Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

Similar presentations


Presentation on theme: "Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System."— Presentation transcript:

1 Module 4: Configuring ISA Server as a Firewall

2 Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System Policies Configuring Intrusion Detection and IP Preferences

3 Lesson: Using ISA Server as a Firewall What Is a TCP/IP Packet? What Is Packet Filtering? What Is Stateful Filtering? What Is Application Filtering? What Is Intrusion Detection? How ISA Server 2004 Filters Network Traffic Implementing ISA Server 2004 as a Firewall

4 What Is a TCP/IP Packet? Destination Address: 0003FFD329B0 Source Address: 0003FFFDFFFF Destination Address: 0003FFD329B0 Source Address: 0003FFFDFFFF Network Interface Layer Physical payload Destination: 192.168.1.1 Source: 192.168.1.10 Protocol: TCP Destination: 192.168.1.1 Source: 192.168.1.10 Protocol: TCP Internet Layer IP payload Destination Port: 80 Source Port: 1159 Sequence: 3837066872 Acknowledgment: 2982470625 Destination Port: 80 Source Port: 1159 Sequence: 3837066872 Acknowledgment: 2982470625 Transport Layer TCP payload HTTP Request Method: Get HTTP Protocol Version: =HTTP/1.1 HTTP Host: =www.contoso.com HTTP Request Method: Get HTTP Protocol Version: =HTTP/1.1 HTTP Host: =www.contoso.com Application Layer

5 Web Server ISA Server Packet Filter Packet Filter What Is Packet Filtering? Is the … Source address allowed? Destination address allowed? Protocol allowed? Destination port allowed?

6 What Is Stateful Filtering? Web Server ISA Server Web Server Connection Rules Create connection rule Is packet part of a connection?

7 What Is Application Filtering? ISA Server Get www.contoso.com Respond to client Get method allowed? Does the response contain only allowed content and methods? Does the response contain only allowed content and methods? Web Server

8 What Is Intrusion Detection? ISA Server Alert the administrator All ports scan attack Port scan limit exceeded

9 How ISA Server 2004 Filters Network Traffic TCP/IP Firewall Engine Firewall Engine Firewall Service Firewall Service Application Filters Application Filters Web Proxy Filter Web Proxy Filter Rules Engine Rules Engine Web Filters Web Filters Stateful and protocol filtering Stateful and protocol filtering Application filtering Kernel mode data pump Kernel mode data pump 2 2 3 3 4 4 Packet filtering 1 1

10 Implementing ISA Server 2004 as a Firewall To configure ISA Server as a firewall: Determine perimeter network configuration Configure networks and network rules Configure system policy Configure intrusion detection Configure access rule elements and access rules Configure server and Web publishing Determine perimeter network configuration Configure networks and network rules Configure system policy Configure intrusion detection Configure access rule elements and access rules Configure server and Web publishing

11 Practice: Applying Firewall Concepts In this practice, you will analyze three scenarios describing an organization’s network security requirements and determine what firewall functionality is required in each scenario

12 Lesson: Examining Perimeter Networks and Templates What Is a Perimeter Network? Why Use a Perimeter Network? Network Perimeter Configurations About Network Templates How to Use the Network Template Wizard Modifying Rules Applied by Network Templates

13 What Is a Perimeter Network? Perimeter Network Internal Network Firewall Internet Firewall

14 Why Use a Perimeter Network? A perimeter network provides an additional layer of security: Between the publicly accessible servers and the internal network Between the Internet and confidential data or critical applications stored on servers on the internal network Between potentially nonsecure networks such as wireless networks and the internal network Between the publicly accessible servers and the internal network Between the Internet and confidential data or critical applications stored on servers on the internal network Between potentially nonsecure networks such as wireless networks and the internal network Use defense in depth in addition to perimeter network security

15 Network Perimeter Configurations Back-to-back configuration Perimeter Network Web Server LAN Three-legged configuration Bastion host LAN Perimeter Network LAN

