module 4: configuring isa server as a firewall. overview using isa server as a firewall examining...
TRANSCRIPT
Module 4: Configuring ISA Server
as a Firewall
Overview
Using ISA Server as a Firewall
Examining Perimeter Networks and Templates
Configuring System Policies
Configuring Intrusion Detection and IP Preferences
Lesson: Using ISA Server as a Firewall
What Is a TCP/IP Packet?
What Is Packet Filtering?
What Is Stateful Filtering?
What Is Application Filtering?
What Is Intrusion Detection?
How ISA Server 2004 Filters Network Traffic
Implementing ISA Server 2004 as a Firewall
What Is a TCP/IP Packet?
Destination Address: 0003FFD329B0Source Address: 0003FFFDFFFFDestination Address: 0003FFD329B0Source Address: 0003FFFDFFFF
Network Interface Layer
Network Interface Layer
Physical payloadPhysical payload
Destination: 192.168.1.1Source: 192.168.1.10Protocol: TCP
Destination: 192.168.1.1Source: 192.168.1.10Protocol: TCP
InternetLayer
InternetLayer IP payloadIP payload
Destination Port: 80Source Port: 1159Sequence: 3837066872Acknowledgment: 2982470625
Destination Port: 80Source Port: 1159Sequence: 3837066872Acknowledgment: 2982470625
Transport Layer
Transport Layer
TCP payload
TCP payload
HTTP Request Method: GetHTTP Protocol Version: =HTTP/1.1HTTP Host: =www.contoso.com
HTTP Request Method: GetHTTP Protocol Version: =HTTP/1.1HTTP Host: =www.contoso.com
Application Layer
Application Layer
WebServerWeb
Server
ISAServer
ISAServer
PacketFilter
PacketFilter
What Is Packet Filtering?
Is the …Source address allowed?
Destination address allowed?
Protocol allowed?
Destination port allowed?
What Is Stateful Filtering?
WebServerWeb
Server
ISAServer
ISAServer
WebServerWeb
Server
Connection Rules
Create connection rule
Is packet part of a connection?
What Is Application Filtering?
ISAServer
ISAServer
Get www.contoso.comGet www.contoso.com Respond to clientRespond to clientGet method allowed?Get method allowed?
Does the response contain only allowed content and methods?
Does the response contain only allowed content and methods?
WebServerWeb
Server
What Is Intrusion Detection?
ISAServer
ISAServer
Alert the administratorAlert the administrator All ports scan attackAll ports scan attackPort scan limit exceededPort scan limit exceeded
How ISA Server 2004 Filters Network Traffic
TCP/IPTCP/IP
Firewall Engine
Firewall Engine
Firewall
Service
Firewall
Service
Application Filters
Application Filters
Web ProxyFilter
Web ProxyFilter
RulesEngineRules
Engine
WebFiltersWeb
FiltersStateful and
protocol filteringStateful and
protocol filtering
Application filtering
Application filtering
Kernel modedata pump
Kernel modedata pump
22
33
44Packet filteringPacket filtering
11
Implementing ISA Server 2004 as a Firewall
To configure ISA Server as a firewall:To configure ISA Server as a firewall:
Determine perimeter network configuration
Configure networks and network rules
Configure system policy
Configure intrusion detection
Configure access rule elements and access rules
Configure server and Web publishing
Determine perimeter network configuration
Configure networks and network rules
Configure system policy
Configure intrusion detection
Configure access rule elements and access rules
Configure server and Web publishing
Practice: Applying Firewall Concepts
In this practice, you will analyze three scenarios describing an organization’s network security requirements and determine what firewall functionality is required in each scenario
Lesson: Examining Perimeter Networks and Templates
What Is a Perimeter Network?
Why Use a Perimeter Network?
Network Perimeter Configurations
About Network Templates
How to Use the Network Template Wizard
Modifying Rules Applied by Network Templates
What Is a Perimeter Network?
Perimeter NetworkPerimeter Network
Internal NetworkInternal Network
Firewall
Internet
Firewall
Why Use a Perimeter Network?
