Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Introduction to ISA 2004 Dana Epp Microsoft Security MVP."— Presentation transcript:

1 Introduction to ISA 2004 Dana Epp Microsoft Security MVP

2

3 Who am I?

4 Microsoft Windows Security MVP

5 Information Security Professional

6 Computer Security Software Architect

7 Small Business Owner

8 What do I know about firewalls?

9 I’ve written firewall code

10

11 I’ve deployed firewalls (big and small)

12

13

14

15 100’s of small businesses Many different verticals Manufacturing Medical Professional Services Educational Financial etc

16 I’ve invented new firewalls

17

18 I know a bit about them.

19 caching Content filtering applicatio n publishing advanced application layer firewall caching content filtering application publishing advanced application layer firewall / vpn ISA Server 2004

20 What’s the difference between ISA and other SMB firewalls?

21 Simple Ingress Filtering Simple Egress Filtering Complex Ingress Filtering Complex Egress Filtering Application Content Filtering Virtual Private Networking Web Caching Microsoft ISA 2004 NAT Device Typical Hardware Firewall Some have limited VPN AD Authentication Advanced Hardware Firewall Rarely available Differences in SMB Firewalls

22 Patch management issues for the firewall

23 What’s the important difference?

24 A traditional firewall’s view of a packet Application Layer Content ?????????????????????? Only packet headers are inspected –Application layer content appears as “black box” IP Header Source Address, Dest. Address, TTL, Checksum TCP Header Sequence Number Source Port, Destination Port, Checksum Forwarding decisions based on port numbers –Legitimate traffic and application layer attacks use identical ports Internet Expected HTTP Traffic Unexpected HTTP Traffic Attacks Non-HTTP Traffic Corporate Network

25 Problem. UFBP!

26 ISA Server’s view of a packet Packet headers and application content are inspected Application Layer Content MSNBC - MSNBC Front Page <link rel="stylesheet" IP Header Source Address, Dest. Address, TTL, Checksum TCP Header Sequence Number Source Port, Destination Port, Checksum Forwarding decisions based on content –Only legitimate and allowed traffic is processed Internet Expected HTTP Traffic Unexpected HTTP Traffic Attacks Non-HTTP Traffic Corporate Network

27 What’s new in ISA 2004?

28 Updated security architecture Advanced Protection Application layer security designed to protect Microsoft applications Deep content inspection Enhanced, customizable HTTP protocol filters Comprehensive and flexible policies Stateful routing for all IP protocols Enhanced Exchange Server Integration Support for Outlook RPC over HTTP Enhanced Outlook Web Access security Easy to use configuration wizards Fully integrated VPN Unified firewall -- VPN filtering Site-to-site IPsec Tunnel Mode support Network access quarantine Secure Internet Information Server and SPS SSL Bridging for IIS and SPS Easy to use Web publishing wizards AD, RADIUS, SecurID authentication

29 New management tools and UI Ease of Use Efficient and cost effective network security Multi-network architecture Unlimited network definitions and types Firewall policy applied to all traffic Per network routing relationships Network templates and wizards Wizard simplifies routing configuration Easy setup for common network topologies Easily customized for sophisticated scenarios Visual policy editor Firewall policy with single, ordered rule-base Drag and drop editing, scenario-driven wizards XML-based configuration import and export Enhanced trouble-shooting Monitoring dashboard Real-time log viewer Content sensitive task panes

30 Commitment to integration Fast, Secure Access Empowers you to connect users to relevant information on your network in a cost efficient manner Enhanced architecture High speed data transport Utilizes latest Windows and PC hardware High speed application filtering platform Web cache Updated policy rules Serve content locally Pre-fetch content during low activity periods Internet access control User- and group-based Web usage policy Extensible by third parties Comprehensive authentication New support for RADIUS and RSA SecurID User- and group-based access policy Third-party extensibility

31 Sample Scenarios

32 Scenario: Securely make email available to outside employees

33 Solution: Outlook over RPC, OMA, Virtual Private Networking

34 Scenario: Control Internet access and protect clients from malicious Internet traffic

35 Solution: Content filtering, scheduled access, firewall client

36 Scenario: Ensure fast access to the most frequently used web content

37 Solution: Web Proxy

38 Call to Action Give ISA 2004 a try Consider buying SBS Premium instead of SBS Standard. If managing hardware firewalls, CHECK FOR FIRMWARE UPDATES.

39 For more information: Amy’s ISA in SBS blog: http://isainsbs.blogspot.com ISA Server Resource site http://www.isaserver.org Dana’s security blog: http://silverstr.ufies.org Firewall Dashboard http://www.scorpionsoft.com Dana Epp Microsoft Security MVP

Download ppt "Introduction to ISA 2004 Dana Epp Microsoft Security MVP."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview

Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Microsoft Internet Security & Acceleration Server Dave Sayers Technical Specialist Microsoft UK.

Microsoft Internet Security & Acceleration Server Dave Sayers Technical Specialist Microsoft UK.
Securing the Perimeter – Exchange and VPN Access with ISA Server 2004 Jamie Sharp CISSP Security Advisor Amit Pawar National Technology Specialist Microsoft.

Securing the Perimeter – Exchange and VPN Access with ISA Server 2004 Jamie Sharp CISSP Security Advisor Amit Pawar National Technology Specialist Microsoft.
ISA Server 2004. Microsoft’s Goals Security is a top priority for Microsoft, and we are committed to helping our customers protect their intellectual.

ISA Server Microsoft’s Goals Security is a top priority for Microsoft, and we are committed to helping our customers protect their intellectual.
Copyright Microsoft Corp. 2006 Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.

MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
A Holistic Approach to Malware Defense Bruce Cowper Senior Program Manager; Security Initiative Microsoft Canada.

A Holistic Approach to Malware Defense Bruce Cowper Senior Program Manager; Security Initiative Microsoft Canada.

Similar presentations

Ads by Google