16 Back-to-back configuration Perimeter Network Web Server LAN Three-legged configuration Bastion host LAN Perimeter Network LAN Deploy the Edge Firewall template Deploy the Front-End or Back-End template Deploy the Front-End or Back-End template Deploy the 3-Leg Perimeter template Deploy the 3-Leg Perimeter template About Network Templates Deploy the Single Network Adapter template for proxy and caching only

17 How to Use the Network Template Wizard

18 Modifying Rules Applied by Network Templates You may need to modify the rules applied by a network template to: Modify Internet access based on user or computer sets Modify Internet access based on protocols Modify network rules to change network relationships Modify Internet access based on user or computer sets Modify Internet access based on protocols Modify network rules to change network relationships You can either change the properties of one of the rules configured by the network template, or you can create a new access rule to apply a specific setting

19 Practice: Implementing Network Templates Applying the 3-Legged Network Template Reviewing the Access Rules Created by the 3-Legged Network Template Testing Internet Access Internet Den-ISA-01 Den-DC-01Den-Clt-01 Gen-Web-01

20 Lesson: Configuring System Policies What Is System Policy? System Policy Settings How to Modify System Policy Settings

21 What Is System Policy? System policy is: A default set of access rules applied to the ISA Server to enable management of the server A set of predefined rules that you can enable or disable as required A default set of access rules applied to the ISA Server to enable management of the server A set of predefined rules that you can enable or disable as required Modify the default set of rules provided by the system policy to meet your organization’s requirements. Disable all functionality that is not required Modify the default set of rules provided by the system policy to meet your organization’s requirements. Disable all functionality that is not required

22 System Policy Settings System policy settings include: Network Services Authentication Services Remote Management Firewall Client Diagnostic Services Logging and Monitoring SMTP Scheduled Download Jobs Allowed Sites Network Services Authentication Services Remote Management Firewall Client Diagnostic Services Logging and Monitoring SMTP Scheduled Download Jobs Allowed Sites

23 How to Modify System Policy Settings Enable or disable this policy Enable or disable this policy Configure the required networks Configure the required networks Select the Configuration Group Select the Configuration Group

24 Practice: Modifying System Policy Examining and modifying the default system policy Testing the modified system policy Internet Den-ISA-01 Den-DC-01Den-Clt-01

25 Lesson: Configuring Intrusion Detection and IP Preferences About Intrusion Detection Configuration Options How to Configure Intrusion Detection About IP Preferences Configuration Options How to Configure IP Preferences

26 About Intrusion Detection Configuration Options Intrusion detection on ISA Server 2004: Compares network traffic and log entries to well-known attack methods and raises an alert when an attack is detected Detects well-known IP attacks Includes application filters for DNS and POP that detect intrusion attempts at the application level Compares network traffic and log entries to well-known attack methods and raises an alert when an attack is detected Detects well-known IP attacks Includes application filters for DNS and POP that detect intrusion attempts at the application level

27 How to Configure Intrusion Detection

28 About IP Preferences Configuration Options IP preferences are used to: Block or enable network traffic that has an IP option flag set  You can block all packets with IP options, or selected packets Block or enable network traffic where the IP packet has been split into multiple IP fragments  Blocking IP fragments may affect streaming audio and video, and L2TP over IPSec traffic Enable or disable IP routing  With IP routing enabled, ISA Server forwards IP packets between networks without recreating the packet Block or enable network traffic that has an IP option flag set  You can block all packets with IP options, or selected packets Block or enable network traffic where the IP packet has been split into multiple IP fragments  Blocking IP fragments may affect streaming audio and video, and L2TP over IPSec traffic Enable or disable IP routing  With IP routing enabled, ISA Server forwards IP packets between networks without recreating the packet

29 How to Configure IP Preferences

30 Practice: Configuring Intrusion Detection Modify the default intrusion detection configuration Test intrusion detection Internet Den-ISA-01 Den-DC-01Den-Clt-01 Gen-Web-01

31 Lab: Configuring ISA Server as a Firewall Exercise 1: Restoring Firewall Access Rules Exercise 2: Modifying the ISA Server System Policy Exercise 3: Testing the Policy Modifications Den-DC-01 Internet Den-ISA-01 Den-ISA-02


Download ppt "Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System."

Similar presentations


Ads by Google