An ISA – FEEDBACK Document ISA Confidential 20091 An ISA – FEEDBACK Document.
Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.
-
Upload
alexandrina-shaw -
Category
Documents
-
view
218 -
download
0
Transcript of Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.
Microsoft ISA Server 2000
Presented byRicardo DiazRyan Fansa
Module 1
Introduction
The Purpose of the ISA Server Microsoft® Internet Security and Acceleration Server 2000 (ISA
Server) is an extensible enterprise firewall and Web cache server built on the Windows® 2000 operating system security, management and directory for policy-based access control, acceleration and management of internetworking.
ISA Server Enterprise Edition adds support for clustering, but makes modifications to the local domain's Microsoft Active Directory® active directory schema. For evaluation purposes, you should set up a four-computer test environment that is isolated from your production network.
With the ISA Server Standard Edition, you can review the core firewall and caching functionality of ISA Server without an update to your Active Directory schema.
The Purpose of The ISA Server (cont.) ISA Server 2000 is an intelligent application layer firewall and Web caching
server that helps protect the network from external attacks and from exploits that may originate from the internal network behind the ISA Server 2000 machine.
The ISA Server 2000 Web cache helps network users reduce overall bandwidth utilization and can provide for a faster Web access experience for campus Internet users by returning popular Web content from the ISA Server 2000 Web cache on the local network instead of from a increasingly congested Internet.
ISA Server can provide value to information technology managers, network administrators, and information security professionals who are concerned about the security, performance, manageability, or operating costs of their networks.
ISA Server can be used in a wide range of scenarios, from small schools, districts and satellite campuses to major, multi-campus systems and statewide networks.
End of Module
Module 2
ISA Server Installation
Installation Process
Installation Process (cont.)
Installation Process (cont.)
Installation Process (cont.)
Installation Process (cont.)
Installation Process (cont.)
Installation Process (cont.)
Installation Process (cont.)
Installation Process (cont.)
Installation Process (cont.)
End of Module
Module 3
Network Security
Network Security
The Threat (Internet)– Hackers/Crackers– Script Kiddies
Type of Firewalls– Traditional– Application
Hackers/Cracker
Skill Level– High Level
Motivation– Test Skill Level– Monetary Gain– Freedom
Script Kiddies
Skill Level– Low to Medium Level
Motivation– Imitation– Curiosity– Build Skill Level
Traditional Firewall OSI Layer 3 & Layer 4
NAT
Function of SPI firewall– source address, destination address, source port,
destination port and direction– Denial of Service (DoS) attacks, Ping of Death, SYN
Flood, LAND Attack, and IP Spoofing (Pattern)
Great at lower level protocol attacks
Application Firewall (Proxies)
OSI Layer 7
Application Level Filtering (Going up the OSI Layer)– OS vulnerabilities, Application vulnerabilities– Nimda, Code Red, SQL Slammer worm, SQL
poisoning – Most likely to spread via email or
unfiltered/open port
End of Module
Module 4
ISA Server to the Rescue
ISA Server Architecture
Standalone Enterprise
– Firewall– Cache Proxy– Integrated
ISA Server as a Standalone
[1]
ISA Server in the Enterprise
[1]
Multi-layered Firewall
Static and Dynamic packet filtering
Circuit Filtering (ISA Client)
Application Filtering
Features of ISA Server
Stateful Inspection Secure Server Publishing Intrusion Detection Client Transparency (SecureNAT) Strong Authentication SDK
Stateful Inspection
Allows ISA Server to determine the state of a given session
Configurable through access policy rules that open ports automatically (dynamic IP packet filtering)
Excellent for filtering streaming media applications
Secure Publishing
Web Server
Email Server (Exchange)
Servers are Never Exposed
Intrusion Detection
Licensed technology from Internet Security Systems
Administrator can set triggers
Triggers can be configured to stop the firewall, write to system log or run script
Client Transparency
SecureNAT
No client to install
Configurable for outbound traffic
Software Development Kit SDK
Create Custom Extensions
Comes with Sample Code
Detailed Documentation
Authentication Web ProxyIncoming/Outgoing Web Traffic
Basic (plain text) (Not Strong!) Digest Integrated Windows (NTLM & Kerberos) Client Certificates Pass-through authentication
End of Module
Module 5
A Closer Look to The ISA Server Management Tool
ManagementConsole
ISA Server – Web Publishing Feature
ISA Server – Web Publishing Feature (cont.)
ISA Server – Web Publishing Feature (cont.)
ISA Server – Web Publishing Feature (cont.)
ISA Server – Web Publishing Feature (cont.)
ISA Server – Web Publishing Feature (cont.)
ISA Server – Web Publishing Feature (cont.)
ISA Server – Web Publishing Feature (cont.)
ISA Server – Web Publishing Feature (cont.)
ISA Server – Web Publishing Feature (cont.)
ISA Server – Web Publishing Feature (cont.)
ISA Server – Web Publishing Feature (cont.)
ISA Server – Web Publishing Feature (cont.)
ISA Server – Web Publishing Feature (cont.)
ISA Server – Web Cashing Feature
ISA Server – Web Cashing Feature (cont.)
ISA Server – Web Cashing Feature (cont.)
ISA Server – Web Cashing Feature (cont.)
ISA Server – Web Cashing Feature (cont.)
ISA Server – Web Cashing Feature (cont.)
ISA Server – Web Cashing Feature (cont.)
Module 6
SQL Slammer Filter
Creating a Filter for SQL Slammer
Create a definition
Create a rule
Step 1 – Create Definition
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7 – Create Rule
Step 8
Step 9
Step 10
Step 11
Step 12
Step 13
End of Module
Conclusion ISA Server was designed to meet the needs of Internet-
enabled business by providing enterprise-class security, fast Web caching performance and powerful unified management tools built for Windows 2000 and 2003 Server.
ISA Server provides a multilayered firewall with built-in intrusion detection to keep internal networks safe.
ISA Server provides businesses with secure, fast Internet connectivity built on the powerful management features of Windows 2000 and 2003 Server.
ISA Server provides scalability for both small and enterprise class environments
Resources
[1] http://www.microsoft.com/isaserver/ [2] http://www.isaserver.org [3]
http://www.techiwarehouse.com/Articles/2002-12-23.html
[4] http://labmice.techtarget.com/BackOffice/ISAServer2000/default.htm
Glossary
Kerberos - a secure method for authenticating a request for a service in a computer network. Kerberos was developed in the Athena Project at the Massachusetts Institute of Technology (MIT).
NTLM - a Microsoft-Proprietary protocol that authenticates users and computers based on an authentication challenge and response.
Stateful Inspection - Stateful inspection is an advanced firewall architecture that was invented by Check Point Software Technologies in the early 1990s. Inspects the header of packets.
NAT - Network Address Translation (NAT) is the translation of an Internet Protocol address used within one network to a different IP address known within another network.