Presentation is loading. Please wait.

Presentation is loading. Please wait.

Edge Security with Forefront Sandeep Modhvadia Security Specialist.

Published byDavid Henry Modified over 9 years ago

Similar presentations

Presentation on theme: "Edge Security with Forefront Sandeep Modhvadia Security Specialist."— Presentation transcript:

1 Edge Security with Forefront Sandeep Modhvadia Security Specialist

2 Agenda ISA Server 2006 What’s New What’s Improved SSO Publishing Demo Hardware Sizing Whale Intelligent Application Gateway What is it? How does it Work? Custom Publishing Demo Q&A

3 ISA Server 2006 – Improved Exchange Publishing Support for Exchange 2007 Certificate Management Forms Based Authentication Custom Forms Multi-Language Support Authentication Enhancements Certificates, OTP, Radius, LDAP

4 ISA Server 2006 – New Features Single Sign On Cookie based authentication SharePoint publishing Specialised Wizard driven publishing Cross Array Link Translation

5 Custom FBA and Single Sign On Demo

6 What Is Whale Client High-Availability, Management, Logging, Reporting, Multiple Portals Authentication Authorization User Experience Tunneling Security Specific Applications Web Client/Server Java/Browser Embedded Exchange/ Outlook OWA SharePoint/ Portals Citrix Generic Applications Application Aware Modules SSL VPN Gateway Applications Knowledge Centre OWA … ………... Citrix …….. Sharepoint. ……….... Devices Knowledge Centre PDA ….... Linux …….. Windows. ………... MAC …..... ISO7799 Corporate Governance SarbOx Basel2 Policy & Regulation Awareness Centre WHO? WHAT? WHERE? COMPLIANT?

7 Integrated Solution Benefits

8 External World Air Gap Switch External e-Gap Virtual Web Server Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine Authentication e-Mail Browser-Side Security Manager Applications File Shares HAT Engine User types URL into browser

9 External World Air Gap Switch External e-Gap Virtual Web Server Transaction is sent over internet to external server Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine e-Mail Browser-Side Security Manager File Shares Authentication HAT Engine Applications

10 External World Air Gap Switch External e-Gap Virtual Web Server External e-Gap, receives packet Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine e-Mail Browser-Side Security Manager File Shares Authentication HAT Engine Applications

11 External World Air Gap Switch External e-Gap Virtual Web Server All protocol layers and TCP/IP headers are stripped off Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine e-Mail Browser-Side Security Manager File Shares Authentication HAT Engine Applications

12 External World Air Gap Switch External e-Gap Virtual Web Server Still-encrypted data is transferred to memory bank via SCSI connection Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine e-Mail Browser-Side Security Manager File Shares Authentication HAT Engine Applications

13 External World Air Gap Switch External e-Gap Virtual Web Server Switch disconnects from external server, connects to internal server Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine e-Mail Browser-Side Security Manager File Shares Authentication HAT Engine Applications

14 External World Air Gap Switch External e-Gap Internal e-Gap SBC Virtual Web Server Data is fetched from appliance memory Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine e-Mail Browser-Side Security Manager File Shares Authentication HAT Engine Applications

15 External World Air Gap Switch External e-Gap Virtual Web Server Data is decrypted, SSL session is established and platform dependent Endpoint Compliance Module is sent back to browser to interrogate machine Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine e-Mail Browser-Side Security Manager File Shares Data Authentication HAT Engine Applications

16 External World Air Gap Switch External e-Gap Internal e-Gap SBC Virtual Web Server SSL Engine If Endpoint Compliance Module doesn’t find the machine ‘up to scratch’ stricter security policies are enforced Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine e-Mail Browser-Side Security Manager File Shares Authentication HAT Engine Applications

17 External World Air Gap Switch External e-Gap Virtual Web Server encrypted login page is generated and sent back Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine e-Mail Browser-Side Security Manager File Shares Data Authentication HAT Engine Applications

18 External World Air Gap Switch Virtual Web Server Customized login page appears in browser’s window Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine e-Mail Browser-Side Security Manager File Shares Authentication HAT Engine Applications External e-Gap

19 Data Flow External World Air Gap Switch External e-Gap Virtual Web Server User completes authorization credentials & submits response Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine e-Mail Browser-Side Security Manager File Shares Authentication HAT Engine Applications Username: John Smith Password: *********** SecurID: **********

20 External World Air Gap Switch External e-Gap Internal e-Gap SBC Virtual Web Server Air Gap Switch shuttles the data across the air gap Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine e-Mail Browser-Side Security Manager File Shares Authentication HAT Engine Applications

21 Intranet Internal e-Gap SBC App-Level Inspection Authentication SSL Engine e-Mail Browser-Side Security Manager File Shares External World Air Gap Switch External e-Gap Internal e-Gap Virtual Web Server App-Level Inspection SSL Engine Internal e-Gap Server checks user credentials with appropriate authentication server; user is authenticated. Authentication credentials are combined with Endpoint Compliance results to determine Access Policy Data e-Mail Intranet Authentication OK HAT Engine Applications

22 External World Air Gap Switch External e-Gap Internal e-Gap SBC Virtual Web Server SSL Engine User receives dynamically generated “Home Page” (based on identity and location) and selects desired application Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine e-Mail Browser-Side Security Manager File Shares Authentication HAT Engine Applications

