Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet security and Acceleration 2004 Presented By Jaime Hernandez Calvin Lau Nery Leon Nancy Smith.

Published byVivian Hamilton Modified over 8 years ago

Similar presentations

Presentation on theme: "Internet security and Acceleration 2004 Presented By Jaime Hernandez Calvin Lau Nery Leon Nancy Smith."— Presentation transcript:

1 Internet security and Acceleration 2004 Presented By Jaime Hernandez Calvin Lau Nery Leon Nancy Smith

2 System requirements

3 ISA 2000 Standard Edition –Processor 3000 MHz or higher Pentium II –Memory 256 MB of RAM –One local hard disk partitioned with NTFS –Windows 2000 compatible network adapter –IDSN adapter

4 ISA 2000 Enterprise Edition –Same as standard edition Add Windows Active Directory –Difference in editions Standard only supports four processors.

5 ISA 2004 Computers must be running –Microsoft Windows 2000 Server –Windows Server 2003

6 Hardware Requirements Pentium III 500 plus MHz processor 256MB of RAM

7 Network Interface Cards Two are needed –External Interface –Internal Interface Creates multiple internal networks

8 ISA Server 2004 Firewall

9 Firewall Continued Critical Factors –DNS –DHCP

10 Internet Security and Acceleration Security Aspect.

11 Security  Efficiently manage, restrict, and control Internet access Act as a circuit-level, packet-filtering, or application-level firewall  Provide tiered firewall and caching policies

12 Rules of ISA Site and content rules specify who can go to which sites during which times of the day Protocol rules detail the protocols that can be used  Packet filters restrict or allow passage of data that meets the configuration

13 More Rules  Application filters coordinate access to special services and provide some intrusion detection  Routing rules specify where data seeking a particular destination is transferred  Mail server proxy rules direct incoming, authorized access by mailbox owners to POP3, SMTP and/or IMAP4 mail

14 An Example Integrating ISA Server with Windows 2004 Active Directory will let you interpret company rules that restrict most employees to free-ranging Internet access only during their prescribed lunch hour and before and after normal work hours. During normal working hours you can block them from all Internet access, restrict them to intranet servers, or permit access to some sites.

15 Example Cont. Another option is to provide a select group of employees unrestricted Internet access, block another group from visiting specific sites, and permit a third group access to specific sites. You can also control access via the IP address of the requesting client machine, or strictly by the destination site or protocol used.

16 Firewalling with ISA In the real world, it's difficult to get firewall configurations correct. What if you could get it right once, and mandate that all firewalls (or selected firewalls) apply the same sets of rules? What if you changed your mind? Would a change in rules at a centralized location propagate to some selected subset of firewalls?

17 Firewalling with ISA Distributed applications need not mean an anarchical approach to firewall policy implementation. ISA Server provides tiered firewall and caching policies that permit strict centralized management and control but also let you define which portions of the network can perform what actions on their own

18 Internet Security and Acceleration Acceleration Aspect

19 High-Performance Web Cache Cache of Web objects Fast RAM caching ISA Server supports both forward caching -for outgoing requests to the Internet, and reverse caching, for incoming requests to your Web server. Your clients benefit from the full gamut of ISA Server caching and routing features. ISA Server includes a Hypertext Transfer Protocol (HTTP) redirector filter

20 Scalability ISA Server Standard Edition is a stand- alone server that is designed to scale up to four processors. Internet Security and Acceleration (ISA) Server Enterprise Edition computers can be grouped together in arrays.

21 Scalability continued Other features that enhance the scalability of ISA Server include the following: -Symmetric Multiprocessing. -Network Load Balancing. -CARP.

22 Distributed and Hierarchical Caching Chained/Hierarchical Caching

23 Distributed and Hierarchical Caching Web Proxy Routing

24 With ISA Server, you are also able to support chained authentication when routing requests to an upstream server. Requests are chained to an upstream server when the ISA Server routing rules are configured to route to it. Before the request is routed, the downstream ISA Server might require client authentication. In addition, when the request is routed, the upstream server might also require it. In this case, the downstream ISA Server passes the client's authentication information to the upstream one. Sometimes, your upstream server may not be able to identify the clients requesting the object. In this case, the downstream ISA Server passes credentials—essentially acting as the client making the request—to the upstream server. When you configure the downstream server settings, you specify the account to use when passing client requests to an upstream server. The upstream server delegates client authentication to the downstream proxy. Then the upstream server authenticates only the downstream server, and successfully authenticates the client. Chained Authentication

