Presentation is loading. Please wait.

Presentation is loading. Please wait.

What's new in Threat Management Gateway (TMG) 2010 Ronald Beekelaar

Similar presentations


Presentation on theme: "What's new in Threat Management Gateway (TMG) 2010 Ronald Beekelaar"— Presentation transcript:

1

2 What's new in Threat Management Gateway (TMG) 2010 Ronald Beekelaar ronald@beekelaar.com

3 Introductions Presenter – Ronald Beekelaar –MVP Security –MVP Virtual Machine Technology –E-mail: Beekelaar Consultancy BV ronald@beekelaar.com Work –Security consultancy –Virtualization consultancy –Create many VM-based labs and demos –Software to optimize, manage and run VM

4 Session Objectives Main goal: –Make it easier for you to talk to customers about Threat Management Gateway (TMG) 2010. –Or: implement TMG 2010 within your own organization –How to do that? Focus on new features in TMG 2010 –As successor to ISA 2006 Understand NIS Explain Outbound SSL Inspection –Sub goal: Use the lab environment for demos

5 Demo and Lab Environment For study, testing, demo, POC, etc –Download from: http://go.microsoft.com/fwlink/?LinkId=190269 –Contains all Forefront products Including FIM and AD FS

6 What's new in TMG? Malware Inspection (AM) –For HTTP and HTTPS –Email antivirus / antispam filtering Network Inspection System (NIS) –Intrusion Prevention System URL Filtering HTTPS Inspection Web Access Policy ISP Redundancy (ISP-R) –Failover and load-balancing Enhanced NAT –For multiple outbound SMTP servers

7 TMG “Network Rules” New Feature: Enhanced NAT –Eg. SMTP Sender Policy Framework

8 Malware Inspection Detects viruses in HTTP traffic Uses MS AV engine –Same as FCS, FSE, FSSP, etc –Single engine – not multi-vendor Issue: –Scanning takes time – client may time out Solution: –Progress notification (for browser clients) –Content trickling + recall Send 50 bytes every 5 seconds

9 Network Inspection System (NIS) Signature-based detection of malicious network traffic –Based on MS Research GAPA project Generic Application Protocal Analyzer –Signatures for vulnerabilities (MS08-33) And some signatures for existing exploits –Microsoft releases security bulletin + security update (patch) + NIS signature Protects unpatched computers behind TMG

10 URL Filtering Microsoft Reputation Service (MRS) returns one of 91 “category” indications for each URL –Including “Unknown” Firewall rule: Allow category Sports after 5 PM only www.soccer.com Content Request Content MRS www.soccer.com ? category = sports + in cache

11 URL Filtering – Walking the Path

12 HTTPS Inspection Outbound traffic For Web publishing, inbound SSL Bridging is well-known (ISA Server 2000) Issue: –Cannot inspect outbound traffic in encrypted tunnel (SSL) Solution: –Use “SSL Bridging” on outbound SSL connections as well –Difference with Web publishing is that client can go to many different Web sites

13 HTTPS Inspection Mechanism In Web browser: https://www.fabrikam.com www.fabrikam.com In TMG request: https://www.fabrikam.com SSL Request Certificate SSL Request Certificate Signed by Verisign www.fabrikam.com Signed by”TMG CA”

14


Download ppt "What's new in Threat Management Gateway (TMG) 2010 Ronald Beekelaar"

Similar presentations


Ads by Google