network and perimeter security paula kiernan senior consultant ward solutions
TRANSCRIPT
Network and Perimeter Security
Paula Kiernan
Senior Consultant
Ward Solutions
Session Overview
Network Perimeter Security
Protecting the Network
Virtual Private Networking
Purpose and Limitations of Perimeter Defenses
Properly configured firewalls and border routers are the cornerstone for perimeter security
The Internet and mobility increase security risks
VPNs have exposed a destructive, pernicious entry point for viruses and worms in many organizations
Traditional packet-filtering firewalls only block network ports and computer addresses
Most modern attacks occur at the application layer
Securing the Network Perimeter: What Are the Challenges?
Internet
Main office
Remote user
Business partner
Branch office
Wireless
Challenges Include:
Determining proper firewall design
Access to resources for remote users
Effective monitoring and reporting
Need for enhanced packet inspection
Security standards compliance
Challenges Include:
Determining proper firewall design
Access to resources for remote users
Effective monitoring and reporting
Need for enhanced packet inspection
Security standards compliance
Malicious traffic that is passed on open ports and not inspected by the firewall
Any traffic that passes through an encrypted tunnel or session
Attacks after a network has been penetrated
Traffic that appears legitimate
Users and administrators who intentionally or accidentally install viruses
Administrators who use weak passwords
What Firewalls Do NOT Protect Against
Securing the Network Perimeter: What Are the Design Options?
Back-to-back configurationBack-to-back configuration
Bastion hostBastion host Three-legged configurationThree-legged configuration
Web serverWeb server
Internal networkInternal networkInternal networkInternal network
Perimeternetwork
InternetInternet
Internal networkInternal network
Perimeternetwork
Firewall Requirements: Multiple-Layer Filtering
Packet filtering:Packet filtering:Filters packets based on information in the network and transport layer headers Enables fast packet inspection, but cannot detect higher-level attacks
Filters packets based on information in the network and transport layer headers Enables fast packet inspection, but cannot detect higher-level attacks
Stateful filtering:Stateful filtering:
Filters packets based on the TCP session informationEnsures that only packets that are part of a valid session are accepted, but cannot inspect application data
Filters packets based on the TCP session informationEnsures that only packets that are part of a valid session are accepted, but cannot inspect application data
Application filtering:Application filtering:
Filters packets based on the application payload in network packetsCan prevent malicious attacks and enforce user policies Filters packets based on the application payload in network packetsCan prevent malicious attacks and enforce user policies
Configuring ISA Server to Secure the Network Perimeter
Use ISA Server to:Provide firewall functionality
Publish internal resources such as Web or Exchange servers
Implement multilayer packet inspection and filtering
Provide VPN access for remote users and sites
Provide proxy and caching services
LANLAN
ServerServer
UserUser Remote User
VPNVPN
InternetInternet
ExchangeServer
ExchangeServer
WebServerWeb
Server ISAServer
ISAServer
WebServerWeb
Server
Implementing Network Templates to Configure ISA Server 2004
Deploy the Single Network Adapter template for Web proxy and caching onlyDeploy the Single Network Adapter template for Web proxy and caching only
Back-to-back configurationBack-to-back configuration
Bastion hostBastion host Three-legged configurationThree-legged configuration
Web serverWeb server
Internal networkInternal network
Internal networkInternal network
Internal networkInternal network
Perimeternetwork
Perimeternetwork
Deploy the EdgeFirewall templateDeploy the EdgeFirewall template
Deploy theFront end
or Back endtemplate
Deploy theFront end
or Back endtemplate
Deploy the 3-LegPerimeter templateDeploy the 3-Leg
Perimeter template
InternetInternet
Session Overview
Network Perimeter Security
Protecting the Network
Virtual Private Networking
Protecting the Network: What Are the Challenges?
