Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security and ISA Server Paul Hogan Ward Solutions.

Published byCornelia Howard Modified over 9 years ago

Similar presentations

Presentation on theme: "Network Security and ISA Server Paul Hogan Ward Solutions."— Presentation transcript:

1 Network Security and ISA Server Paul Hogan Ward Solutions

2 Session Prerequisites Hands-on experience with Windows 2000 or Windows Server 2003 Working knowledge of networking, including basics of security Basic knowledge of network security-assessment strategies Level 300

3 Agenda 10:00 11:00 Network Security 11:00 11:15 Break 11:30 12:00Securing SQL Server 12:00 1:00 Lunch 1:00 2:00 Securing Exchange 2:30 2:15Break 2:15 3:15Lab Sessions 3:15 Q&A

4 This sessions are about… …about operational security The easy way is not always the secure way Networks are usually designed in particular ways  In many cases, these practices simplify attacks  In some cases these practices enable attacks In order to avoid these practices it helps to understand how an attacker can use them

5 This sessions are NOT … a hacking tutorial  Hacking networks you own can be enlightening  HACKING NETWORKS YOU DO NOT OWN IS ILLEGAL …demonstrating vulnerabilities in Windows  Everything we show stems from operational security or custom applications  Knowing how Windows operates is critical to avoiding problems …for the faint of heart

6 The Sessions

7 The Network

8 Introducing the Case-Study Scenario

9 Understanding Defense-in-Depth Using a layered approach: Increases an attacker’s risk of detection Reduces an attacker’s chance of success Security policies, procedures, and education Policies, procedures, and awareness Guards, locks, tracking devices Physical security Application hardening Application OS hardening, authentication, security update management, antivirus updates, auditing Host Network segments, NIDS Internal network Firewalls, boarder routers, VPNs with quarantine procedures Perimeter Strong passwords, ACLs, backup and restore strategy Data

10 Why Does Network Security Fail? Network security fails in several common areas, including: Human awareness Policy factors Hardware or software misconfigurations Poor assumptions Ignorance Failure to stay up-to-date Human awareness Policy factors Hardware or software misconfigurations Poor assumptions Ignorance Failure to stay up-to-date

11 What we will cover: How to Implement Perimeter defenses How ISA Server protects networks Using Windows Firewalls to Protect Clients How to Protect Wireless Networks

12 Purpose and Limitations of Perimeter Defenses Properly configured firewalls and border routers are the cornerstone for perimeter security The Internet and mobility increase security risks VPNs have exposed a destructive, pernicious entry point for viruses and worms in many organizations Traditional packet-filtering firewalls only block network ports and computer addresses Most modern attacks occur at the application layer

13 Purpose and Limitations of Intrusion Detection Detects the pattern of common attacks and records suspicious traffic in event logs and/or alerts administrators Integrates with other firewall features to prevent common attacks Threats and vulnerabilities are constantly evolving, which leaves systems vulnerable until a new attack is known and a new signature is created and distributed

14 Implementing Network-Based Intrusion-Detection Systems Important points to note: Network-based intrusion-detection systems are only as good as the process that is followed once an intrusion is detected ISA Server 2004 provides network-based intrusion- detection abilities Network-based intrusion-detection systems are only as good as the process that is followed once an intrusion is detected ISA Server 2004 provides network-based intrusion- detection abilities Provides rapid detection and reporting of external malware attacks Network-based intrusion-detection system

15 Perimeter Connections  The Internet  Branch offices  Business partners  Remote users  Wireless networks  Internet applications Network perimeters include connections to: Business Partner LAN Main Office LAN Wireless Network Remote User Internet Branch Office

16 Firewall Design: Three Homed Screened Subnet Internet LAN Firewall

17 Firewall Design: Back-to-Back DMZ Internet External Firewall LAN Internal Firewall

18 Software vs Hardware Firewalls Decision Factors Description Flexibility Updating for latest vulnerabilities and patches is easier with software- based firewalls. Extensibility Many hardware firewalls only allow for limited customizability. Choice of Vendors Software firewalls allow you to choose from hardware for a wide variety of needs, and there is no reliance on single vendor for additional hardware. Costs Initial purchase price for hardware firewalls may be less. Software firewalls take advantage of low CPU costs. The hardware can be easily upgraded and old hardware can be repurposed. Complexity Hardware firewalls are often less complex.

