Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enabling Secure Internet Access with TMG

Published byJunior Kennedy Modified over 6 years ago

Similar presentations

Presentation on theme: "Enabling Secure Internet Access with TMG"— Presentation transcript:

1 Enabling Secure Internet Access with TMG
6NPS – Session 3

2 Objectives Create policy elements, access rules, and connection limits. Policy elements include schedule, protocols, user groups, and network objects

3 What is Secure Access to Internet Resources?
Every organization defines secure access slightly different A Internet usage policy needs to be developed, defining how users can use the Internet What is secure access to the Internet? Users can access the resources that they need, web, Secure Internet connection, not revealing any information about the internal system Secure data transfers, credit card information, client data Block downloading of malicious programs

4 Guidelines for Designing an Internet Usage Policy
Internet usage policy defines what actions users are allowed to perform while connected to the Internet This is the basis for configuring the TMG settings Internet usage policies should do the following; Describe the need for an Internet usage policy. Why is it being created, legal reasons, confidential client information Describe what the policy covers. Details description of what is acceptable and unacceptable Identify the people within the organization who are responsible for creating and enforcing the policy Define how violations are handled. Disciplinary actions

5 How TMG Enables Secure Access to Internet Resources
TMG provides the following functionality to enable secure access: Implementing TMG as a multilayer firewall Implementing TMG as a proxy server Using TMG to implement the organization's Internet usage policy Restrictions based on users and groups Restrictions based on computers Restrictions based on protocols Restrictions based on Internet destinations Restrictions based on content being downloaded from the Internet

6 How TMG Enables Secure Access to Internet Resources
Is the … User allowed access? Computer allowed access? Protocol allowed? Destination allowed? Content allowed? TMG Web Server Proxy Server

7 What is a Proxy Server? A proxy server is a server that is situated between a client application and a server to which the client connects A proxy server can provide enhanced security and performance Proxy servers make the Internet connection more secure in the following ways: User Authentication Filtering client requests Content inspection Logging user access Hiding the internal network details Improve Internet access performance

8 Why Use a Proxy Server? Improved Internet access security:
TMG Web Server Improved Internet access security: User authentication Filtering client requests Content inspection Logging user access Hiding the internal network details Improved Internet access performance

9 How Does a Forward Web Proxy Server Work?
Proxy servers can be used to secure both inbound and outbound Internet access When used to secure outbound Internet access, it is configured as a forwarding proxy server

10 How Does a Forward Web Proxy Server Work?
Is the … User allowed access? Protocol allowed? Destination allowed? 3 6 1 5 2 4 Web Server TMG

11 How Does a Reverse Web Proxy Server Work?
Operates in much the same way as a forward Web proxy server Reverse proxy makes internal resources accessible to external clients

12 What Is a Reverse Web Proxy Server?
Is the … Request allowed? Protocol allowed? Destination allowed? Web Server 3 DNS Server 4 5 2 1 6 TMG

13 How to Configure TMG as a Proxy Server

14 DNS Configuration for Internet Access
If no internal DNS server is available to resolve Internet addresses, configure the TMG clients to use an Internet DNS server Configure TMG clients to use an internal DNS server if the DNS server can resolve Internet addresses TMG can proxy DNS requests for Web proxy and Forefront TMG clients but not for SecureNET clients TMG includes a DNS cache that caches the results of all DNS lookups performed through TMG

15 How to Configure Web Chaining
Internet Branch Office Branch Office Head Office

16 How to Configure Dial-Up Connections
Enable dial-up for connections to this network Logon using this account Use this dial-up connection

17 Practice: Configure TMG as a Proxy Server
Configuring the proxy server settings on TMG TMG Internet DC

18 What Are Access Rule Elements?
Used to Configure Protocols The protocols that will be allowed or denied by an access rule Users The users that will be allowed or denied by an access rule Content Types The content type that will be allowed or denied by an access rule Schedules The time of day when Internet access will be allowed or denied by an access rule Network Objects The computers or destinations that will be allowed or denied by an access rule

19 How to Configure Protocol Elements

20 How to Configure User Elements

21 How to Configure Content Type Elements
Define the MIME types and file extensions to include

22 How to Configure Schedule Elements
Define the times when this schedule is active or inactive

23 How to Configure Domain Name Sets and URL Sets
Use this to configure access to an entire domain Use this to configure access to a URL

24 Practice: Configuring Firewall Rule Elements
Configuring a new user set Configuring a new content type element Configuring a new schedule element Configuring a new URL set TMG Internet DC

25 Configuring TMG Authentication
Authentication and TMG Clients Authentication Methods Basic authentication – plaintext, least secure Digest authentication – hashing, must use Active Directory with reversible encryption, less secure than AD default Integrated Windows authentication – Kerberos v5 or NTLM protocol, default authentication method for windows Digital certificates authentication RADIUS authentication RSA SecureID authentication

26 Practice: Configuring TMG Server Authentication
Enabling Authentication TMG Internet Client1 DC

27 What Are Access Rules? Access rules always define: Destination Network
Destination IP Destination Site Allow Deny User Protocol IP Port/Type Source network Source IP Schedule Content Type

28 How Network Rules and Access Rules Are Applied
3 4 5 1 2 6 Web Server TMG Domain Controller

29 How to Configure Access Rules

30 How to Configure HTTP Policy
Configure additional filtering options Configure maximum header length Configure maximum payload length Configure maximum URL and query length

31 Practice: Managing Access Rules
Creating a DNS Lookup Rule Creating a Managers Access Rule Testing Internet Access TMG Internet Client1 DC

32 How to Troubleshoot Access to Internet Resources
To troubleshoot Internet access issues: Check for DNS name resolution Determine the extent of the problem Review access rule objects and access rule configuration Review access rule order Check access rule authentication Use TMG logging to determine which access rule is granting or denying access

33 Lab: Enabling Access to Internet Resources
Exercise 1: Configuring TMG Access Rule Elements Exercise 2: Configuring TMG Access Rules Exercise 3: Testing TMG Access Rules

Download ppt "Enabling Secure Internet Access with TMG"

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi.

PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Securing the Perimeter – Exchange and VPN Access with ISA Server 2004 Jamie Sharp CISSP Security Advisor Amit Pawar National Technology Specialist Microsoft.

Securing the Perimeter – Exchange and VPN Access with ISA Server 2004 Jamie Sharp CISSP Security Advisor Amit Pawar National Technology Specialist Microsoft.
Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.

Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Managing Client Access

Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.

Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Hands-On Microsoft Windows Server 20081 Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Similar presentations

Ads by Google