slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Microsoft ® Internet Security and Acceleration Server 2006 Beta Technical Overview PowerPoint Presentation
Download Presentation
Microsoft ® Internet Security and Acceleration Server 2006 Beta Technical Overview

Loading in 2 Seconds...

play fullscreen
1 / 18

Microsoft ® Internet Security and Acceleration Server 2006 Beta Technical Overview - PowerPoint PPT Presentation


  • 155 Views
  • Uploaded on

Microsoft ® Internet Security and Acceleration Server 2006 Beta Technical Overview. Steve Lamb Information Security Evangelist http://blogs.technet.com/steve_lamb mailto://stephen.lamb@microsoft.com Microsoft UK. “You don’t put brakes on a car to go slower

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Microsoft ® Internet Security and Acceleration Server 2006 Beta Technical Overview


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Microsoft® Internet Security and Acceleration Server 2006 Beta Technical Overview

Steve Lamb

Information Security Evangelist

http://blogs.technet.com/steve_lamb

mailto://stephen.lamb@microsoft.com

Microsoft UK

slide2
“You don’t put brakes on a car to go slower

– you put them on to go faster more safely”

  • User education is key
  • As are processes and procedures
  • Mis-configured systems are a major threat
slide3
“Good Security enables business to do more with less risk”
  • Hold off the Rocket Science
  • Apply Technology to Support the Business Policy
  • Learn how the business works
  • Don’t get in the way!
isa application layer firewalling
ISA – Application Layer Firewalling
  • Currently – most firewalls check only basic packet information
  • Real world equivalent of looking at the number and destination of a bus – and not looking at the passengers
positioning pillars deployment scenarios
Positioning Pillars & Deployment Scenarios

Integrated Security

Efficient Management

Fast, Secure Access

Secure Application Publishing

Branch Office Gateway

Web Access Protection

secure application publishing the problem

NTLM

External Web Server

Kerberos

SharePoint

User

Intranet Web Server

RADIUS

Active Directory

Secure Application PublishingThe Problem

Pain Points

Needs

Need customized forms, forms for mobile devices, authN support for non-browser apps

Strong Server Protection

ISA in workgroup using RADIUS, lacks AD group info

More multi-factor authN support reqd.

Lack of NTLM, Kerberos delegation support

Better Identity Control

Idle-based session timeouts include non-user traffic e.g. RPC

Seamless Access

Multiple sign-ons required for different apps

Manual link translation cumbersome

High Performance

IP-based NLB creates 1:1 between ISA & published server during sessions

Easy Management

Expired and duplicate certificates hard to track

Exchange & SharePoint Publishing difficult

Exchange

ISA 2006 Appliance

Load Balancer

DMZ

Internet

Internal Network

Administrator

Username

Password

Username

Password

Username

Password

secure application publishing the solution

Intranet Web Server

External Web Server

DMZ

ISA 2006 Appliance

Exchange

Internal Network

User

Internet

SharePoint

Active Directory

Administrator

Secure Application PublishingThe Solution

New ISA Server 2006 Features

Needs

Customized forms incl. mobile devices, alternative authN for non-browser apps

Strong Server Protection

LDAP support for AD integration & other user directories

RADIUS OTP, smart card support

NTLM, Kerberos & Kerberos Constrained Delegation support

Better Identity Control

Idle-based, session-based timeouts account for non-user traffic

Seamless Access

Automatic link translation through global links table

Single sign-on

High Performance

Cookie-based NLB keeps session alive in case of fail-over

Easy Management

Exchange, SharePoint publishing Wizards

Better UI for certificate management

Get https://mail

Username

Password

Passcode

Get https://team

Username

Password

Username

Password

secure application publishing added value
Secure Application PublishingAdded Value

ISA Server 2004 Features

Strong Server Protection

SSL Bridging

VPN Quarantine

Better Identity Control

Seamless Access

Integrated Remote Client VPN Gateway

High Performance

Reverse Caching

Easy Management

Logging & Reporting

Move Exchange out of DMZ

Provide pre-authentication for OWA, Outlook, and ActiveSync

Multi-factor Authentication for Exchange

Load Balancing of OWA Servers

HTTP Traffic Inspection

Exchange

Full Access to all SharePoint docs

HTTP Traffic Inspection

SharePoint

Antigen for Exchange. SharePoint, LCS

Complete end-to-end Secure Messaging Solution

secure application publishing key differentiating points
Secure Application PublishingKey Differentiating Points