19 Types of Firewalls Packet Filtering Stateful Inspection Application-Layer Inspection Multi-layer inspection (including application-layer filtering) Internet

20 Agenda Introduction/Defense in Depth Using Perimeter Defenses Using ISA Server to Protect Perimeters Using Windows Firewall to Protect Clients Protecting Wireless Networks Protecting Networks by Using IPSec

21 Protecting Perimeters ISA Server has full screening capabilities:  Packet filtering  Stateful inspection  Application-level inspection ISA Server blocks all network traffic unless you allow it ISA Server is ICSA and Common Criteria certified

22 Protecting Clients MethodDescription Proxy Functions Processes all requests for clients and never allows direct connections. Client Support Support for all clients without special software. Installation of ISA Firewall software allows for greater functionality. Rules Protocol Rules, Site and Content Rules, and Publishing Rules determine if access is allowed. Add-ons Initial purchase price for hardware firewalls may be less. Software firewalls take advantage of low CPU costs. The hardware can be easily upgraded and old hardware can be repurposed.

23 Protecting Web Servers Web Publishing Rules  Protect Web servers behind the firewall from external attacks by inspecting HTTP traffic and ensuring it is properly formatted and complies with standards. Inspection of SSL traffic  Inspects incoming encrypted Web requests for proper formatting and standards compliance.  Will optionally re-encrypt the traffic before sending them to your Web server

24 URLScan ISA Server Feature Pack 1 includes URLScan 2.5 for ISA Server Allows URLScan ISAPI filter to be applied at the network perimeter  General blocking for all Web servers behind the firewall  Perimeter blocking for known and newly discovered attacks Web Server 1 ISA Server Web Server 2 Web Server 3

25 Protecting Exchange Server MethodDescription Mail Publishing Wizard Configures ISA Server rules to securely publish internal mail services to external users. Message Screener Screens e-mail messages that enter the internal network. RPC Publishing Secure native protocol access for Outlook clients. OWA Publishing Provides protection for remote Outlook users accessing Exchange Server over untrusted networks without a VPN.

26 Demonstration 1 Application-Layer Inspection in ISA Server URL Scan Web Publishing Message Screener

27 Traffic that Bypasses Firewall Inspection SSL tunnels through traditional firewalls because it is encrypted, which allows viruses and worms to pass through undetected and infect internal servers. VPN traffic is encrypted and can’t be inspected Instant Messenger (IM) traffic often is not inspected and may be used to transfer files in addition to be used for messaging.

28 Inspecting All Traffic Use intrusion detection and other mechanisms to inspect VPN traffic after it has been decrypted  Remember: Defense in Depth Use a firewall that can inspect SSL traffic Expand inspection capabilities of your firewall  Use firewall add-ons to inspect IM traffic

29 SSL Inspection SSL tunnels through traditional firewalls because it is encrypted, which allows viruses and worms to pass through undetected and infect internal servers. ISA Server pre-authenticates users, eliminating multiple dialog boxes and allowing only valid traffic through. ISA Server can decrypt and inspect SSL traffic. Inspected traffic can be sent to the internal server re-encrypted or in the clear. ISA Server with Feature Pack 1 ClientInternal ServerInternet

30 Demonstration 2 SSL Inspection in ISA Server

31 ISA Server Hardening Secure your Server Wizard Review Bastion Host information in Security Guides Disable unnecessary services Harden the Network Stack Disable unnecessary network protocols on the external network interface:  File and print sharing  Client for Microsoft Networks  NetBIOS over TCP/IP

32 Best Practices Use access rules that only allow requests that are specifically allowed Use ISA server’s authentication capabilities to restrict and log Internet access Configure Web publishing rules only for specific URLs Use SSL Inspection to inspect encrypted data that is entering your network

33 Demonstration 3 Internet Connection Firewall (ICF) Configuring ICF Manually Testing ICF Reviewing ICF Log Files Configuring Group Policy Settings

34 Agenda Introduction/Defense in Depth Using Perimeter Defenses Using ISA Server to Protect Perimeters Using Windows Firewall to Protect Clients Protecting Wireless Networks Protecting Networks by Using IPSec

35 New Security Features in Windows Firewall On by default Boot-time security Global configuration and restore defaults Local subnet restrictions Command-line support On with no exceptions Windows Firewall exceptions list Multiple profiles RPC support Unattended setup support

