Microsoft ® Internet Security and Acceleration Server 2006 Beta Technical Overview Steve Lamb Information Security Evangelist

Slides:



Advertisements
Similar presentations
| Copyright © 2009 Juniper Networks, Inc. | 1 WX Client Rajoo Nagar PLM, WABU.
Advertisements

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview
Secure Lync mobile Authentication
Secure SharePoint mobile connectivity
Module 5: Configuring Access to Internal Resources.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Securing the Borderless Network March 21, 2000 Ted Barlow.
Secure Messaging Nick Hall & James Clifford Microsoft.
Chapter 7 HARDENING SERVERS.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.
Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.
Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |
Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Windows ® Powered NAS. Agenda Windows Powered NAS Windows Powered NAS Key Technologies in Windows Powered NAS Key Technologies in Windows Powered NAS.
Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.
Damian Leibaschoff Support Escalation Engineer Microsoft Becky Ochs Program Manager Microsoft.
Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.
Internal NetworkExternal Network. Hub Internal NetworkExternal Network WS.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Securing Microsoft® Exchange Server 2010
Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.
Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.
Introduction to Microsoft Forefront
DEP351 Windows ® Rights Management (Part 2): Enterprise Readiness & Deployment Marco DeMello Group Program Manager Windows Trusted Platforms & Infrastructure.
70-411: Administering Windows Server 2012
1 Overview of Microsoft ISA Server Introducing ISA Server Protects resourcesProtects resources Connects directly to the Internet and your private.
Deploying XenApp and XenDesktop with BIG-IP Brent Imhoff – Field Systems Engineer Gary Zaleski – Solutions Architect Michael Koyfman – Solutions Architect.
Module 5: Designing a Terminal Services Infrastructure.
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
Module 4 Planning and Deploying Client Access Services in Microsoft® Exchange Server 2010 Presentation: 120 minutes Lab: 90 minutes After completing.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Overview of Microsoft ISA Server. Introducing ISA Server New Product—Proxy Server In 1996, Netscape had begun to sell a web proxy product, which optimized.
How to create DNS rule that allow internal network clients DNS access Right click on Firewall Policy ->New- >Access Rule Right click on Firewall.
Network Edge Protection: A Technical Deep-Dive into Internet Security & Acceleration Server
Designing Secure SharePoint External Access Ondrej Sevecek | MCM: Directory | MVP: Security |
Module 6: Managing Client Access. Overview Implementing Client Access Servers Implementing Client Access Features Implementing Outlook Web Access Introduction.
Selling Strategies Microsoft Internet Security and Acceleration (ISA) Server 2004 Powerful Protection for Microsoft Applications.
ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител
Forefront – Security in Education Stephen Cakebread Security Solutions Sales Professional Microsoft Corporation.
ISA SERVER 2004 Group members : Sagar Bhakta – [intro] Orit Ahmed – [installation] Michael Wijaya [advantages] Rene Salazar - [features]
SonicWALL SSL-VPN Series Easy Secure Remote Access Cafferata Cristiano SE Italia.
Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.
Security fundamentals Topic 10 Securing the network perimeter.
Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.
SEC304 Enhancing Exchange, OWA and IIS Security with ISA Server Feature Pack 1 Steve Riley Microsoft Corporation
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.
Securing the Network Perimeter with ISA Server 2004 Ravi Sankar IT Professional Evangelist Microsoft.
V2 January © 2015 Citrix | Confidential – Content in this presentation is under NDA. NetScaler Pitch Deck One solution for all apps.
David B. Cross Product Unit Manager Microsoft Corporation Session Code: SIA303 Donny Rose Senior Program Manager.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Secure Connected Infrastructure
Securing the Network Perimeter with ISA 2004
SEC310 ISA Server 2006新特性 2018年6月24日6时26分
Forefront Security ISA
Implementing TMG Server Publishing
Check Point Connectra NGX R60
Microsoft Virtual Academy
Microsoft Virtual Academy
Presentation transcript:

Microsoft ® Internet Security and Acceleration Server 2006 Beta Technical Overview Steve Lamb Information Security Evangelist Microsoft UK

“You don’t put brakes on a car to go slower – you put them on to go faster more safely” User education is key As are processes and procedures Mis-configured systems are a major threat

“Good Security enables business to do more with less risk” Hold off the Rocket Science Apply Technology to Support the Business Policy Learn how the business works Don’t get in the way!

ISA – Application Layer Firewalling Currently – most firewalls check only basic packet information Real world equivalent of looking at the number and destination of a bus – and not looking at the passengers

Positioning Pillars & Deployment Scenarios Integrated Security Efficient Management Fast, Secure Access Web Access Protection Branch Office Gateway Secure Application Publishing

Secure Application Publishing The Problem Need customized forms, forms for mobile devices, authN support for non-browser apps More multi-factor authN support reqd. ISA in workgroup using RADIUS, lacks AD group info Lack of NTLM, Kerberos delegation support Multiple sign-ons required for different apps Manual link translation cumbersome IP-based NLB creates 1:1 between ISA & published server during sessions Exchange & SharePoint Publishing difficult Expired and duplicate certificates hard to track Idle-based session timeouts include non-user traffic e.g. RPC Exchange Intranet Web Server SharePoint Active Directory External Web Server Administrator User ISA 2006 Appliance Internal Network Internet Load Balancer RADIUS DMZ Strong Server Protection Better Identity Control Seamless Access High Performance Easy Management Username Password NTLM Kerberos Username Password Username Password Needs Pain Points

