Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Similar presentations


Presentation on theme: "Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions."— Presentation transcript:

1 Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions

2 Session Overview Network Perimeter Security Protecting the Network Virtual Private Networking

3 Purpose and Limitations of Perimeter Defenses Properly configured firewalls and border routers are the cornerstone for perimeter security The Internet and mobility increase security risks VPNs have exposed a destructive, pernicious entry point for viruses and worms in many organizations Traditional packet-filtering firewalls only block network ports and computer addresses Most modern attacks occur at the application layer

4 Securing the Network Perimeter: What Are the Challenges? Internet Main office Remote user Business partner Branch office Wireless Challenges Include: Determining proper firewall design Access to resources for remote users Effective monitoring and reporting Need for enhanced packet inspection Security standards compliance Challenges Include: Determining proper firewall design Access to resources for remote users Effective monitoring and reporting Need for enhanced packet inspection Security standards compliance

5 Malicious traffic that is passed on open ports and not inspected by the firewall Any traffic that passes through an encrypted tunnel or session Attacks after a network has been penetrated Traffic that appears legitimate Users and administrators who intentionally or accidentally install viruses Administrators who use weak passwords What Firewalls Do NOT Protect Against

6 Securing the Network Perimeter: What Are the Design Options? Back-to-back configuration Bastion host Three-legged configuration Web server Internal network Perimeter network Internet Internal network Perimeter network

7 Firewall Requirements: Multiple-Layer Filtering Packet filtering: Filters packets based on information in the network and transport layer headers Enables fast packet inspection, but cannot detect higher-level attacks Filters packets based on information in the network and transport layer headers Enables fast packet inspection, but cannot detect higher-level attacks Stateful filtering: Filters packets based on the TCP session information Ensures that only packets that are part of a valid session are accepted, but cannot inspect application data Filters packets based on the TCP session information Ensures that only packets that are part of a valid session are accepted, but cannot inspect application data Application filtering: Filters packets based on the application payload in network packets Can prevent malicious attacks and enforce user policies Filters packets based on the application payload in network packets Can prevent malicious attacks and enforce user policies

8 Configuring ISA Server to Secure the Network Perimeter Use ISA Server to: Provide firewall functionality Publish internal resources such as Web or Exchange servers Implement multilayer packet inspection and filtering Provide VPN access for remote users and sites Provide proxy and caching services LAN Server User Remote User VPN Internet Exchange Server Web Server ISA Server Web Server

9 Implementing Network Templates to Configure ISA Server 2004 Deploy the Single Network Adapter template for Web proxy and caching only Back-to-back configuration Bastion host Three-legged configuration Web server Internal network Perimeter network Deploy the Edge Firewall template Deploy the Front end or Back end template Deploy the Front end or Back end template Deploy the 3-Leg Perimeter template Deploy the 3-Leg Perimeter template Internet

10 Session Overview Network Perimeter Security Protecting the Network Virtual Private Networking

11 Protecting the Network: What Are the Challenges? Challenges related to protecting the network layer include: Balance between security and usability Lack of network-based detection or monitoring for attacks Balance between security and usability Lack of network-based detection or monitoring for attacks

12 Implementing Network-Based Intrusion-Detection Systems Important points to note: Network-based intrusion-detection systems are only as good as the process that is followed once an intrusion is detected ISA Server 2004 provides network-based intrusion- detection abilities Network-based intrusion-detection systems are only as good as the process that is followed once an intrusion is detected ISA Server 2004 provides network-based intrusion- detection abilities Provides rapid detection and reporting of external malware attacks Network-based intrusion-detection system

13 Implementing Application Layer Filtering Application layer filtering includes the following: Web browsing and e-mail can be scanned to ensure that content specific to each does not contain illegitimate data Deep content analyses, including the ability to detect, inspect, and validate traffic using any port and protocol

14 Protecting the Network: Best Practices Have a proactive antivirus response team monitoring early warning sites such as antivirus vendor Web sites Have an incident response plan Implement automated monitoring and report policies Implement ISA Server 2004 to provide intrusion- detection capabilities

15 Session Overview Network Perimeter Security Protecting the Network Virtual Private Networking

16 Virtual Private Networking: What Are the Challenges? VPNs provide a secure option for communicating across a public network VPNS are used in two primary scenarios: VPNs provide a secure option for communicating across a public network VPNS are used in two primary scenarios: Network access for remote clients Network access between sites Network access for remote clients Network access between sites VPN quarantine control provides an additional level of security by providing the ability to check the configuration of the VPN client machines before allowing them access to the organization’s network

17 Understanding Quarantine Networks Standard features of a quarantine network include: Typically restricted or blocked from gaining access to internal resources Provides a level of connectivity that allows temporary visitors’ computers to work productively without risking the security of the internal network Currently only available for VPN remote access solutions

18 How Does Network Quarantine Work? ISA Server DNS Server Web Server Domain Controller File Server Quarantine script VPN Quarantine Clients Network VPN Clients Network RQC.exe Quarantine remote access policy ISA server DNS server Web server Domain controller File server Quarantine script Quarantined VPN Clients Network VPN clients network Rqc.exe Quarantine remote access policy

19 Session Summary Properly configured firewalls and border routers are the cornerstone for perimeter security Use an appropriate firewall design Firewalls do not protect against bad security practices Implement a firewall that provides multiple layer filtering ISA Server 2004 provides network-based intrusion-detection abilities VPN quarantine control provides an additional level of security

20 Next Steps Find additional security training events: http://www.microsoft.com/seminar/events/security.mspx Sign up for security communications: http://www.microsoft.com/technet/security/signup/default. mspx Get additional security information on ISA Server: http://www.microsoft.com/technet/security/prodtech/isa/ default.mspx

21 Questions and Answers

22 pkiernan@ward.ie www.ward.ie


Download ppt "Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions."

Similar presentations


Ads by Google