Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Net neutrality law wikipedia , lookup
Industry Standard Architecture wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Remote Desktop Services wikipedia , lookup
Wireless security wikipedia , lookup
Computer security wikipedia , lookup
Deep packet inspection wikipedia , lookup
Network Edge Protection: A Technical Deep-Dive into Internet Security & Acceleration Server 2006 1 Agenda What Is ISA Server 2006? Technical Review of: Secure Application Publishing Branch Office Security Internet Access Protection ISA on Appliances Summary What is ISA Server 2006? ISA Server 2006 is the integrated edge security gateway that helps protect your IT environment from Internet-based threats while providing your users with fast, more secure access to applications and data. Three Deployment Scenarios Secure Application Publishing Branch Office Security Internet Access Protection Making Exchange, SharePoint and Web application servers available for secure remote access Securely connecting your branch offices and utilizing bandwidth efficiently Protecting your environment from internal users accessing unwanted or harmful content on the Internet Secure Application Publishing “We have multiple applications, and everybody has too many passwords and too many logons. Our goal was to make it so that once an employee gains access to our intranet home page, he or she doesn’t have to log on again to use another application.” – Wendy Lou, IT Security Architect, Northwest Airlines 4 The Concerns An increasing number of employees need access to information hosted on the corporate network 1 Hackers want to steal information on corporate data servers for personal gain. Able to evade current “hardware” firewall by hiding attacks in encrypted sessions 2 Opening “ports” on the corporate firewall to company resources puts the customer at risk of Internet-based attackers 3 Traditional “hardware” firewalls are not specifically built to protect Exchange & SharePoint® Portal Server 4 Secure Application Publishing The Solution Automatic translation of links to internal shares Strong user/group based access controls NTLM, Kerberos authentication support Load balancing of server farms Exchange & SharePoint publishing tools Smartcard & one-time password support Inspection of encrypted traffic using SSL Bridging Single sign-on for access to multiple servers Pre-authentication so only valid traffic reaches servers Authentication with Active directory via LDAP ISA 2006 and IAG 2007 IAG 2007 Customizable and differentiated application access based on user identity, content / file attributes, URL and client security state ISA 2006 General application access from Web-enabled clients when content-specific policy is not needed Branch Office Security Much of our business relies on Web-based transactions between our branch offices and the main servers at our head office. Due to bandwidth restrictions at some of the more remote locations, we were limited in the types of solutions we could deploy.” – Josée Corriveau, Applications Architecture and Infrastructure Manager, Desjardins Group The Concerns Branch office employee productivity suffers when they cannot access corporate data at the main office, or when data access is slow. 1 The cost of WAN links is a major line item for many companies with extensive branch office deployments. 2 Companies with large numbers of branch offices need to reduce the overhead in managing thousands of firewall and Web proxy servers. 3 Branches not as tightly managed can lead to increased probability of a security breach that can impact the main office network. 4 Branch Office Security The Solution Web caching for faster response times DiffServ IP settings for traffic prioritization BITS support to accelerate software update deployment Answer files on removable media for unattended installation Integrated application-layer firewall, VPN & web proxy HTTP traffic compression to minimize bandwidth use Enterprise & array policy model for large deployments Cache Array Routing protocol for efficient cache use Central policy storage and fast propagation of policy using bandwidth optimizations Internet Access Protection “It’s important that we control users connecting to the Internet for legal reasons. A number of our staff is highly trained medical professionals who need access to information about sensitive issues within sports medicine.” – Mark Richards, Head of Information Systems, English Institute of Sport The Concern Security breaches require that customers determine the source of the breach (what user, on what computer, at what time, using what application). 1 Uncontrolled Internet access can lead to decrease in employee productivity as well as them introducing viruses, worms, Trojan horses, and other exploit code to the internal network 2 A variety of apps can be used to send proprietary info out to the Internet, such as email, newsgroups, peer-to-peer file sharing, instant messaging, and more. 3 Slow or unusable Internet connections can put the company at a competitive disadvantage and reduce overall employee productivity 4 Internet Access Protection The Solution Enhanced protection against DoS, DDoS & DNS attacks Integrated Network Load Balancing for high availability Integrated applicationlayer firewall & web proxy Securityenhanced remote management using TLS Built-in traffic inspection for over 120 protocols Customizable cache rules for flexibility Fast RAM & on-disk caching for fast web page response times Enhanced worm protection through connection quotas Comprehensive alert triggers & responses ISA 2006 on Appliances 1. Hardware comes preloaded, preconfigured, and pretested with ISA Server. 2. Hardened configuration for reduced attack surface. 3. Easy to purchase, set up, and deploy. 4. Out-of-box configuration tools and Webbased administration available More information 1 2 Configuration Training, Capacity Planner & more tools on http://www.microsoft.com/isaserver Try out FREE virtual labs at http://www.microsoft.com/technet/traincert/virtuallab/isa.mspx 3 Download trials, demos, test environments, & virtual hard disks from http://www.microsoft.com/forefront/edgesecurity/trial.mspx Summary Secure Application Publishing Branch Office Security Internet Access Protection An integral part of Microsoft Forefront™ Visit http://www.microsoft.com/infrastructure Learn more about how ISA Server 2006 fits in the Forefront & System Center solution Download beta/evaluation software ISA Server 2006 wins Redmond Reader’s Choice Awards in Software-Based Firewall Category! Windows ITPro Readers vote ISA Server 2006 as number one in Firewall/Server Category!