Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

Slides:



Advertisements
Similar presentations
Planning and Administering Windows Server® 2008 Servers
Advertisements

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.
Enabling Secure Internet Access with ISA Server
Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview
Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Module 7: Configuring Access to Internal Resources.
FIREWALLS Chapter 11.
Module 1: Overview of Microsoft ISA Server
Defining Network Infrastructure and Security
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Module 5: Configuring Access to Internal Resources.
Module 5: Configuring Access for Remote Clients and Networks.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.
Securing the Perimeter – Exchange and VPN Access with ISA Server 2004 Jamie Sharp CISSP Security Advisor Amit Pawar National Technology Specialist Microsoft.
Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.
Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Lesson 19: Configuring Windows Firewall
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
1 Enabling Secure Internet Access with ISA Server.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
1 Guide to Network Defense and Countermeasures Chapter 6.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Implementing Network Security
Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.
Chapter 6: Packet Filtering
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Module 14: Configuring Server Security Compliance
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Module 12: Routing Fundamentals. Routing Overview Configuring Routing and Remote Access as a Router Quality of Service.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Module 5: Configuring Access for Remote Clients and Networks.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications.
Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.
Module 9: Implementing Caching. Overview Caching Overview Configuring General Cache Properties Configuring Cache Rules Configuring Content Download Jobs.
Module 6: Managing Client Access. Overview Implementing Client Access Servers Implementing Client Access Features Implementing Outlook Web Access Introduction.
ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител
1 Installing and Maintaining ISA Server Planning an ISA Server Deployment Understand the current network infrastructure. Review company security.
Module 7: Advanced Application and Web Filtering.
Module 11: Designing Security for Network Perimeters.
Security fundamentals Topic 10 Securing the network perimeter.
1 Microsoft Windows 2000 Network Infrastructure Administration Chapter 4 Monitoring Network Activity.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Module 10: Windows Firewall and Caching Fundamentals.
Module 12: Implementing ISA Server 2004 Enterprise Edition: Back-to-Back Firewall Scenario.
Securing the Network Perimeter with ISA Server 2004 Ravi Sankar IT Professional Evangelist Microsoft.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Defining Network Infrastructure and Network Security Lesson 8.
Security fundamentals
Module 3: Enabling Access to Internet Resources
Enabling Secure Internet Access with TMG
SECURING NETWORK TRAFFIC WITH IPSEC
IT443 – Network Security Administration Instructor: Bo Sheng
Prepared By : Pina Chhatrala
Securing the Network Perimeter with ISA 2004
Implementing TMG Server Publishing
Configuring TMG as a Firewall
Firewalls Purpose of a Firewall Characteristic of a firewall
Firewall Installation
Presentation transcript:

Module 4: Configuring ISA Server as a Firewall

Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System Policies Configuring Intrusion Detection and IP Preferences

Lesson: Using ISA Server as a Firewall What Is a TCP/IP Packet? What Is Packet Filtering? What Is Stateful Filtering? What Is Application Filtering? What Is Intrusion Detection? How ISA Server 2004 Filters Network Traffic Implementing ISA Server 2004 as a Firewall

What Is a TCP/IP Packet? Destination Address: 0003FFD329B0 Source Address: 0003FFFDFFFF Destination Address: 0003FFD329B0 Source Address: 0003FFFDFFFF Network Interface Layer Physical payload Destination: Source: Protocol: TCP Destination: Source: Protocol: TCP Internet Layer IP payload Destination Port: 80 Source Port: 1159 Sequence: Acknowledgment: Destination Port: 80 Source Port: 1159 Sequence: Acknowledgment: Transport Layer TCP payload HTTP Request Method: Get HTTP Protocol Version: =HTTP/1.1 HTTP Host: = HTTP Request Method: Get HTTP Protocol Version: =HTTP/1.1 HTTP Host: = Application Layer

Web Server ISA Server Packet Filter Packet Filter What Is Packet Filtering? Is the … Source address allowed? Destination address allowed? Protocol allowed? Destination port allowed?

What Is Stateful Filtering? Web Server ISA Server Web Server Connection Rules Create connection rule Is packet part of a connection?

What Is Application Filtering? ISA Server Get Respond to client Get method allowed? Does the response contain only allowed content and methods? Does the response contain only allowed content and methods? Web Server

What Is Intrusion Detection? ISA Server Alert the administrator All ports scan attack Port scan limit exceeded

How ISA Server 2004 Filters Network Traffic TCP/IP Firewall Engine Firewall Engine Firewall Service Firewall Service Application Filters Application Filters Web Proxy Filter Web Proxy Filter Rules Engine Rules Engine Web Filters Web Filters Stateful and protocol filtering Stateful and protocol filtering Application filtering Kernel mode data pump Kernel mode data pump Packet filtering 1 1

Implementing ISA Server 2004 as a Firewall To configure ISA Server as a firewall: Determine perimeter network configuration Configure networks and network rules Configure system policy Configure intrusion detection Configure access rule elements and access rules Configure server and Web publishing Determine perimeter network configuration Configure networks and network rules Configure system policy Configure intrusion detection Configure access rule elements and access rules Configure server and Web publishing

