Introduction to isa 2004
Download
1 / 39

Introduction to ISA 2004 - PowerPoint PPT Presentation


  • 101 Views
  • Uploaded on

Introduction to ISA 2004. Dana Epp Microsoft Security MVP. Who am I?. Microsoft Windows Security MVP. Information Security Professional. Computer Security Software Architect. Small Business Owner. What do I know about firewalls?. I’ve written firewall code.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Introduction to ISA 2004' - kamal


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Introduction to isa 2004

Introduction to ISA 2004

Dana Epp

Microsoft Security MVP













Isa server 2004
ISA Server 2004

caching

caching

Content filtering

application publishing

content filtering

applicationpublishing

advanced application layer firewall

advanced application layer firewall / vpn


What’s the differencebetween ISA and other SMB firewalls?


Differences in SMB Firewalls

Typical Hardware

Firewall

Advanced Hardware

Firewall

NAT

Device

Microsoft

ISA 2004

Simple Ingress Filtering

Simple Egress Filtering

Complex Ingress Filtering

Rarely

available

Complex Egress Filtering

Application Content Filtering

Virtual Private Networking

Web Caching

Some have limited VPN

AD Authentication



What’s the important difference?


A traditional firewall s view of a packet

IP Header

Source Address,Dest. Address,TTL, Checksum

TCP Header

Sequence NumberSource Port,Destination Port,Checksum

Application Layer Content

????????????????????????????????????????????

  • Forwarding decisions based on port numbers

    • Legitimate traffic and application layer attacks use identical ports

Corporate Network

Internet

Expected HTTP Traffic

Unexpected HTTP Traffic

Attacks

Non-HTTP Traffic

A traditional firewall’s view of a packet

  • Only packet headers are inspected

    • Application layer content appears as “black box”



Isa server s view of a packet

IP Header

Source Address,Dest. Address,TTL, Checksum

TCP Header

Sequence NumberSource Port,Destination Port,Checksum

Application Layer Content

<html><head><meta http- quiv="content-type" content="text/html; charset=UTF-8"><title>MSNBC - MSNBC Front Page</title><link rel="stylesheet"

  • Forwarding decisions based on content

    • Only legitimate and allowed traffic is processed

Corporate Network

Internet

Expected HTTP Traffic

Unexpected HTTP Traffic

Attacks

Non-HTTP Traffic

ISA Server’s view of a packet



Updated security architecture
Updated security architecture

Advanced Protection

Application layer security designed to protect Microsoft applications

Deep content inspection

  • Enhanced, customizable HTTP protocol filters

  • Comprehensive and flexible policies

  • Stateful routing for all IP protocols

Enhanced Exchange Server Integration

  • Support for Outlook RPC over HTTP

  • Enhanced Outlook Web Access security

  • Easy to use configuration wizards

Fully integrated VPN

  • Unified firewall -- VPN filtering

  • Site-to-site IPsec Tunnel Mode support

  • Network access quarantine

Secure Internet Information Server and SPS

  • SSL Bridging for IIS and SPS

  • Easy to use Web publishing wizards

  • AD, RADIUS, SecurID authentication


New management tools and ui
New management tools and UI

Ease of Use

Efficient and cost effective network security

Multi-network architecture

  • Unlimited network definitions and types

  • Firewall policy applied to all traffic

  • Per network routing relationships

Network templates and wizards

  • Wizard simplifies routing configuration

  • Easy setup for common network topologies

  • Easily customized for sophisticated scenarios

Visual policy editor

  • Firewall policy with single, ordered rule-base

  • Drag and drop editing, scenario-driven wizards

  • XML-based configuration import and export

Enhanced trouble-shooting

  • Monitoring dashboard

  • Real-time log viewer

  • Content sensitive task panes


Commitment to integration
Commitment to integration

Fast, Secure Access

Empowers you to connect users to relevant information on yournetwork in a cost efficient manner

Enhanced architecture

  • High speed data transport

  • Utilizes latest Windows and PC hardware

  • High speed application filtering platform

Web cache

  • Updated policy rules

  • Serve content locally

  • Pre-fetch content during low activity periods

Internet access control

  • User- and group-based Web usage policy

  • Extensible by third parties

Comprehensive authentication

  • New support for RADIUS and RSA SecurID

  • User- and group-based access policy

  • Third-party extensibility









Call to action
Call to Action content

  • Give ISA 2004 a try

  • Consider buying SBS Premium instead of SBS Standard.

  • If managing hardware firewalls, CHECK FOR FIRMWARE UPDATES.


For more information

For more information: content

Amy’s ISA in SBS blog:http://isainsbs.blogspot.com

ISA Server Resource site http://www.isaserver.org

Dana’s security blog: http://silverstr.ufies.org

Firewall Dashboardhttp://www.scorpionsoft.com

Dana Epp

Microsoft Security MVP


ad