Embed Size (px)
Citation preview
Network Edge Protection: A Technical Deep-Dive into Internet Security & Acceleration Server 2006
1
Agenda
What Is ISA Server 2006?
Technical Review of:Secure Application Publishing
Branch Office Security
Internet Access Protection
ISA on Appliances
Summary
What is ISA Server 2006?ISA Server 2006 is the integrated edge security gateway that helps protect your IT environment from Internet-based threats while providing your users with fast, more secure access to applications and data.
Three Deployment Scenarios
Making Exchange, SharePoint and Web application servers available for secure remote access
Securely connecting your branch offices and utilizing bandwidth efficiently
Protecting your environment from internal users accessing unwanted or harmful content on the Internet
Secure Application Publishing
4
“We have multiple applications, and everybody has too many passwords and too many logons. Our goal was to make it so that once an employee gains access to our intranet home page, he or she doesn’t have to log on again to use another application.”– Wendy Lou, IT Security Architect, Northwest Airlines
The ConcernsAn increasing number of employees need access to information hosted on the corporate network
1
Hackers want to steal information on corporate data servers for personal gain. Able to evade current “hardware” firewall by hiding attacks in encrypted sessions
2
Opening “ports” on the corporate firewall to company resources puts the customer at risk of Internet-based attackers
3
Traditional “hardware” firewalls are not specifically built to protect Exchange & SharePoint® Portal Server
4
Secure Application Publishing
The Solution
Single sign-on for access to multiple servers
Exchange & SharePoint publishing tools
Automatic translation of links to internal shares
NTLM, Kerberos authentication support
Smartcard & one-time password support
Authentication with Active directory via LDAP
Load balancing of server farms
Pre-authentication so only valid traffic reaches servers
Strong user/group based access controls
Inspection of encrypted traffic using SSL Bridging
ISA 2006 and IAG 2007
ISA 2006General application access from Web-enabled clients when content-specific policy is not needed
IAG 2007Customizable and differentiated application access based on user identity, content / file attributes, URL and client security state
Branch Office Security
Much of our business relies on Web-based transactions between our branch offices and the main servers at our head office. Due to bandwidth restrictions at some of the more remote locations, we were limited in the types of solutions we could deploy.”– Josée Corriveau, Applications Architecture and Infrastructure Manager, Desjardins Group
The ConcernsBranch office employee productivity suffers when they cannot access corporate data at the main office, or when data access is slow.
1
The cost of WAN links is a major line item for many companies with extensive branch office deployments.
2
Companies with large numbers of branch offices need to reduce the overhead in managing thousands of firewall and Web proxy servers.
3
Branches not as tightly managed can lead to increased probability of a security breach that can impact the main office network.
4
Branch Office Security
The Solution
Integrated application-layer firewall, VPN & web proxy
BITS support to accelerate software update deployment
HTTP traffic compression to minimize bandwidth use
Cache Array Routing protocol for efficient cache use
Enterprise & array policy model for large deployments
DiffServ IP settings for traffic prioritization
Answer files on removable media for unattended installation
Web caching for faster response times
Central policy storage and fast propagation of policy using bandwidth optimizations
Internet Access Protection“It’s important that we control users connecting to the Internet for legal reasons. A number of our staff is highly trained medical professionals who need access to information about sensitive issues within sports medicine.”– Mark Richards, Head of Information Systems, English Institute of Sport
The ConcernSecurity breaches require that customers determine the source of the breach (what user, on what computer, at what time, using what application).
1
Uncontrolled Internet access can lead to decrease in employee productivity as well as them introducing viruses, worms, Trojan horses, and other exploit code to the internal network
2
A variety of apps can be used to send proprietary info out to the Internet, such as e-mail, newsgroups, peer-to-peer file sharing, instant messaging, and more.
3
Slow or unusable Internet connections can put the company at a competitive disadvantage and reduce overall employee productivity
4
Internet Access Protection
The Solution
Integrated application-layer firewall & web proxy
Built-in traffic inspection for over 120 protocols
Enhanced protection against DoS, DDoS & DNS attacks
Integrated Network Load Balancing for high availability
Enhanced worm protection through connection quotas
Comprehensive alert triggers & responses
Security-enhanced remote management using TLS
Fast RAM & on-disk caching for fast web page response times
Customizable cache rules for flexibility
ISA 2006 on Appliances
1. Hardware comes preloaded, preconfigured, and pretested with ISA Server.
2. Hardened configuration for reduced attack surface.
3. Easy to purchase, set up, and deploy.4. Out-of-box configuration tools and Web-
based administration available
More informationConfiguration Training, Capacity Planner & more tools on http://www.microsoft.com/isaserver
Try out FREE virtual labs at http://www.microsoft.com/technet/traincert/virtuallab/isa.mspx
1
Download trials, demos, test environments, & virtual hard disks from http://www.microsoft.com/forefront/edgesecurity/trial.mspx
2
3
Windows ITPro Readers vote ISA Server 2006 as number one in Firewall/Server Category!
ISA Server 2006 wins Redmond Reader’s Choice Awards in Software-Based Firewall Category!
Summary
Secure Application PublishingBranch Office SecurityInternet Access ProtectionAn integral part of Microsoft Forefront™Visit http://www.microsoft.com/infrastructure
Learn more about how ISA Server 2006 fits in the Forefront & System Center solutionDownload beta/evaluation software
