Firewall Analytics - SilverStr's Home Page

Download Report

Transcript Firewall Analytics - SilverStr's Home Page

Introduction
to ISA 2004
Dana Epp
Microsoft Security MVP
Who am I?
Microsoft Windows
Security MVP
Information Security
Professional
Computer Security
Software Architect
Small Business Owner
What do I know about
firewalls?
I’ve written firewall
code
I’ve deployed firewalls
(big and small)
• 100’s of small businesses
• Many different verticals
•
•
•
•
•
•
Manufacturing
Medical
Professional Services
Educational
Financial
etc
I’ve invented new
firewalls
I know a bit about
them.
ISA Server 2004
caching
caching
Content
content
filtering
filtering
applicatio
application
n
publishing
publishing
advanced application layer
advanced application layer
firewall
firewall / vpn
What’s the difference
between ISA and other
SMB firewalls?
Differences in SMB Firewalls
NAT
Device
Typical
Hardware
Firewall
Simple Ingress Filtering
Simple Egress Filtering
Complex Ingress Filtering
Rarely
available
Complex Egress Filtering
Application Content Filtering
Virtual Private Networking
Web Caching
AD Authentication
Some have
limited VPN
Advanced
Hardware
Firewall
Microsoft
ISA 2004
Patch management
issues for the firewall
What’s the important
difference?
A traditional firewall’s view of a packet
•
Only packet headers are inspected
–
•
Application layer content appears as “black box”
IP Header
TCP Header
Source Address,
Dest. Address,
TTL,
Checksum
Sequence Number
Source Port,
Destination Port,
Checksum
Application Layer
Content
??????????????????????
??????????????????????
Forwarding decisions based on port numbers
–
Legitimate traffic and application layer attacks use identical ports
Internet
Expected HTTP Traffic
Unexpected HTTP Traffic
Attacks
Non-HTTP Traffic
Corporate
Network
Problem. UFBP!
ISA Server’s view of a packet
•
Packet headers and application content are inspected
IP Header
Source Address,
Dest. Address,
TTL,
Checksum
•
TCP Header
Sequence Number
Source Port,
Destination Port,
Checksum
Application Layer Content
<html><head><meta httpquiv="content-type"
content="text/html; charset=UTF8"><title>MSNBC - MSNBC Front
Page</title><link rel="stylesheet"
Forwarding decisions based on content
–
Only legitimate and allowed traffic is processed
Internet
Expected HTTP Traffic
Unexpected HTTP Traffic
Attacks
Non-HTTP Traffic
Corporate
Network
What’s new in
ISA 2004?
Updated security architecture
Advanced Protection
Application layer security designed to protect
Microsoft applications

Deep content inspection


Enhanced Exchange Server
Integration




Fully integrated VPN


Secure Internet Information
Server and SPS



Enhanced, customizable HTTP protocol filters
Comprehensive and flexible policies
Stateful routing for all IP protocols
Support for Outlook RPC over HTTP
Enhanced Outlook Web Access security
Easy to use configuration wizards
Unified firewall -- VPN filtering
Site-to-site IPsec Tunnel Mode support
Network access quarantine
SSL Bridging for IIS and SPS
Easy to use Web publishing wizards
AD, RADIUS, SecurID authentication
New management tools and UI
Ease of Use
Efficient and cost effective network security

Multi-network architecture


Network templates and
wizards




Visual policy editor



Enhanced trouble-shooting


Unlimited network definitions and types
Firewall policy applied to all traffic
Per network routing relationships
Wizard simplifies routing configuration
Easy setup for common network topologies
Easily customized for sophisticated scenarios
Firewall policy with single, ordered rule-base
Drag and drop editing, scenario-driven wizards
XML-based configuration import and export
Monitoring dashboard
Real-time log viewer
Content sensitive task panes
Commitment to integration
Fast, Secure Access
Empowers you to connect users to relevant information on your
network in a cost efficient manner

Enhanced architecture



Web cache


Internet access control
Comprehensive
authentication





High speed data transport
Utilizes latest Windows and PC hardware
High speed application filtering platform
Updated policy rules
Serve content locally
Pre-fetch content during low activity periods
User- and group-based Web usage policy
Extensible by third parties
New support for RADIUS and RSA SecurID
User- and group-based access policy
Third-party extensibility
Sample Scenarios
Scenario: Securely make email
available to outside employees
Solution: Outlook over RPC, OMA,
Virtual Private Networking
Scenario: Control Internet access
and protect clients from malicious
Internet traffic
Solution: Content filtering,
scheduled access, firewall client
Scenario: Ensure fast access to the
most frequently used web content
Solution: Web Proxy
Call to Action
• Give ISA 2004 a try
• Consider buying SBS Premium
instead of SBS Standard.
• If managing hardware firewalls,
CHECK FOR FIRMWARE UPDATES.
For more information:
• Amy’s ISA in SBS blog:
http://isainsbs.blogspot.com
• ISA Server Resource site
http://www.isaserver.org
• Dana’s security blog:
http://silverstr.ufies.org
• Firewall Dashboard
http://www.scorpionsoft.com
Dana Epp
Microsoft Security MVP