1 / 18

Microsoft ® Internet Security and Acceleration Server 2006 Beta Technical Overview

Microsoft ® Internet Security and Acceleration Server 2006 Beta Technical Overview. Steve Lamb Information Security Evangelist http://blogs.technet.com/steve_lamb mailto://stephen.lamb@microsoft.com Microsoft UK. “You don’t put brakes on a car to go slower

josh
Download Presentation

Microsoft ® Internet Security and Acceleration Server 2006 Beta Technical Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Microsoft® Internet Security and Acceleration Server 2006 Beta Technical Overview Steve Lamb Information Security Evangelist http://blogs.technet.com/steve_lamb mailto://stephen.lamb@microsoft.com Microsoft UK

  2. “You don’t put brakes on a car to go slower – you put them on to go faster more safely” • User education is key • As are processes and procedures • Mis-configured systems are a major threat

  3. “Good Security enables business to do more with less risk” • Hold off the Rocket Science • Apply Technology to Support the Business Policy • Learn how the business works • Don’t get in the way!

  4. ISA – Application Layer Firewalling • Currently – most firewalls check only basic packet information • Real world equivalent of looking at the number and destination of a bus – and not looking at the passengers

  5. Positioning Pillars & Deployment Scenarios Integrated Security Efficient Management Fast, Secure Access Secure Application Publishing Branch Office Gateway Web Access Protection

  6. NTLM External Web Server Kerberos SharePoint User Intranet Web Server RADIUS Active Directory Secure Application PublishingThe Problem Pain Points Needs Need customized forms, forms for mobile devices, authN support for non-browser apps Strong Server Protection ISA in workgroup using RADIUS, lacks AD group info More multi-factor authN support reqd. Lack of NTLM, Kerberos delegation support Better Identity Control Idle-based session timeouts include non-user traffic e.g. RPC Seamless Access Multiple sign-ons required for different apps Manual link translation cumbersome High Performance IP-based NLB creates 1:1 between ISA & published server during sessions Easy Management Expired and duplicate certificates hard to track Exchange & SharePoint Publishing difficult Exchange ISA 2006 Appliance Load Balancer DMZ Internet Internal Network Administrator Username Password Username Password Username Password

  7. Intranet Web Server External Web Server DMZ ISA 2006 Appliance Exchange Internal Network User Internet SharePoint Active Directory Administrator Secure Application PublishingThe Solution New ISA Server 2006 Features Needs Customized forms incl. mobile devices, alternative authN for non-browser apps Strong Server Protection LDAP support for AD integration & other user directories RADIUS OTP, smart card support NTLM, Kerberos & Kerberos Constrained Delegation support Better Identity Control Idle-based, session-based timeouts account for non-user traffic Seamless Access Automatic link translation through global links table Single sign-on High Performance Cookie-based NLB keeps session alive in case of fail-over Easy Management Exchange, SharePoint publishing Wizards Better UI for certificate management Get https://mail Username Password Passcode Get https://team Username Password Username Password

  8. Secure Application PublishingAdded Value ISA Server 2004 Features Strong Server Protection SSL Bridging VPN Quarantine Better Identity Control Seamless Access Integrated Remote Client VPN Gateway High Performance Reverse Caching Easy Management Logging & Reporting Move Exchange out of DMZ Provide pre-authentication for OWA, Outlook, and ActiveSync Multi-factor Authentication for Exchange Load Balancing of OWA Servers HTTP Traffic Inspection Exchange Full Access to all SharePoint docs HTTP Traffic Inspection SharePoint Antigen for Exchange. SharePoint, LCS Complete end-to-end Secure Messaging Solution

  9. Secure Application PublishingKey Differentiating Points Tight Integration With Microsoft Products SSL Bridging Inspects Encrypted Content Active Directory Integration Provides Better Management Dedicated Exchange & SharePoint Wizards Makes Setup Easy Integrated ALF & Cache Provides Added Protection & Lower TCO

  10. User User Branch Office GatewayThe Problem Pain Points Needs Easy Deployment No IT support at branch office Deploying to 100s of branch offices difficult Better Protection Software update transfers from HQ to branch slow Better Management Policy updates from HQ to branch slow requiring CSS at branch Lower Connectivity Costs Lack of compression support for traffic Bandwidth Optimization No support for traffic prioritization mechanisms Intranet Web Server Exchange External Web Server ISA 2006 Appliance Array BRANCH OFFICE DMZ CSS Internal Network Internet S2S VPN SharePoint Active Directory HEAD QUARTERS CSS Administrator

  11. Intranet Web Server Exchange External Web Server ISA 2006 Appliance Array User BRANCH OFFICE DMZ CSS Internal Network Internet S2S VPN SharePoint Active Directory HEAD QUARTERS User Administrator Branch Office GatewayThe Solution New ISA Server 2006 Features Needs Easy Deployment Unattended Installation Answer Files Branch Office Connectivity Wizard Better Protection Software update caching using BITS Better Management Faster policy propagation needing only central CSS at HQ Lower Connectivity Costs HTTP Compression and range compression and caching Bandwidth Optimization Support for DiffServ

  12. Branch Office GatewayAdded Value ISA Server 2004 Features Easy Deployment Flexible Branch Office Network Topology Better Protection Integrated Firewall Better Management Integrated S2S VPN Gateway Lower Connectivity Costs HTTP Caching Bandwidth Optimization Distributed Caching & Web Proxy Chaining BITS Caching Complements R2 Remote Differential Caching Windows Server R2

  13. Branch Office GatewayKey Differentiating Points Easy Integration with Existing Branch Office Infrastructure Integrated Application-Layer Firewall Provides Added Protection Integrated Cache Functionality Increases Speed Integrated S2S VPN Functionality Lowers TCO Centralized Management from HQ

  14. Web Access ProtectionThe Problem Pain Points Needs External Attack Resilience Need better protection against DoS, DDoS attacks Internal Attack Resilience Need better protect against internal worm propagation Minimal Downtime Need mitigation measures under attack Remediation Measures Need better alerting and tracing of infected machines Better Management Centralized management and monitoring required Extranet Web Server External Web Site DMZ ISA 2006 Appliance Internal Network Attacker Internet Administrator

  15. Extranet Web Server External Web Site DMZ ISA 2006 Appliance Internal Network Attacker Internet Administrator Web Access ProtectionThe Solution New ISA Server 2006 Features Needs External Attack Resilience Flood resiliency through better TCP connection monitoring & thresholds Internal Attack Resilience Worm resiliency through better TCP connection monitoring & thresholds Minimal Downtime Log throttling, control over memory consumption and pending DNS queries Remediation Measures 90 newer alerts to provide better detection & forensic ability. Better Management Integration with MOM 2005

  16. Web Access ProtectionAdded Value ISA Server 2004 Features ALF & Deep Packet Inspection Flexible SDK External Attack Resilience Internal Attack Resilience Minimal Downtime Integrated Caching & CARP Remediation Measures Better Management Multi-Network Architecture Easy-to-use UI Leverages NLB, RRAS, RADIUS, VPN Quarantine, WINS, DNS DHCP capabilities of Windows Server 2003 Windows Server 2003

  17. Web Access ProtectionKey Differentiating Points Deep Content Inspects Actual Content of Traffic Multi-network Architecture Eases Infrastructure Integration Flexible SDK allows Easy Development of New Application Filters CARP Provides High Performance for Caching Easy-to-Use UI Makes Configuration Easier

  18. Steve Lamb Information Security Evangelist http://blogs.technet.com/steve_lamb mailto://stephen.lamb@microsoft.com Microsoft UK © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

More Related