Exchange Intranet Web Server SharePoint Active Directory External Web Server Administrator User ISA 2006 Appliance DMZ Internal Network Internet Secure Application Publishing The Solution Get Username Password Passcode Username Password Get Strong Server Protection Customized forms incl. mobile devices, alternative authN for non-browser apps RADIUS OTP, smart card support LDAP support for AD integration & other user directories NTLM, Kerberos & Kerberos Constrained Delegation support Single sign-on Automatic link translation through global links table Cookie-based NLB keeps session alive in case of fail-over Exchange, SharePoint publishing Wizards Better UI for certificate management Idle-based, session-based timeouts account for non-user traffic Username Password Better Identity Control Seamless Access High Performance Easy Management Needs New ISA Server 2006 Features

Secure Application Publishing Added Value Strong Server Protection SSL Bridging VPN Quarantine Integrated Remote Client VPN Gateway Reverse Caching Logging & Reporting Better Identity Control Seamless Access High Performance Easy Management Move Exchange out of DMZ Provide pre-authentication for OWA, Outlook, and ActiveSync Multi-factor Authentication for Exchange Load Balancing of OWA Servers Exchange Full Access to all SharePoint docs HTTP Traffic Inspection SharePoint Antigen for Exchange. SharePoint, LCS Complete end-to-end Secure Messaging Solution ISA Server 2004 Features

Secure Application Publishing Key Differentiating Points Tight Integration With Microsoft Products SSL Bridging Inspects Encrypted Content Active Directory Integration Provides Better Management Dedicated Exchange & SharePoint Wizards Makes Setup Easy Integrated ALF & Cache Provides Added Protection & Lower TCO

Deploying to 100s of branch offices difficult No IT support at branch office Software update transfers from HQ to branch slow Policy updates from HQ to branch slow requiring CSS at branch Lack of compression support for traffic No support for traffic prioritization mechanisms Easy Deployment Better Protection Better Management Lower Connectivity Costs Bandwidth Optimization Branch Office Gateway The Problem Exchange Intranet Web Server SharePoint Active Directory External Web Server Administrator ISA 2006 Appliance Array DMZ Internal Network Internet S2S VPN BRANCH OFFICE HEAD QUARTERS User CSS Needs Pain Points

Branch Office Connectivity Wizard Unattended Installation Answer Files Software update caching using BITS Faster policy propagation needing only central CSS at HQ HTTP Compression and range compression and caching Support for DiffServ Branch Office Gateway The Solution Exchange Intranet Web Server SharePoint Active Directory External Web Server Administrator User ISA 2006 Appliance Array DMZ Internal Network Internet S2S VPN BRANCH OFFICE HEAD QUARTERS User CSS Easy Deployment Better Protection Better Management Lower Connectivity Costs Bandwidth Optimization Needs New ISA Server 2006 Features

Branch Office Gateway Added Value Flexible Branch Office Network Topology Integrated S2S VPN Gateway HTTP Caching Distributed Caching & Web Proxy Chaining Easy Deployment Better Protection Better Management Lower Connectivity Costs Bandwidth Optimization Integrated Firewall BITS Caching Complements R2 Remote Differential Caching Windows Server R2 ISA Server 2004 Features

Branch Office Gateway Key Differentiating Points Easy Integration with Existing Branch Office Infrastructure Integrated Application-Layer Firewall Provides Added Protection Integrated Cache Functionality Increases Speed Integrated S2S VPN Functionality Lowers TCO Centralized Management from HQ

Web Access Protection The Problem Need better protection against DoS, DDoS attacks Need better protect against internal worm propagation Need mitigation measures under attack Need better alerting and tracing of infected machines Centralized management and monitoring required External Attack Resilience Internal Attack Resilience Minimal Downtime Remediation Measures Better Management External Web Site Administrator Attacker ISA 2006 Appliance DMZ Internal Network Internet Extranet Web Server Needs Pain Points

Web Access Protection The Solution External Web Site Administrator Attacker ISA 2006 Appliance DMZ Internal Network Internet Extranet Web Server External Attack Resilience Internal Attack Resilience Minimal Downtime Remediation Measures Better Management Flood resiliency through better TCP connection monitoring & thresholds Worm resiliency through better TCP connection monitoring & thresholds Log throttling, control over memory consumption and pending DNS queries 90 newer alerts to provide better detection & forensic ability. Integration with MOM 2005 Needs New ISA Server 2006 Features

Web Access Protection Added Value ALF & Deep Packet Inspection Integrated Caching & CARP Multi-Network Architecture External Attack Resilience Internal Attack Resilience Minimal Downtime Remediation Measures Better Management Flexible SDK Easy-to-use UI Leverages NLB, RRAS, RADIUS, VPN Quarantine, WINS, DNS DHCP capabilities of Windows Server 2003 Windows Server 2003 ISA Server 2004 Features

Web Access Protection Key Differentiating Points Deep Content Inspects Actual Content of Traffic Multi-network Architecture Eases Infrastructure Integration Flexible SDK allows Easy Development of New Application Filters CARP Provides High Performance for Caching Easy-to-Use UI Makes Configuration Easier

© 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. Steve Lamb Information Security Evangelist Microsoft UK