Edge Security with Forefront Sandeep Modhvadia Security Specialist.

Slides:



Advertisements
Similar presentations
Encrypting Wireless Data with VPN Techniques
Advertisements

Stonesoft Roadmap WHAT FEATURES WILL COME IN
Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.
Adwait JoshiJim Harrison Sr. Product ManagerProgram Manager Microsoft Corporation SESSION CODE: SIA308.
Digital DNA Server Login People ®. Login People ˃ IT security vendor ˃ Patented Digital DNA ® technology innovation Digital DNA Server Multi-factor Authentication.
SCSC 455 Computer Security Virtual Private Network (VPN)
Securing Remote Network Access FirePass ®. Business Case VirginiaCORIS is an initiative to modernize the way that offender information is managed, to.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Ronald Beekelaar Beekelaar Consultancy Intelligent Application Gateway (IAG) 2007.
Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Secure Access using IAG 2007 Presented by: Brian Dunleavy - Healthcare Business Manager - Eurodata Susanna Watson – Pre Sales Technical Consultant - Eurodata.
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
1 SharePoint Momentum 17K+ Customers, 100M Licenses Leader in Gartner ® Magic Quadrants, Forrester Wave TM Continued Platform and Application Innovation.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Remote Networking Architectures
Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
Page Copyright Giritech A/S an – Excitor company.
© 2005,2006 NeoAccel Inc. Training Access Modes. © 2005,2006 NeoAccel Inc. Agenda 2. Access Terminals 6. Quick Access Terminal Client 3. SSL VPN-Plus.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Securing Exchange Server Session Goals: Introduce you to the concepts and mechanisms for securing Exchange Examine the techniques and tools.
Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Course 201 – Administration, Content Inspection and SSL VPN
Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Session 11: Security with ASP.NET
Access Gateway Operation
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
StoneGate SSL VPN 1.2 Technical Overview
ArcGIS Server and Portal for ArcGIS An Introduction to Security
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.
Overview of Microsoft ISA Server. Introducing ISA Server New Product—Proxy Server In 1996, Netscape had begun to sell a web proxy product, which optimized.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.
One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.
Network Edge Protection: A Technical Deep-Dive into Internet Security & Acceleration Server
Integrating and Troubleshooting Citrix Access Gateway.
Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.
Terminal Services Technical Overview Olav Tvedt TVEDT.info Microsoft Speaker Community
Forefront – Security in Education Stephen Cakebread Security Solutions Sales Professional Microsoft Corporation.
Exchange Deployment Planning Services Exchange 2010 Complementary Products.
SharePoint in the Education Space Presented by: Daniel Petersen Director of Business Solutions Applied Tech.
Uri Lichtenfeld Security Specialist Certified Security Solutions – Microsoft Partner SESSION CODE: SIA312.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.
Welcome. Welcome to this TechNet Event URL for on-line feedback is in your reminder No Planned Fire Drills Please turn your Mobile Phones off To.
CAIU Technology Essentials All Staff Day, 2016 Instructor: Stefan Moyer.
SEC304 Enhancing Exchange, OWA and IIS Security with ISA Server Feature Pack 1 Steve Riley Microsoft Corporation
Dominik Zemp Microsoft Switzerland Ltd Liab. Co. Install and Configure Remote Access for SharePoint (and RemoteApp and DirectAccess)
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
Objavljanje aplikacij preko UAG portala Varnost oddaljenih dostopov in Windows Security Gorazd Šemrov Microsoft Corporation.
F5 APM & Security Assertion Markup Language ‘sam-el’
1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.
Securing the Network Perimeter with ISA 2004
Forefront Security ISA
2018 Real Cisco Dumps IT-Dumps
On and Off Premise Secure Access
Check Point Connectra NGX R60
Chapter 15 – Part 2 Networks The Internal Operating System
Unit 8 Network Security.
Presentation transcript:

Edge Security with Forefront Sandeep Modhvadia Security Specialist

Agenda ISA Server 2006 What’s New What’s Improved SSO Publishing Demo Hardware Sizing Whale Intelligent Application Gateway What is it? How does it Work? Custom Publishing Demo Q&A

ISA Server 2006 – Improved Exchange Publishing Support for Exchange 2007 Certificate Management Forms Based Authentication Custom Forms Multi-Language Support Authentication Enhancements Certificates, OTP, Radius, LDAP

ISA Server 2006 – New Features Single Sign On Cookie based authentication SharePoint publishing Specialised Wizard driven publishing Cross Array Link Translation

Custom FBA and Single Sign On Demo

What Is Whale Client High-Availability, Management, Logging, Reporting, Multiple Portals Authentication Authorization User Experience Tunneling Security Specific Applications Web Client/Server Java/Browser Embedded Exchange/ Outlook OWA SharePoint/ Portals Citrix Generic Applications Application Aware Modules SSL VPN Gateway Applications Knowledge Centre OWA … ………... Citrix …….. Sharepoint. ……….... Devices Knowledge Centre PDA ….... Linux …….. Windows. ………... MAC …..... ISO7799 Corporate Governance SarbOx Basel2 Policy & Regulation Awareness Centre WHO? WHAT? WHERE? COMPLIANT?