23 External World Air Gap Switch External e-Gap Virtual Web Server Air Gap Switch shuttles the data across the air gap Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine e-Mail File Shares Browser-Side Security Manager Authentication HAT Engine Applications

24 External World Air Gap Switch External e-Gap Internal e-Gap SBC Virtual Web Server App-Level Inspection Real Web Server SSL Engine e-Mail Intranet File Shares (SMB) Application data is inspected and compared to Mandatory Access Control List Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine e-Mail Browser-Side Security Manager File Shares Data Authentication HAT Engine Applications

25 Intranet Internal e-Gap SBC App-Level Inspection Authentication SSL Engine e-Mail Browser-Side Security Manager File Shares External World Air Gap Switch External e-Gap Internal e-Gap Virtual Web Server App-Level Inspection SSL Engine HAT Engine determines which back-end server to relay the request to Data e-Mail Intranet Authentication HAT Engine Applications Authentication

26 External World Air Gap Switch External e-Gap Virtual Web Server Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine e-Mail File Shares Browser-Side Security Manager Data is dispatched to the appropriate server Authentication HAT Engine Applications Transaction

27 External World Air Gap Switch External e-Gap Virtual Web Server Application generates response Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine e-Mail File Shares Browser-Side Security Manager Authentication HAT Engine Applications

28 External World Air Gap Switch External e-Gap Virtual Web Server Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine e-Mail Browser-Side Security Manager Response is converted by HAT engine for external use. Response may also be rewritten and/or blocked depending on Policy File Shares Authentication HAT Engine Data Applications

29 External World Air Gap Switch External e-Gap Virtual Web Server Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine e-Mail Browser-Side Security Manager File Shares Authentication HAT Engine Applications

30 External World Air Gap Switch External e-Gap SBC Virtual Web Server response Intranet Internal e-Gap SBC App-Level Inspection Authentication SSL Engine e-Mail Browser-Side Security Manager File Shares Authentication HAT Engine Applications User works with application as if inside corporate network environment

31 External World Air Gap Switch External e-Gap Internal e-Gap SBC Virtual Web Server SSL Engine After user completes session Attachment Wiper cleans up to ensure nothing sensitive remains on access machine Intranet Internal e-Gap App-Level Inspection Authentication SSL Engine e-Mail Browser-Side Security Manager File Shares Authentication HAT Engine Applications

32 Custom Application Publishing with Whale Demo

33 Gateway Roadmap Whale Intelligent Application Gateway * (incl. ISA Server 2004) Express Edition Enterprise Edition Application Optimizers Network Connectivity Modules Integrated appliances with ISA Server 2006 + Whale IAG Standard Edition Enterprise Edition Unified Access Gateway “Longhorn” Svr-wave OEM appliances Software availability Updated software for ISA and IAG OEM-ready Continued 3 rd -party application support Single-server config NAP, IPv6, 64-bit support Consistent policy framework Broader authentication tools (ADFS, smartcard) Enhanced network connectivity Improved enterprise application support

34 For More Information www.microsoft.com/isaserver www.microsoft.com/forefront

35 Ihr Potenzial. Unser Antrieb. Thank you for attending this TechNet Event Find these slides at: http://www.microsoft.com/uk/technetslides

Download ppt "Edge Security with Forefront Sandeep Modhvadia Security Specialist."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Stonesoft Roadmap WHAT FEATURES WILL COME IN 2013-2014.

Stonesoft Roadmap WHAT FEATURES WILL COME IN
Extending ForeFront beyond the limit www.AGATSolutions.com TMGUAG ISAIAG AG Security Suite.

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.
Adwait JoshiJim Harrison Sr. Product ManagerProgram Manager Microsoft Corporation SESSION CODE: SIA308.

Adwait JoshiJim Harrison Sr. Product ManagerProgram Manager Microsoft Corporation SESSION CODE: SIA308.
Digital DNA Server Login People ®. Login People ˃ IT security vendor ˃ Patented Digital DNA ® technology innovation Digital DNA Server Multi-factor Authentication.

Digital DNA Server Login People ®. Login People ˃ IT security vendor ˃ Patented Digital DNA ® technology innovation Digital DNA Server Multi-factor Authentication.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
Securing Remote Network Access FirePass ®. Business Case VirginiaCORIS is an initiative to modernize the way that offender information is managed, to.

Securing Remote Network Access FirePass ®. Business Case VirginiaCORIS is an initiative to modernize the way that offender information is managed, to.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Ronald Beekelaar Beekelaar Consultancy Intelligent Application Gateway (IAG) 2007.

Ronald Beekelaar Beekelaar Consultancy Intelligent Application Gateway (IAG) 2007.
Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)

Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Secure Access using IAG 2007 Presented by: Brian Dunleavy - Healthcare Business Manager - Eurodata Susanna Watson – Pre Sales Technical Consultant - Eurodata.

Secure Access using IAG 2007 Presented by: Brian Dunleavy - Healthcare Business Manager - Eurodata Susanna Watson – Pre Sales Technical Consultant - Eurodata.
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.

Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
1 SharePoint Momentum 17K+ Customers, 100M Licenses Leader in Gartner ® Magic Quadrants, Forrester Wave TM Continued Platform and Application Innovation.

1 SharePoint Momentum 17K+ Customers, 100M Licenses Leader in Gartner ® Magic Quadrants, Forrester Wave TM Continued Platform and Application Innovation.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Remote Networking Architectures

Remote Networking Architectures
Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Similar presentations

Ads by Google