A perimeter network provides an additional layerof security:A perimeter network provides an additional layerof security:
Between the publicly accessible servers and the internal network
Between the Internet and confidential data or critical applications stored on servers on the internal network
Between potentially nonsecure networks such as wireless networks and the internal network
Between the publicly accessible servers and the internal network
Between the Internet and confidential data or critical applications stored on servers on the internal network
Between potentially nonsecure networks such as wireless networks and the internal network
Use defense in depth in addition to perimeternetwork security
Use defense in depth in addition to perimeternetwork security
Network Perimeter Configurations
Back-to-back configuration
PerimeterNetwork
WebServer
LAN
Three-legged configurationBastion host
LAN
PerimeterNetwork
LAN
Back-to-back configuration
PerimeterNetwork
WebServer
LAN
Three-legged configurationBastion host
LAN
PerimeterNetwork
LAN
Deploy the EdgeFirewall templateDeploy the EdgeFirewall template
Deploy theFront-End
or Back-Endtemplate
Deploy theFront-End
or Back-Endtemplate
Deploy the 3-LegPerimeter templateDeploy the 3-Leg
Perimeter template
About Network Templates
Deploy the Single Network Adapter template for proxy and caching onlyDeploy the Single Network Adapter template for proxy and caching only
How to Use the Network Template Wizard
Modifying Rules Applied by Network Templates
You may need to modify the rules applied by a network template to:You may need to modify the rules applied by a network template to:
Modify Internet access based on user orcomputer sets
Modify Internet access based on protocols
Modify network rules to change network relationships
Modify Internet access based on user orcomputer sets
Modify Internet access based on protocols
Modify network rules to change network relationships
You can either change the properties of one of the rules configured by the network template, or you can create a
new access rule to apply a specific setting
You can either change the properties of one of the rules configured by the network template, or you can create a
new access rule to apply a specific setting
Practice: Implementing Network Templates
Applying the 3-Legged Network Template
Reviewing the Access Rules Created by the 3-Legged Network Template
Testing Internet Access
Internet
Den-ISA-01
Den-DC-01Den-Clt-01
Gen-Web-01
Lesson: Configuring System Policies
What Is System Policy?
System Policy Settings
How to Modify System Policy Settings
What Is System Policy?
System policy is:System policy is:
A default set of access rules applied to theISA Server to enable management of the server
A set of predefined rules that you can enable or disable as required
A default set of access rules applied to theISA Server to enable management of the server
A set of predefined rules that you can enable or disable as required
Modify the default set of rules provided by the system policy to meet your organization’s requirements.
Disable all functionality that is not required
Modify the default set of rules provided by the system policy to meet your organization’s requirements.
Disable all functionality that is not required
System Policy Settings
System policy settings include:System policy settings include:
Network Services
Authentication Services
Remote Management
Firewall Client
Diagnostic Services
Logging and Monitoring
SMTP
Scheduled Download Jobs
Allowed Sites
Network Services
Authentication Services
Remote Management
Firewall Client
Diagnostic Services
Logging and Monitoring
SMTP
Scheduled Download Jobs
Allowed Sites
How to Modify System Policy Settings
Enable or disablethis policy
Enable or disablethis policy
Configure the required networks
Configure the required networks
Select theConfiguration
Group
Select theConfiguration
Group
Practice: Modifying System Policy
Examining and modifying the default system policy
Testing the modified system policy
Internet
Den-ISA-01
Den-DC-01Den-Clt-01
Lesson: Configuring Intrusion Detection and IP Preferences
About Intrusion Detection Configuration Options
How to Configure Intrusion Detection
About IP Preferences Configuration Options
How to Configure IP Preferences
About Intrusion Detection Configuration Options
Intrusion detection on ISA Server 2004:Intrusion detection on ISA Server 2004:
Compares network traffic and log entries towell-known attack methods and raises an alertwhen an attack is detected
Detects well-known IP attacks
Includes application filters for DNS and POP that detect intrusion attempts at the application level
Compares network traffic and log entries towell-known attack methods and raises an alertwhen an attack is detected
Detects well-known IP attacks
Includes application filters for DNS and POP that detect intrusion attempts at the application level
How to Configure Intrusion Detection
About IP Preferences Configuration Options
IP preferences are used to:IP preferences are used to:
Block or enable network traffic that has an IP option flag set
You can block all packets with IP options, or selected packets
Block or enable network traffic where the IP packet has been split into multiple IP fragments
Blocking IP fragments may affect streaming audio and video, and L2TP over IPSec traffic
Enable or disable IP routing
With IP routing enabled, ISA Server forwards IP packets between networks without recreating the packet
Block or enable network traffic that has an IP option flag set
You can block all packets with IP options, or selected packets
Block or enable network traffic where the IP packet has been split into multiple IP fragments
Blocking IP fragments may affect streaming audio and video, and L2TP over IPSec traffic
Enable or disable IP routing
With IP routing enabled, ISA Server forwards IP packets between networks without recreating the packet
How to Configure IP Preferences
Practice: Configuring Intrusion Detection
Modify the default intrusion detection configuration
Test intrusion detection
Internet
Den-ISA-01
Den-DC-01Den-Clt-01
Gen-Web-01
Lab: Configuring ISA Server as a Firewall
Exercise 1: Restoring Firewall Access Rules
Exercise 2: Modifying the ISA Server System Policy
Exercise 3: Testing the Policy Modifications
Den-DC-01Internet
Den-ISA-01
Den-ISA-02