36 Configuring Windows Firewall for Antivirus Defense

37 Agenda Introduction/Defense in Depth Using Perimeter Defenses Using ISA Server to Protect Perimeters Using Windows Firewall to Protect Clients Protecting Wireless Networks Protecting Networks by Using IPSec

38 Limitations of Wired Equivalent Privacy ( WEP)  WEP is inherently weak to due poor key exchange.  WEP keys are not dynamically changed and therefore vulnerable to attack.  No method for provisioning WEP keys to clients. Limitations of MAC Address Filtering  Scalability - Must be administered and propagated to all APs. List may have a size limit.  No way to associate a MAC to a username.  User could neglect to report a lost card.  Attacker could spoof an allowed MAC address. Wireless Security Issues

39 VPN Connectivity  PPTP  L2TP  Third Party IPSec  Many vendors Password-based Layer 2 Authentication  Cisco LEAP  RSA/Secure ID  IEEE 802.1x PEAP/MSCHAP v2 Certificate-based Layer 2 Authentication  IEEE 802.1x EAP/TLS Possible Solutions

40 WLAN Security TypeSecurity LevelEase of Deployment Usability and Integration IEEE 802.11LowHigh VPNMedium Low Password-basedMedium High IPSecHighLow IEEE 802.1x TLSHighLowHigh WLAN Security Comparisons

41 Defines port-based access control mechanism  Works on anything, wired and wireless  Access point must support 802.1X  No special encryption key requirements Allows choice of authentication methods using EAP  Chosen by peers at authentication time  Access point doesn’t care about EAP methods Manages keys automatically  No need to preprogram wireless encryption keys 802.1X

42 802.1X using EAP/TLS or MSCHAPv2 Domain Controller DHCP Exchange File Server Certification Authority RADIUS (IAS) Server Certificate 802.11/.1X Access Point Laptop Domain User/Machine Certificate EAP Connection 1, 2, 6 3, 5, 7 4

43 A specification of standards-based, interoperable security enhancements that strongly increase the level of data protection and access control for existing and future wireless LAN systems Goals  Enhanced Data Encryption  Provide user authentication  Be forward compatible with 802.11i  Provide non-RADIUS solution for Small/Home offices (WPA-PSK) Products shipping Wi-Fi Protected Access (WPA)

44 Best Practices Use 802.1x authentication Organize wireless users and computers into groups Apply wireless access policies using Group Policy Use EAP/TLS and 128 bit WEP Set clients to force user authentication as well as machine authentication Develop a method to manage rogue APs such as LAN based 802.1x authentication and wireless sniffers.

45 Malicious traffic that is passed on open ports and not inspected by the firewall Any traffic that passes through an encrypted tunnel or session Attacks after a network has been penetrated Traffic that appears legitimate Users and administrators who intentionally or accidentally install viruses Administrators who use weak passwords What Firewalls Do NOT Protect Against

46 Understanding Application and Database Attacks Common application and database attacks include: Buffer overruns: Write applications in managed code SQL injection attacks: Validate input for correct size and type

47 Attacks: Buffer Overflow Aka the “Boundary Condition Error”: Stuff more data into a buffer than it can handle. The resulting overflowed data “falls” into a precise location and is executed by the system  Local overflows are executed while logged into the target system  Remote overflows are executed by processes running on the target that the attacker “connects” to Result: Commands are executed at the privilege level of the overflowed program

48 Attacks: Input validation An process does not “strip” input before processing it, ie special shell characters such as semicolon and pipe symbols An attacker provides data in unexpected fields, ie SQL database parameters

49 Implementing Application Layer Filtering Application layer filtering includes the following: Web browsing and e-mail can be scanned to ensure that content specific to each does not contain illegitimate data Deep content analyses, including the ability to detect, inspect, and validate traffic using any port and protocol

50 Session Summary Introduction/Defense in Depth Using Perimeter Defenses Using ISA Server to Protect Perimeters Using ICF to Protect Clients Protecting Wireless Networks

51

52 Questions and Answers

Download ppt "Network Security and ISA Server Paul Hogan Ward Solutions."

Similar presentations

Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Paula Kiernan Senior Consultant Ward Solutions

Paula Kiernan Senior Consultant Ward Solutions
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewall Configuration Strategies

Firewall Configuration Strategies
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.

2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.

Similar presentations

Ads by Google