isa server 2004 introduction Владимир Александров mct, mcse, mcsd, mcdba...
TRANSCRIPT
![Page 1: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/1.jpg)
ISA Server 2004 ISA Server 2004 IntroductionIntroductionISA Server 2004 ISA Server 2004 IntroductionIntroduction
Владимир АлександровВладимир АлександровMCT, MCSE, MCSD, MCDBAMCT, MCSE, MCSD, MCDBAКорусКорус, , Управител Управител [email protected]@chorus-bg.com
![Page 2: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/2.jpg)
AgendaAgenda
Firewall evolutionFirewall evolution
ISA2004 OverviewISA2004 Overview
More features drilldownMore features drilldown
Scenarios and demosScenarios and demos
![Page 3: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/3.jpg)
Firewall EvolutionFirewall EvolutionFirewall EvolutionFirewall Evolution
![Page 4: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/4.jpg)
Traditional FirewallsTraditional Firewalls
Wide open to Wide open to advanced advanced attacksattacks
Wide open to Wide open to advanced advanced attacksattacks
Code Red, NimdaCode Red, Nimda SSL-based attacksSSL-based attacks
Code Red, NimdaCode Red, Nimda SSL-based attacksSSL-based attacks
Performance vs. Performance vs. security tradeoffsecurity tradeoffPerformance vs. Performance vs. security tradeoffsecurity tradeoff
Bandwidth too expensiveBandwidth too expensive Too many moving partsToo many moving parts
Bandwidth too expensiveBandwidth too expensive Too many moving partsToo many moving parts
Limited capacityLimited capacityfor growthfor growth
Limited capacityLimited capacityfor growthfor growth
Not easily upgradeableNot easily upgradeable Don’t scale with businessDon’t scale with business
Not easily upgradeableNot easily upgradeable Don’t scale with businessDon’t scale with business
Hard to manageHard to manageHard to manageHard to manage Security is complexSecurity is complex IT already overloadedIT already overloaded
Security is complexSecurity is complex IT already overloadedIT already overloaded
ProblemProblemProblemProblem ImplicationsImplications ImplicationsImplications
![Page 5: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/5.jpg)
ISA2004 OverviewISA2004 OverviewISA2004 OverviewISA2004 Overview
![Page 6: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/6.jpg)
What is ISA2004What is ISA2004Full blown edge firewallFull blown edge firewall
Wide variety of firewall edge scenariosWide variety of firewall edge scenariosVPN, Proxy & CacheVPN, Proxy & Cache
Very easy to useVery easy to useEasy installation & setupEasy installation & setupEasy policy configuration Easy policy configuration Reduced risk of configuration mistakes Reduced risk of configuration mistakes
Advanced protection for MS Advanced protection for MS applicationsapplications
Built in MS-specific filtersBuilt in MS-specific filtersDefense in DepthDefense in Depth
High performanceHigh performanceHighly secure platformHighly secure platform
![Page 7: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/7.jpg)
ScenariosScenarios
Edge FirewallEdge FirewallMulti NetworksMulti NetworksDMZDMZWeb CachingWeb Caching
Secure PublishingSecure Publishing Exchange Exchange Web serversWeb serversOthersOthers
Remote Access Remote Access (VPN)(VPN)
Branch officeBranch officeRemote site Remote site securitysecurity
S2S VPN – Including S2S VPN – Including IPSec (for interop)IPSec (for interop)
Integrated SolutionIntegrated SolutionSingle edge Single edge security solutionsecurity solution
EasyEasy
Unified Unified managementmanagement
![Page 8: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/8.jpg)
What’s new vs. ISA2000 ?What’s new vs. ISA2000 ?
Support for multiple networksSupport for multiple networks
New integrated single policy model New integrated single policy model
Intuitive UIIntuitive UI
Application Layer Filtering Application Layer Filtering improvementsimprovements
Logging & monitoringLogging & monitoring
Integrated VPNIntegrated VPN
Security EnhancementsSecurity Enhancements
And more…And more…
![Page 9: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/9.jpg)
Multiple NetworksMultiple NetworksMultiple NetworksMultiple Networks
![Page 10: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/10.jpg)
ISA 2000 networking ISA 2000 networking modelmodel
InternalNetwork
Internet
DMZ 1• Single “outbound” policySingle “outbound” policy
• ““In” (LAT) and “out” In” (LAT) and “out” (Internet, DMZ)(Internet, DMZ)
ISA 2000
Static PF
• Only Static filtering Only Static filtering from DMZ to Internetfrom DMZ to Internet
![Page 11: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/11.jpg)
The new networking modelThe new networking model
Network A
Internet
DMZ 1
DMZ 2Network B
VPNNetwork
• Any number of networksAny number of networks• Assigned relationshipsAssigned relationships
• Per network policyPer network policy
• VPN represented as networkVPN represented as network ISA 2004
Isolation of the Isolation of the firewall hostfirewall host
![Page 12: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/12.jpg)
Demo 1: Connecting Demo 1: Connecting networksnetworks
![Page 13: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/13.jpg)
New Policy ModelNew Policy ModelNew Policy ModelNew Policy Model
![Page 14: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/14.jpg)
ISA 2000 rulesISA 2000 rules
Basic ISA 2000 rules:Basic ISA 2000 rules:Protocol rulesProtocol rules
Site and Content rulesSite and Content rules
Static packet filtersStatic packet filters
Publishing rulesPublishing rules
Web publishing rulesWeb publishing rules
Other filtering configurationOther filtering configuration
Other ISA 2000 rules:Other ISA 2000 rules:Address translation rulesAddress translation rules
Web routing rulesWeb routing rules
Cache rulesCache rules
Configuration policy
Firewall policy
![Page 15: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/15.jpg)
ISA 2004 Policy RulesISA 2004 Policy Rules
Single rule baseSingle rule base
Rules evaluated in orderRules evaluated in order
Support for multiple networksSupport for multiple networks
Integration with application filtering – Integration with application filtering – part of rulepart of rule
System rules for built in policiesSystem rules for built in policies
Rich set of building blocksRich set of building blocks
![Page 16: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/16.jpg)
User InterfaceUser InterfaceUser InterfaceUser Interface
![Page 17: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/17.jpg)
The User InterfaceThe User InterfaceDrag & Drop toolboxDrag & Drop toolbox
Task pane for common tasksTask pane for common tasks
WizardsWizards
Network templatesNetwork templates
Dashboard Dashboard Policy Editor Policy Editor Toolbox Toolbox Network Templates Network Templates Task Bars Task Bars
MMC…On Steroids!MMC…On Steroids!