Integrated Solution Benefits

External World Air Gap Switch External e-Gap Virtual Web Server Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine Authentication Browser-Side Security Manager Applications File Shares HAT Engine User types URL into browser

External World Air Gap Switch External e-Gap Virtual Web Server Transaction is sent over internet to external server Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine Browser-Side Security Manager File Shares Authentication HAT Engine Applications

External World Air Gap Switch External e-Gap Virtual Web Server External e-Gap, receives packet Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine Browser-Side Security Manager File Shares Authentication HAT Engine Applications

External World Air Gap Switch External e-Gap Virtual Web Server All protocol layers and TCP/IP headers are stripped off Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine Browser-Side Security Manager File Shares Authentication HAT Engine Applications

External World Air Gap Switch External e-Gap Virtual Web Server Still-encrypted data is transferred to memory bank via SCSI connection Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine Browser-Side Security Manager File Shares Authentication HAT Engine Applications

External World Air Gap Switch External e-Gap Virtual Web Server Switch disconnects from external server, connects to internal server Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine Browser-Side Security Manager File Shares Authentication HAT Engine Applications

External World Air Gap Switch External e-Gap Internal e-Gap SBC Virtual Web Server Data is fetched from appliance memory Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine Browser-Side Security Manager File Shares Authentication HAT Engine Applications

External World Air Gap Switch External e-Gap Virtual Web Server Data is decrypted, SSL session is established and platform dependent Endpoint Compliance Module is sent back to browser to interrogate machine Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine Browser-Side Security Manager File Shares Data Authentication HAT Engine Applications

External World Air Gap Switch External e-Gap Internal e-Gap SBC Virtual Web Server SSL Engine If Endpoint Compliance Module doesn’t find the machine ‘up to scratch’ stricter security policies are enforced Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine Browser-Side Security Manager File Shares Authentication HAT Engine Applications

External World Air Gap Switch External e-Gap Virtual Web Server encrypted login page is generated and sent back Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine Browser-Side Security Manager File Shares Data Authentication HAT Engine Applications

External World Air Gap Switch Virtual Web Server Customized login page appears in browser’s window Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine Browser-Side Security Manager File Shares Authentication HAT Engine Applications External e-Gap

Data Flow External World Air Gap Switch External e-Gap Virtual Web Server User completes authorization credentials & submits response Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine Browser-Side Security Manager File Shares Authentication HAT Engine Applications Username: John Smith Password: *********** SecurID: **********

External World Air Gap Switch External e-Gap Internal e-Gap SBC Virtual Web Server Air Gap Switch shuttles the data across the air gap Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine Browser-Side Security Manager File Shares Authentication HAT Engine Applications

Intranet Internal e-Gap SBC App-Level Inspection Authentication SSL Engine Browser-Side Security Manager File Shares External World Air Gap Switch External e-Gap Internal e-Gap Virtual Web Server App-Level Inspection SSL Engine Internal e-Gap Server checks user credentials with appropriate authentication server; user is authenticated. Authentication credentials are combined with Endpoint Compliance results to determine Access Policy Data Intranet Authentication OK HAT Engine Applications

External World Air Gap Switch External e-Gap Internal e-Gap SBC Virtual Web Server SSL Engine User receives dynamically generated “Home Page” (based on identity and location) and selects desired application Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine Browser-Side Security Manager File Shares Authentication HAT Engine Applications

External World Air Gap Switch External e-Gap Virtual Web Server Air Gap Switch shuttles the data across the air gap Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine File Shares Browser-Side Security Manager Authentication HAT Engine Applications

External World Air Gap Switch External e-Gap Internal e-Gap SBC Virtual Web Server App-Level Inspection Real Web Server SSL Engine Intranet File Shares (SMB) Application data is inspected and compared to Mandatory Access Control List Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine Browser-Side Security Manager File Shares Data Authentication HAT Engine Applications

Intranet Internal e-Gap SBC App-Level Inspection Authentication SSL Engine Browser-Side Security Manager File Shares External World Air Gap Switch External e-Gap Internal e-Gap Virtual Web Server App-Level Inspection SSL Engine HAT Engine determines which back-end server to relay the request to Data Intranet Authentication HAT Engine Applications Authentication

External World Air Gap Switch External e-Gap Virtual Web Server Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine File Shares Browser-Side Security Manager Data is dispatched to the appropriate server Authentication HAT Engine Applications Transaction

External World Air Gap Switch External e-Gap Virtual Web Server Application generates response Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine File Shares Browser-Side Security Manager Authentication HAT Engine Applications

External World Air Gap Switch External e-Gap Virtual Web Server Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine Browser-Side Security Manager Response is converted by HAT engine for external use. Response may also be rewritten and/or blocked depending on Policy File Shares Authentication HAT Engine Data Applications

External World Air Gap Switch External e-Gap Virtual Web Server Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine Browser-Side Security Manager File Shares Authentication HAT Engine Applications

External World Air Gap Switch External e-Gap SBC Virtual Web Server response Intranet Internal e-Gap SBC App-Level Inspection Authentication SSL Engine Browser-Side Security Manager File Shares Authentication HAT Engine Applications User works with application as if inside corporate network environment

External World Air Gap Switch External e-Gap Internal e-Gap SBC Virtual Web Server SSL Engine After user completes session Attachment Wiper cleans up to ensure nothing sensitive remains on access machine Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine Browser-Side Security Manager File Shares Authentication HAT Engine Applications

Custom Application Publishing with Whale Demo

Gateway Roadmap Whale Intelligent Application Gateway * (incl. ISA Server 2004) Express Edition Enterprise Edition Application Optimizers Network Connectivity Modules Integrated appliances with ISA Server Whale IAG Standard Edition Enterprise Edition Unified Access Gateway “Longhorn” Svr-wave OEM appliances Software availability Updated software for ISA and IAG OEM-ready Continued 3 rd -party application support Single-server config NAP, IPv6, 64-bit support Consistent policy framework Broader authentication tools (ADFS, smartcard) Enhanced network connectivity Improved enterprise application support

For More Information

Ihr Potenzial. Unser Antrieb. Thank you for attending this TechNet Event Find these slides at:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.