Download presentation
Presentation is loading. Please wait.
1
Securing the Network Perimeter with ISA 2004
2
Session Goals: Give you an overview of ISA server 2004 and common scenarios in which it can be used. Demonstrate how you can securely publish network services such web sites. Examine the ways you can use ISA 2004 for Virtual Private Networking. Show the importance and how to’s of monitoring and reporting. Best Practices, tools and tips.
3
Agenda Introduction to ISA Server 2004
Securely Publishing Network Services Virtual Private Networking with ISA Server 2004 Monitoring and Reporting
4
Securing the Network Perimeter: What are the Challenges?
Business partner Main office Challenges Include: Determining proper firewall design Access to resources for remote users Effective monitoring and reporting Need for enhanced packet inspection Security standards compliance Internet Wireless Branch office Remote user
5
ISA 2004, What are the Benefits?
Features: Secure by default Templates for common designs Wizards for configuration Custom rule creation Active Directory integration for authentication Multiple Layer filtering and enhanced packet inspection Advanced Caching Logging and real-time monitoring Import / Export and Backup / Restore mechanisms Cluster support on Enterprise Edition
6
What do we Recommend for ISA 2004?
RAM CPU Windows 2000 Server or Windows Server 2003 512 MB 500 MHz Hard Disk Format Hard Disk Space NTFS Internal NIC External NIC 150 MB
7
What are the Installation Defaults?
The ISA Server default configuration blocks all network traffic between networks connected to ISA Server Only members of the local Administrators group have administrative permissions Default networks are created Access rules include system policy rules and the default access rule No servers are published Caching is disabled The Firewall Client Installation Share is accessible if installed
8
Best Practices for Design:
To deploy ISA Server to provide Internet access: Decide on the design that best suites your requirements Plan for DNS name resolution Create the required access rule elements and configure the access rules Plan the access rule order Implement the appropriate authentication mechanisms Test access rules before deployment Deploy the Firewall Client for maximum security and functionality Use ISA Server logging to troubleshoot Internet connectivity issues
9
Common Designs and using Templates to configure ISA 2004
Bastion host Three-legged configuration Internal network Internal network Perimeter network Web server Deploy the 3-Leg Perimeter template Deploy the Edge Firewall template Back-to-back configuration Internal network Deploy the Front end or Back end template Perimeter network Internet Deploy the Single Network Adapter template for Web proxy and caching only
10
Access Rules - The building blocks
Types of access rule elements used to create access rules are: Protocols User sets Content types Schedules Network objects Destination network Destination IP Destination site Any user Authenticated users Specific User/Group Allow Deny action on traffic from user from source to destination with conditions Protocol IP Port / Type Source network Source IP Originating user Published server Published web site Schedule Filtering properties
11
Multiple-Layer Filtering
Packet filtering: Filters packets based on information in the network and transport layer headers Enables fast packet inspection, but cannot detect higher-level attacks Stateful filtering: Filters packets based on the TCP session information Ensures that only packets that are part of a valid session are accepted, but cannot inspect application data Application filtering: Filters packets based on the application payload in network packets Can prevent malicious attacks and enforce user policies
12
demonstration The ISA Server Interface and Applying a Network Template
The Interface Use a network template to configure ISA Server 2004 as a 3-legged firewall Rules
13
Agenda Introduction to ISA Server 2004
Securely Publishing Network Services Virtual Private Networking with ISA Server 2004 Monitoring and Reporting
14
What Is ISA Server Publishing?
ISA Server enables three types of publishing rules: Web publishing rules for publishing Web sites using HTTP Secure Web publishing rules for publishing Web sites that require SSL for encryption Server publishing rules for publishing servers that do not use HTTP or HTTPS
15
demonstration Configuring a Secure Web Publishing Rule
Common Scenarios for publishing Import / Export function for rules
16
Agenda Introduction to ISA Server 2004
Securely Publishing Network Services Virtual Private Networking with ISA Server 2004 Monitoring and Reporting
17
Enabling Virtual Private Networking with ISA Server
ISA Server enables VPN access: By including remote-client VPN access for individual clients and site-to-site VPN access to connect multiple sites By enabling VPN-specific networks, including: VPN Clients network Quarantined VPN Clients network Remote-site network By using network and access rules to limit network traffic between the VPN networks and the other networks with servers running ISA Server By extending RRAS functionality
18
Enabling VPN Client Connections
To enable VPN client connections: Choose a tunneling protocol Choose an authentication protocol Use MS-CHAP v2 or EAP if possible Enable VPN client access in ISA Server Management Configure user accounts for remote access Configure remote-access settings Configure firewall access rules for the VPN Clients network
19
Implementing Site-to-Site VPN Connections
To enable site-to-site VPN connections: Choose a tunneling protocol Configure the remote-site network Configure network rules and access rules to enable: open communications between networks, or controlled communications between networks Configure the remote-site VPN gateway
20
How Does Network Quarantine Work?
ISA server DNS server Web server Domain controller File server Quarantine script Quarantined VPN Clients Network VPN clients network Rqc.exe Quarantine remote access policy VPN Clients Network Domain Controller Web Server Quarantine script Quarantine remote access policy RQC.exe ISA Server DNS Server File Server VPN Quarantine Clients Network
21
demonstration Connectivity with VPN Site to Site Remote Users
Quarantine
22
Agenda Introduction to ISA Server 2004
Securely Publishing Network Services Virtual Private Networking with ISA Server 2004 Monitoring and Reporting
23
ISA 2004 Monitoring Tools Dashboard – Aggregated centralized view
Alerts – One place for all problems Sessions – Active sessions view Services – ISA services status Connectivity – Connectivity to network svcs Logging – Powerful viewer of ISA logs Reports – Top users, Top sites, Cache hits…
24
demonstration Monitoring and Reporting Reporting Interfaces
Real Time Monitoring
25
Session Summary ISA Server 2004 is secure by default because it blocks all traffic—configure access rules to provide the fewest possible access rights Use the application layer filtering to respond to the contents of the traffic before it is passed to your network Implement ISA Server publishing rules to make internal resources accessible from the InternetCustom rule creation Use access rules to limit access for VPN remote-access clients, site-to-site VPN clients, and network quarantine clients Monitoring and Reporting is an important part of any secure network design
26
For More Information… Main TechNet Web site at
Get additional security information on ISA Server Find additional security training events Sign up for security communications
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.