![Page 18: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/18.jpg)
Application Layer Application Layer FilteringFiltering
Application Layer Application Layer FilteringFiltering
![Page 19: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/19.jpg)
IP/Port filtering is not enoughIP/Port filtering is not enough
Hackers attack via application layer Hackers attack via application layer vulnerabilities (Nimda, Slammer...)vulnerabilities (Nimda, Slammer...)
HTTP - the carrier protocolHTTP - the carrier protocol
Users need the ability to define a Users need the ability to define a fine grain, application level security fine grain, application level security policies.policies.
Firewalls need to understand Firewalls need to understand applications, beyond TCP/IPapplications, beyond TCP/IP
![Page 20: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/20.jpg)
ISA 2004’s application ISA 2004’s application filteringfiltering
Open platform for app layer filteringOpen platform for app layer filtering
Built in filters for common protocols Built in filters for common protocols
Scenario-driven design (protect Scenario-driven design (protect Exchange, IIS)Exchange, IIS)
Rich partners communityRich partners community
![Page 21: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/21.jpg)
Logging and MonitoringLogging and MonitoringLogging and MonitoringLogging and Monitoring
![Page 22: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/22.jpg)
ISA Server 2004 ISA Server 2004 MonitoringMonitoring
GoalsGoals
Server Status – It’s a critical serviceServer Status – It’s a critical service
Troubleshooting – Quick and easyTroubleshooting – Quick and easy
Investigations – Attacks, mistakesInvestigations – Attacks, mistakes
Future Planning – optimizing network Future Planning – optimizing network performanceperformance
![Page 23: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/23.jpg)
ISA 2004 Monitoring ToolsISA 2004 Monitoring ToolsDashboardDashboard – centralized view– centralized view
AlertsAlerts – One place for all problems– One place for all problems
SessionsSessions – Active sessions view– Active sessions view
ServicesServices – ISA services status– ISA services status
ConnectivityConnectivity – Connectivity to – Connectivity to network svcsnetwork svcs
LoggingLogging – Powerful viewer of ISA logs– Powerful viewer of ISA logs
ReportsReports – Top users, Top sites, Cache – Top users, Top sites, Cache hits…hits…
![Page 24: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/24.jpg)
DashboardDashboard
![Page 25: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/25.jpg)
LoggingLogging
![Page 26: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/26.jpg)
ReportsReports
![Page 27: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/27.jpg)
Security EnhancementsSecurity EnhancementsSecurity EnhancementsSecurity Enhancements
![Page 28: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/28.jpg)
Engine Security Engine Security EnhancementsEnhancements
Session quota restrictionsSession quota restrictionsRestriction of user sessions (protection against Restriction of user sessions (protection against Denial of Service attacks)Denial of Service attacks)
IP options filteringIP options filteringFilter out individual optionsFilter out individual options
Lockdown modeLockdown modeRestrict firewall machine access on service Restrict firewall machine access on service failuresfailures
Fail to most secure modeFail to most secure mode
![Page 29: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/29.jpg)
And there’s more…And there’s more…Authentication improvementsAuthentication improvements
RADIUSRADIUS
OWA Form authenticationOWA Form authentication
Secure IDSecure ID
Integrated VPNIntegrated VPNIPSec tunnel mode for interoperabilityIPSec tunnel mode for interoperability
Quarantine supportQuarantine support
Full control over RRASFull control over RRAS
Performance ImprovementsPerformance ImprovementsKernel and user mode improvementsKernel and user mode improvements
Web proxy improvements due to integration Web proxy improvements due to integration into the firewallinto the firewall
![Page 30: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/30.jpg)
Demo 2: Secure publishingDemo 2: Secure publishing
Publishing Internal Mail ServerPublishing Internal Mail ServerSMTPSMTP
POP3/IMAP4POP3/IMAP4
RPCRPC
Publishing Internal Exchange 2003 Publishing Internal Exchange 2003 ServerServer
Publishing Outlook web accessPublishing Outlook web access
Publishing RPC over HTTPPublishing RPC over HTTP
Publishing RPC interfaces (NtFrs etc.)Publishing RPC interfaces (NtFrs etc.)
![Page 31: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/31.jpg)
QuestionsQuestionsQuestionsQuestions
![Page 32: ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител jm@chorus-bg.com](https://reader036.vdocuments.site/reader036/viewer/2022062301/56649f325503460f94c4ed5a/html5/thumbnails/32.jpg)
© 2003 Microsoft Corporation. All rights reserved.© 2003 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.