Securing the Network Perimeter with ISA 2004
Session Goals: Give you an overview of ISA server 2004 and common scenarios in which it can be used. Demonstrate how you can securely publish network services such web sites. Examine the ways you can use ISA 2004 for Virtual Private Networking. Show the importance and how to’s of monitoring and reporting. Best Practices, tools and tips.
Agenda Introduction to ISA Server 2004 Securely Publishing Network Services Virtual Private Networking with ISA Server 2004 Monitoring and Reporting
Securing the Network Perimeter: What are the Challenges? Business partner Main office Challenges Include: Determining proper firewall design Access to resources for remote users Effective monitoring and reporting Need for enhanced packet inspection Security standards compliance Internet Wireless Branch office Remote user
ISA 2004, What are the Benefits? Features: Secure by default Templates for common designs Wizards for configuration Custom rule creation Active Directory integration for authentication Multiple Layer filtering and enhanced packet inspection Advanced Caching Logging and real-time monitoring Import / Export and Backup / Restore mechanisms Cluster support on Enterprise Edition
What do we Recommend for ISA 2004? RAM CPU Windows 2000 Server or Windows Server 2003 512 MB 500 MHz Hard Disk Format Hard Disk Space NTFS Internal NIC External NIC 150 MB
What are the Installation Defaults? The ISA Server default configuration blocks all network traffic between networks connected to ISA Server Only members of the local Administrators group have administrative permissions Default networks are created Access rules include system policy rules and the default access rule No servers are published Caching is disabled The Firewall Client Installation Share is accessible if installed
Best Practices for Design: To deploy ISA Server to provide Internet access: Decide on the design that best suites your requirements Plan for DNS name resolution Create the required access rule elements and configure the access rules Plan the access rule order Implement the appropriate authentication mechanisms Test access rules before deployment Deploy the Firewall Client for maximum security and functionality Use ISA Server logging to troubleshoot Internet connectivity issues
Common Designs and using Templates to configure ISA 2004 Bastion host Three-legged configuration Internal network Internal network Perimeter network Web server Deploy the 3-Leg Perimeter template Deploy the Edge Firewall template Back-to-back configuration Internal network Deploy the Front end or Back end template Perimeter network Internet Deploy the Single Network Adapter template for Web proxy and caching only
Access Rules - The building blocks Types of access rule elements used to create access rules are: Protocols User sets Content types Schedules Network objects Destination network Destination IP Destination site Any user Authenticated users Specific User/Group Allow Deny action on traffic from user from source to destination with conditions Protocol IP Port / Type Source network Source IP Originating user Published server Published web site Schedule Filtering properties
Multiple-Layer Filtering Packet filtering: Filters packets based on information in the network and transport layer headers Enables fast packet inspection, but cannot detect higher-level attacks Stateful filtering: Filters packets based on the TCP session information Ensures that only packets that are part of a valid session are accepted, but cannot inspect application data Application filtering: Filters packets based on the application payload in network packets Can prevent malicious attacks and enforce user policies
demonstration The ISA Server Interface and Applying a Network Template The Interface Use a network template to configure ISA Server 2004 as a 3-legged firewall Rules
Agenda Introduction to ISA Server 2004 Securely Publishing Network Services Virtual Private Networking with ISA Server 2004 Monitoring and Reporting
What Is ISA Server Publishing? ISA Server enables three types of publishing rules: Web publishing rules for publishing Web sites using HTTP Secure Web publishing rules for publishing Web sites that require SSL for encryption Server publishing rules for publishing servers that do not use HTTP or HTTPS
demonstration Configuring a Secure Web Publishing Rule Common Scenarios for publishing Import / Export function for rules
Agenda Introduction to ISA Server 2004 Securely Publishing Network Services Virtual Private Networking with ISA Server 2004 Monitoring and Reporting
Enabling Virtual Private Networking with ISA Server ISA Server enables VPN access: By including remote-client VPN access for individual clients and site-to-site VPN access to connect multiple sites By enabling VPN-specific networks, including: VPN Clients network Quarantined VPN Clients network Remote-site network By using network and access rules to limit network traffic between the VPN networks and the other networks with servers running ISA Server By extending RRAS functionality
Enabling VPN Client Connections To enable VPN client connections: Choose a tunneling protocol Choose an authentication protocol Use MS-CHAP v2 or EAP if possible Enable VPN client access in ISA Server Management Configure user accounts for remote access Configure remote-access settings Configure firewall access rules for the VPN Clients network
Implementing Site-to-Site VPN Connections To enable site-to-site VPN connections: Choose a tunneling protocol Configure the remote-site network Configure network rules and access rules to enable: open communications between networks, or controlled communications between networks Configure the remote-site VPN gateway
How Does Network Quarantine Work? ISA server DNS server Web server Domain controller File server Quarantine script Quarantined VPN Clients Network VPN clients network Rqc.exe Quarantine remote access policy VPN Clients Network Domain Controller Web Server Quarantine script Quarantine remote access policy RQC.exe ISA Server DNS Server File Server VPN Quarantine Clients Network
demonstration Connectivity with VPN Site to Site Remote Users Quarantine
Agenda Introduction to ISA Server 2004 Securely Publishing Network Services Virtual Private Networking with ISA Server 2004 Monitoring and Reporting
ISA 2004 Monitoring Tools Dashboard – Aggregated centralized view Alerts – One place for all problems Sessions – Active sessions view Services – ISA services status Connectivity – Connectivity to network svcs Logging – Powerful viewer of ISA logs Reports – Top users, Top sites, Cache hits…
demonstration Monitoring and Reporting Reporting Interfaces Real Time Monitoring
Session Summary ISA Server 2004 is secure by default because it blocks all traffic—configure access rules to provide the fewest possible access rights Use the application layer filtering to respond to the contents of the traffic before it is passed to your network Implement ISA Server publishing rules to make internal resources accessible from the InternetCustom rule creation Use access rules to limit access for VPN remote-access clients, site-to-site VPN clients, and network quarantine clients Monitoring and Reporting is an important part of any secure network design
For More Information… Main TechNet Web site at www.microsoft.ca/technet Get additional security information on ISA Server http://www.microsoft.com/technet/security/prodtech/isa/default.mspx Find additional security training events http://www.microsoft.com/seminar/events/security.mspx Sign up for security communications http://www.microsoft.com/technet/security/signup/default.mspx