Challenges related to protecting the network layer include:Challenges related to protecting the network layer include:
Balance between security and usability
Lack of network-based detection or monitoring for attacks
Balance between security and usability
Lack of network-based detection or monitoring for attacks
Implementing Network-Based Intrusion-Detection Systems
Important points to note:Important points to note:
Network-based intrusion-detection systems are only as good as the process that is followed once an intrusion is detected
ISA Server 2004 provides network-based intrusion-detection abilities
Network-based intrusion-detection systems are only as good as the process that is followed once an intrusion is detected
ISA Server 2004 provides network-based intrusion-detection abilities
Provides rapid detection and reporting of external malware attacks
Provides rapid detection and reporting of external malware attacks
Network-based intrusion-detection system
Network-based intrusion-detection system
Implementing Application Layer Filtering
Application layer filtering includes the following:Application layer filtering includes the following:
Web browsing and e-mail can be scanned to ensure that content specific to each does not contain illegitimate data Web browsing and e-mail can be scanned to ensure that content specific to each does not contain illegitimate data
Deep content analyses, including the ability to detect, inspect, and validate traffic using any port and protocol Deep content analyses, including the ability to detect, inspect, and validate traffic using any port and protocol
Protecting the Network: Best Practices
Have a proactive antivirus response team monitoring early warning sites such as antivirus vendor Web sites
Have a proactive antivirus response team monitoring early warning sites such as antivirus vendor Web sites
Have an incident response planHave an incident response plan
Implement automated monitoring and report policies Implement automated monitoring and report policies
Implement ISA Server 2004 to provide intrusion- detection capabilitiesImplement ISA Server 2004 to provide intrusion- detection capabilities
Session Overview
Network Perimeter Security
Protecting the Network
Virtual Private Networking
Virtual Private Networking: What Are the Challenges?
VPNs provide a secure option for communicating across a public network
VPNS are used in two primary scenarios:
VPNs provide a secure option for communicating across a public network
VPNS are used in two primary scenarios:
Network access for remote clients
Network access between sites
Network access for remote clients
Network access between sites
VPN quarantine control provides an additional level of security by providing the ability to check the configuration of the VPN client machines before allowing them access to the organization’s network
VPN quarantine control provides an additional level of security by providing the ability to check the configuration of the VPN client machines before allowing them access to the organization’s network
Understanding Quarantine Networks
Standard features of a quarantine network include:Standard features of a quarantine network include:
Typically restricted or blocked from gaining access to internal resources Typically restricted or blocked from gaining access to internal resources
Provides a level of connectivity that allows temporary visitors’ computers to work productively without risking the security of the internal network
Provides a level of connectivity that allows temporary visitors’ computers to work productively without risking the security of the internal network
Currently only available for VPN remote access solutionsCurrently only available for VPN remote access solutions
How Does Network Quarantine Work?
ISAServer
ISAServer
DNSServerDNS
Server
WebServerWeb
ServerDomain
ControllerDomain
Controller
FileServer
FileServer
Quarantine scriptQuarantine script
VPN QuarantineClients Network
VPN Clients Network
RQC.exeRQC.exe
Quarantine remote access policy
Quarantine remote access policy
ISAserver
ISAserver
DNSserverDNS
server
WebserverWeb
serverDomain
controllerDomain
controller
Fileserver
Fileserver
Quarantine scriptQuarantine script
Quarantined VPN Clients Network
VPN clients network
Rqc.exeRqc.exe
Quarantine remote access policy
Quarantine remote access policy
Session Summary
Properly configured firewalls and border routers are the cornerstone for perimeter securityProperly configured firewalls and border routers are the cornerstone for perimeter security
Use an appropriate firewall designUse an appropriate firewall design
Firewalls do not protect against bad security practicesFirewalls do not protect against bad security practices
Implement a firewall that provides multiple layer filteringImplement a firewall that provides multiple layer filtering
ISA Server 2004 provides network-based intrusion-detection abilitiesISA Server 2004 provides network-based intrusion-detection abilities
VPN quarantine control provides an additional level of securityVPN quarantine control provides an additional level of security
Next Steps
Find additional security training events:
http://www.microsoft.com/seminar/events/security.mspxSign up for security communications:
http://www.microsoft.com/technet/security/signup/default.mspx
Get additional security information on ISA Server:
http://www.microsoft.com/technet/security/prodtech/isa/default.mspx
Questions and Answers
www.ward.ie