Practice: Applying Firewall Concepts In this practice, you will analyze three scenarios describing an organization’s network security requirements and determine what firewall functionality is required in each scenario

Lesson: Examining Perimeter Networks and Templates What Is a Perimeter Network? Why Use a Perimeter Network? Network Perimeter Configurations About Network Templates How to Use the Network Template Wizard Modifying Rules Applied by Network Templates

What Is a Perimeter Network? Perimeter Network Internal Network Firewall Internet Firewall

Why Use a Perimeter Network? A perimeter network provides an additional layer of security: Between the publicly accessible servers and the internal network Between the Internet and confidential data or critical applications stored on servers on the internal network Between potentially nonsecure networks such as wireless networks and the internal network Between the publicly accessible servers and the internal network Between the Internet and confidential data or critical applications stored on servers on the internal network Between potentially nonsecure networks such as wireless networks and the internal network Use defense in depth in addition to perimeter network security

Network Perimeter Configurations Back-to-back configuration Perimeter Network Web Server LAN Three-legged configuration Bastion host LAN Perimeter Network LAN

Back-to-back configuration Perimeter Network Web Server LAN Three-legged configuration Bastion host LAN Perimeter Network LAN Deploy the Edge Firewall template Deploy the Front-End or Back-End template Deploy the Front-End or Back-End template Deploy the 3-Leg Perimeter template Deploy the 3-Leg Perimeter template About Network Templates Deploy the Single Network Adapter template for proxy and caching only

How to Use the Network Template Wizard

Modifying Rules Applied by Network Templates You may need to modify the rules applied by a network template to: Modify Internet access based on user or computer sets Modify Internet access based on protocols Modify network rules to change network relationships Modify Internet access based on user or computer sets Modify Internet access based on protocols Modify network rules to change network relationships You can either change the properties of one of the rules configured by the network template, or you can create a new access rule to apply a specific setting

Practice: Implementing Network Templates Applying the 3-Legged Network Template Reviewing the Access Rules Created by the 3-Legged Network Template Testing Internet Access Internet Den-ISA-01 Den-DC-01Den-Clt-01 Gen-Web-01

Lesson: Configuring System Policies What Is System Policy? System Policy Settings How to Modify System Policy Settings

What Is System Policy? System policy is: A default set of access rules applied to the ISA Server to enable management of the server A set of predefined rules that you can enable or disable as required A default set of access rules applied to the ISA Server to enable management of the server A set of predefined rules that you can enable or disable as required Modify the default set of rules provided by the system policy to meet your organization’s requirements. Disable all functionality that is not required Modify the default set of rules provided by the system policy to meet your organization’s requirements. Disable all functionality that is not required

System Policy Settings System policy settings include: Network Services Authentication Services Remote Management Firewall Client Diagnostic Services Logging and Monitoring SMTP Scheduled Download Jobs Allowed Sites Network Services Authentication Services Remote Management Firewall Client Diagnostic Services Logging and Monitoring SMTP Scheduled Download Jobs Allowed Sites

How to Modify System Policy Settings Enable or disable this policy Enable or disable this policy Configure the required networks Configure the required networks Select the Configuration Group Select the Configuration Group

Practice: Modifying System Policy Examining and modifying the default system policy Testing the modified system policy Internet Den-ISA-01 Den-DC-01Den-Clt-01

Lesson: Configuring Intrusion Detection and IP Preferences About Intrusion Detection Configuration Options How to Configure Intrusion Detection About IP Preferences Configuration Options How to Configure IP Preferences

About Intrusion Detection Configuration Options Intrusion detection on ISA Server 2004: Compares network traffic and log entries to well-known attack methods and raises an alert when an attack is detected Detects well-known IP attacks Includes application filters for DNS and POP that detect intrusion attempts at the application level Compares network traffic and log entries to well-known attack methods and raises an alert when an attack is detected Detects well-known IP attacks Includes application filters for DNS and POP that detect intrusion attempts at the application level

How to Configure Intrusion Detection

About IP Preferences Configuration Options IP preferences are used to: Block or enable network traffic that has an IP option flag set  You can block all packets with IP options, or selected packets Block or enable network traffic where the IP packet has been split into multiple IP fragments  Blocking IP fragments may affect streaming audio and video, and L2TP over IPSec traffic Enable or disable IP routing  With IP routing enabled, ISA Server forwards IP packets between networks without recreating the packet Block or enable network traffic that has an IP option flag set  You can block all packets with IP options, or selected packets Block or enable network traffic where the IP packet has been split into multiple IP fragments  Blocking IP fragments may affect streaming audio and video, and L2TP over IPSec traffic Enable or disable IP routing  With IP routing enabled, ISA Server forwards IP packets between networks without recreating the packet

How to Configure IP Preferences

Practice: Configuring Intrusion Detection Modify the default intrusion detection configuration Test intrusion detection Internet Den-ISA-01 Den-DC-01Den-Clt-01 Gen-Web-01

Lab: Configuring ISA Server as a Firewall Exercise 1: Restoring Firewall Access Rules Exercise 2: Modifying the ISA Server System Policy Exercise 3: Testing the Policy Modifications Den-DC-01 Internet Den-ISA-01 Den-ISA-02

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.