Network Edge Protection: A Technical DeepDive into Internet Security

1
Network Edge Protection A Technical Deep-Dive
into Internet Security Acceleration Server 2006
2
Agenda

• What Is ISA Server 2006?
• Technical Review of
• Secure Application Publishing
• Branch Office Security
• Internet Access Protection
• ISA on Appliances
• Summary

3
What is ISA Server 2006?
ISA Server 2006 is the integrated edge security
gateway that helps protect your IT environment
from Internet-based threats while providing your
users with fast, more secure access to
applications and data.
Three Deployment Scenarios
4
Secure Application Publishing
We have multiple applications, and everybody has
too many passwords and too many logons. Our goal
was to make it so that once an employee gains
access to our intranet home page, he or she
doesnt have to log on again to use another
application. Wendy Lou, IT Security Architect,
Northwest Airlines
5
The Concerns
6
Secure Application Publishing
demo
7
The Solution
Strong user/group based access controls
Automatic translation of links to internal shares
Load balancing of server farms
Exchange SharePoint publishing tools
NTLM, Kerberos authentication support
Smartcard one-time password support
Single sign-on for access to multiple servers
Inspection of encrypted traffic using SSL Bridging
Pre-authentication so only valid traffic reaches
servers
Authentication with Active directory via LDAP
8
ISA 2006 and IAG 2007
IAG 2007 Customizable and differentiated
application access based on user identity,
content / file attributes, URL and client
security state
ISA 2006 General application access from
Web-enabled clients when content-specific policy
is not needed
9
Branch Office Security
Much of our business relies on Web-based
transactions between our branch offices and the
main servers at our head office. Due to bandwidth
restrictions at some of the more remote
locations, we were limited in the types of
solutions we could deploy. Josée Corriveau,
Applications Architecture and Infrastructure
Manager, Desjardins Group
10
The Concerns
11
Branch Office Security
demo
12
The Solution
BITS support to accelerate software update
deployment
DiffServ IP settings for traffic prioritization
Web caching for faster response times
Answer files on removable media for unattended
installation
Integrated application-layer firewall, VPN web
proxy
Enterprise array policy model for large
deployments
HTTP traffic compression to minimize bandwidth use
Cache Array Routing protocol for efficient cache
use
Central policy storage and fast propagation of
policy using bandwidth optimizations
13
Internet Access Protection
Its important that we control users connecting
to the Internet for legal reasons. A number of
our staff is highly trained medical professionals
who need access to information about sensitive
issues within sports medicine. Mark Richards,
Head of Information Systems, English Institute of
Sport
14
The Concern
15
Internet Access Protection
demo
16
The Solution
Enhanced protection against DoS, DDoS DNS
attacks
Integrated Network Load Balancing for high
availability
Comprehensive alert triggers responses
Integrated application-layer firewall web proxy
Security-enhanced remote management using TLS
Customizable cache rules for flexibility
Built-in traffic inspection for over 120 protocols
Fast RAM on-disk caching for fast web page
response times
Enhanced worm protection through connection quotas
17
ISA 2006 on Appliances

• Hardware comes preloaded, preconfigured, and
  pretested with ISA Server.
• Hardened configuration for reduced attack surface.

• Easy to purchase, set up, and deploy.
• Out-of-box configuration tools and Web-based
  administration available

18
More information
1
2
Configuration Training, Capacity Planner more
tools on http//www.microsoft.com/isaserver
Try out FREE virtual labs at http//www.microsoft.
com/technet/traincert/virtuallab/isa.mspx
3
Download trials, demos, test environments,
virtual hard disks from http//www.microsoft.com/f
orefront/edgesecurity/trial.mspx
19
Summary

• Secure Application Publishing
• Branch Office Security
• Internet Access Protection
• An integral part of Microsoft Forefront
• Visit http//www.microsoft.com/infrastructure
• Learn more about how ISA Server 2006 fits in the
  Forefront System Center solution
• Download beta/evaluation software

ISA Server 2006 wins Redmond Readers Choice
Awards in Software-Based Firewall Category!
Windows ITPro Readers vote ISA Server 2006 as
number one in Firewall/Server Category!