Tight Integration With Microsoft Products

SSL Bridging Inspects Encrypted Content

Active Directory Integration Provides Better Management

Dedicated Exchange & SharePoint Wizards Makes Setup Easy

Integrated ALF & Cache Provides Added Protection & Lower TCO

branch office gateway the problem

User

User

Branch Office GatewayThe Problem

Pain Points

Needs

Easy Deployment

No IT support at branch office

Deploying to 100s of branch offices difficult

Better Protection

Software update transfers from HQ to branch slow

Better Management

Policy updates from HQ to branch slow requiring CSS at branch

Lower Connectivity Costs

Lack of compression support for traffic

Bandwidth Optimization

No support for traffic prioritization mechanisms

Intranet Web Server

Exchange

External Web Server

ISA 2006 Appliance Array

BRANCH OFFICE

DMZ

CSS

Internal Network

Internet

S2S VPN

SharePoint

Active Directory

HEAD QUARTERS

CSS

Administrator

branch office gateway the solution

Intranet Web Server

Exchange

External Web Server

ISA 2006 Appliance Array

User

BRANCH OFFICE

DMZ

CSS

Internal Network

Internet

S2S VPN

SharePoint

Active Directory

HEAD QUARTERS

User

Administrator

Branch Office GatewayThe Solution

New ISA Server 2006 Features

Needs

Easy Deployment

Unattended Installation Answer Files

Branch Office Connectivity Wizard

Better Protection

Software update caching using BITS

Better Management

Faster policy propagation needing only central CSS at HQ

Lower Connectivity Costs

HTTP Compression and range compression and caching

Bandwidth Optimization

Support for DiffServ

branch office gateway added value
Branch Office GatewayAdded Value

ISA Server 2004 Features

Easy Deployment

Flexible Branch Office Network Topology

Better Protection

Integrated Firewall

Better Management

Integrated S2S VPN Gateway

Lower Connectivity Costs

HTTP Caching

Bandwidth Optimization

Distributed Caching & Web Proxy Chaining

BITS Caching Complements R2 Remote Differential Caching

Windows Server R2

branch office gateway key differentiating points
Branch Office GatewayKey Differentiating Points

Easy Integration with Existing Branch Office Infrastructure

Integrated Application-Layer Firewall Provides Added Protection

Integrated Cache Functionality Increases Speed

Integrated S2S VPN Functionality Lowers TCO

Centralized Management from HQ

web access protection the problem
Web Access ProtectionThe Problem

Pain Points

Needs

External Attack Resilience

Need better protection against DoS, DDoS attacks

Internal Attack Resilience

Need better protect against internal worm propagation

Minimal Downtime

Need mitigation measures under attack

Remediation Measures

Need better alerting and tracing of infected machines

Better Management

Centralized management and monitoring required

Extranet Web Server

External Web Site

DMZ

ISA 2006 Appliance

Internal Network

Attacker

Internet

Administrator

web access protection the solution

Extranet Web Server

External Web Site

DMZ

ISA 2006 Appliance

Internal Network

Attacker

Internet

Administrator

Web Access ProtectionThe Solution

New ISA Server 2006 Features

Needs

External Attack Resilience

Flood resiliency through better TCP connection monitoring & thresholds

Internal Attack Resilience

Worm resiliency through better TCP connection monitoring & thresholds

Minimal Downtime

Log throttling, control over memory consumption and pending DNS queries

Remediation Measures

90 newer alerts to provide better detection & forensic ability.

Better Management

Integration with MOM 2005

web access protection added value
Web Access ProtectionAdded Value

ISA Server 2004 Features

ALF & Deep Packet Inspection

Flexible SDK

External Attack Resilience

Internal Attack Resilience

Minimal Downtime

Integrated Caching & CARP

Remediation Measures

Better Management

Multi-Network Architecture

Easy-to-use UI

Leverages NLB, RRAS, RADIUS, VPN Quarantine, WINS, DNS

DHCP capabilities of Windows Server 2003

Windows Server 2003

web access protection key differentiating points
Web Access ProtectionKey Differentiating Points

Deep Content Inspects Actual Content of Traffic

Multi-network Architecture Eases Infrastructure Integration

Flexible SDK allows Easy Development of New Application Filters

CARP Provides High Performance for Caching

Easy-to-Use UI Makes Configuration Easier

slide18

Steve Lamb

Information Security Evangelist

http://blogs.technet.com/steve_lamb

mailto://stephen.lamb@microsoft.com

Microsoft UK

© 2006 Microsoft Corporation. All rights reserved.

This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.