewall architecture that was invented by Check Point Software Technologies in the early 1990s. Inspects the header of packets. NAT - Network Address Translation (NAT) is the translation of an Internet Protocol address used within one network to a different IP address known within another network.