25 Active Caching Active caching is a way to keep objects fresh in the cache by verifying them with the origin Web server before the object actually expires and is accessed by a client. Pure popularity is not a good guide because many popular pages never expire due to clients refreshing the pages manually to keep the data fresh

26 Example of Active Caching The following list traces the activity of a cached object: An object is requested by a client (possibly for the first time) and downloaded. The object expires. If a client accesses that object in a time period of less than n of its time to live (TTL) period, then it is added to the active cache list. As long as the object is accessed at least once in the n TTL period after being refreshed, it remains on the active cache list. While on the active cache list, the object will be refreshed before it expires. The exact time it is refreshed depends on how busy the proxy is. If the proxy is relatively idle, the object will be refreshed about 50 percent of the way to expiring. If the proxy is very busy, it will not be refreshed until just before it expires. Intermediate values of "busy" will lead to intermediate times of refreshing. If the object is not accessed in the specified period, then it is removed from the list and must meet the original criteria to be put back on the list.

27 Streaming Media Support Transparently support popular media formats. Save bandwidth by splitting live media streams on the gateway

28 Programmable Cache Control Load or delete cached objects programmatically with caching application programming interface (API).

29 Simplified & Robust Managment

30 Policy-based Access Control Client address sets: Internet Protocol (IP) addresses or, with Microsoft Active Directory™, authenticated users and groups. Destination sets: URLs. Protocols. Content groups, for Hypertext Transfer Protocol (HTTP) and tunneled File Transfer Protocol (FTP) traffic: multipurpose Internet mail extensions (MIME) types, and file extensions. Schedules. Bandwidth priorities.

31 Windows 2004 Integration Network Address Translation Integrated Virtual Private Networking. Authentication. System Hardening. Active Directory Storage with Enterprise Edition. Tiered-Policy Management for Enterprise Edition. MMC Administration. Quality of Service (QoS). Multiprocessor Support. Client-Side Auto-Discover. Administration Component Object Model (COM) Object. Web Filters. Alerts.

32 Integrated Administration Unified Policy and Access Control. Unified Management.

33 Intuitive User Interface Microsoft Management ConsoleMicrosoft Management Console (MMC)

34 Some of the ISA Server wizards include: Virtual private network (VPN) configuration: Local, remote, and client-to-server. Defining a protocol. Creating a site and content rule. Creating a bandwidth rule. Secure publishing.Secure publishing Configuring a mail server behind ISA Server, publishing and securing the mail server, and configuring policy for the mail services. Securing the system with system hardening. system hardening Intuitive User Interface continued

35 Detailed Logging W3C Extended File Format (Default). ISA Server Text Format. ODBC Format.

36 Built-in Reporting Create graphical summary reports showing application usage, security events, and network activity

37 Monitoring and Alerting Track real-time session and performance monitoring data. Define alerts to notify an administrator, stop a service, or execute a script in response to important system events.

38 Bandwidth Priorities Set bandwidth priorities to optimize resource allocation, prioritizing bandwidth by user, group, application, destination site, or content type.

39 Remote Management Administer ISA Server remotely using MMC, Windows 2000 Terminal Services, or Distributed Component Object Model (DCOM) command-line scripts.

40 Multi-Server Management With ISA Server Enterprise Edition, manage an array of servers as a single logical unit.

Download ppt "Internet security and Acceleration 2004 Presented By Jaime Hernandez Calvin Lau Nery Leon Nancy Smith."

Similar presentations

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Module 1: Overview of Microsoft ISA Server

Module 1: Overview of Microsoft ISA Server
Innosoft international inc. Ó 1999 Innosoft International, Inc. Using LDAPv3 for Directory-Enabled Applications & Networking Greg Lavender Director of.

Innosoft international inc. Ó 1999 Innosoft International, Inc. Using LDAPv3 for Directory-Enabled Applications & Networking Greg Lavender Director of.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Module 9: Configuring ISA Server for the Enterprise

Module 9: Configuring ISA Server for the Enterprise
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.

Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.
Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.

Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.
Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.

Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.

Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.

Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Similar presentations

Ads by Google