Presentation is loading. Please wait.

Presentation is loading. Please wait.

TMG Client Protection 6NPS – Session 7.

Published byEmory Cobb Modified over 6 years ago

Similar presentations

Presentation on theme: "TMG Client Protection 6NPS – Session 7."— Presentation transcript:

1 TMG Client Protection 6NPS – Session 7

2 Objectives Understand and implement malware inspection
Understand and implement URL filtering Understand threats and TMG SMTP protection Understand application filter and implement HTTP & HTTPS inspection.

3 Malware Inspection in TMG
Many of the malware found in networks today is brought in on user’s laptops. Many malware are also downloaded by naive users TMG Malware Inspection was designed to detect and stop the evil bits in the HTTP stream that is sent to clients in protected networks before the evil bits can gain access Malware Inspection operates as one of the TMG Web filters.

4 Malware Inspection in TMG
The main goals of TMG Malware Inspection are: Minimize the threat imposed by Web-sourced malware Provide malware defence for hosts in TMG-protected networks Minimize the impact on TMG performance Provide a mechanism that is reliable and flexible By default, TMG installs with a basic malware detection signature database. Can use Microsoft Updates or manually update malware inspection can be enabled globally or on a per rule, source, destination or user basis

5 Practice: Configuring Malware Inspection
Configure Malware Inspection (Page 432) www TMG Win7 Internet DC

6 URL Filtering How URL Filtering Works
URL filtering enhances TMG firewall policies by controlling access to Web sites based on their URL category membership This feature works dynamically. Web sites categorized by the MRS are posted to Microsoft Update (MU) and downloaded from MU by TMG. MRS aggregates reputation data from multiple vendors and uses telemetry to improve data accuracy.

7 URL Filtering User sends a request for a Web site.
TMG intercepts the request and determines whether URL categorization is needed. TMG needs to determine the category to which this URL belongs to allow or deny this traffic based on the rules available. If URL categorization is needed, name resolution is done for the URL and the URL is matched to category. When URL categorization is not needed, TMG marks the request as not categorized and logs the category to be used in case it needs to send a denial to the user. The rule allowing the request is then matched and TMG determines whether the rule allows or denies the category. If categorization is needed at the rule, a request marked as not categorized is blocked and a denial is sent to the user; otherwise, the rule verifies the category matched and then TMG allows or denies the action based on whether the rule allows that category.

8 Practice: Configuring Malware Inspection
Configure URL Filtering(Page 470) www TMG Win7 Internet DC

9 Enhancing E-Mail Protection
has been used by hackers to distribute malicious content to users. Networks have been breached by attacks using malicious code and worms that bypass the protection offered by a common firewall as they tunnel the malicious code through the protocol as most firewalls don’t inspect content. As can include file attachments, hackers can send malicious code in. E.g. The Melissa virus in 1999 and the ILOVEYOU virus in 2000. Hackers are ableto inject code through to run custom applications automatically while the end users were reading their because of the prevalence of the HTML format; worms and viruses such as the KaK worm, BubbleBoy virus, and Nimda virus have used HTML-rendered to spread.

10 E-Mail Attack Methods E-Mail Attachments with Malicious Code
Melissa AnnaKournikova SirCam ILOVEYOU Took advantage of trusts between people in your contacts Malformed MIME Headers The Multipurpose Internet Mail Extension (MIME) is an Internet standard MIME headers specify fields such as date, filename, or subject line. In Outlook Express the date and filename fields were susceptible to buffer overflow attacks. Hackers could execute arbitrary code on the victim’s computer e.g. Nimda Embedded Scripts and ActiveX Content HTML formats can allow programs or code to be executed on the target computer e.g. KaK worm and BublleBoy virus Spam and Phishing

11 How SMTP Protection Works
Exchange 2007 SPAM protection Exchange 2007 offers strong message filtering capabilities, such as connection filtering, sender and recipient filtering, and sender ID and reputation. Forefront Protection 2010 for Exchange Server Forefront Protection 2010 for Exchange Server extends Exchange Server filtering capabilities by adding enhanced malware protection through the use of multiple anti-malware engines. TMG SMTP filter and centralized management The SMTP application filter verifies the SMTP conversation by validating the SMTP verbs against a predefined list and the current SMTP protocol state. TMG also provides a single place from which to manage the protection features in Exchange 2007 anti-spam and anti-virus and Forefront Protection 2010 for Exchange Server.

12 HTTP & HTTPS Inspection
The Web Proxy Application Filter The main purpose of the Web Proxy application filter is to process HTTP and HTTPS inspection. The Web Proxy filter provides compression, authentication, and caching features through the use of Web filters, which operate as plug-ins to the Web Proxy filter.

13 HTTP Filter The HTTP Filter is an application-layer filter used by the Web Proxy engine for HTTP protocol application-layer filtering. The HTTP Filter provides granular control over HTTP communication by examining HTTP commands and data. Can’t block the protocol HTTP as this is required for accessing resources on the internet. But many unwanted application also use HTTP i.e. Kazaa, Messenger, WebDav, etc The TMG HTTP Filter helps you restrict traffic by blocking requests according to several HTTP features such as HTTP headers, length and URL patterns, HTTP method, HTTP body content and content-types, and file extensions. TMG HTTP filtering configuration is rule specific, so that you can apply different levels and types of filtering depending on the specific requirements of your firewall policy.

14 SAMPLE Practical Test Test1 Session 8 Practical & Theory 2 hours Total
Theory test 1hour max (Closed book) Practical test 1remaining of the 2 hours (open book ie. Textbook, worksheets and power points ONLY) SAMPLE Practical test

Download ppt "TMG Client Protection 6NPS – Session 7."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Paul Vanbosterhaut Managing Director, Vircom Europe January 2007 ModusGate™ 4.4 Smart Email Assurance Gateway Not Just Warmed-over Open Source Technology…

Paul Vanbosterhaut Managing Director, Vircom Europe January 2007 ModusGate™ 4.4 Smart Assurance Gateway Not Just Warmed-over Open Source Technology…
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
Extending ForeFront beyond the limit www.AGATSolutions.com TMGUAG ISAIAG AG Security Suite.

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
What's new in Threat Management Gateway (TMG) 2010 Ronald Beekelaar

What's new in Threat Management Gateway (TMG) 2010 Ronald Beekelaar
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.

What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Guide to Operating System Security Chapter 10 E-mail Security.

Guide to Operating System Security Chapter 10 Security.
1 Integrating ISA Server and Exchange Server. 2 How email works.

1 Integrating ISA Server and Exchange Server. 2 How works.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.

2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.
Securing Exchange Server 2003. Session Goals: Introduce you to the concepts and mechanisms for securing Exchange 2003. Examine the techniques and tools.

Securing Exchange Server Session Goals: Introduce you to the concepts and mechanisms for securing Exchange Examine the techniques and tools.
Managing Client Access

Managing Client Access

Similar presentations

Ads by Google