Network Security and ISA Server - PowerPoint PPT Presentation

1 / 52
About This Presentation
Title:

Network Security and ISA Server

Description:

a hacking tutorial. Hacking networks you own can be enlightening. HACKING NETWORKS YOU DO NOT OWN IS ILLEGAL ...demonstrating vulnerabilities in Windows ... – PowerPoint PPT presentation

Number of Views:69
Avg rating:3.0/5.0
Slides: 53
Provided by: downloadM
Category:

less

Transcript and Presenter's Notes

Title: Network Security and ISA Server


1
Network Security and ISA Server
  • Paul Hogan
  • Ward Solutions

2
Session Prerequisites
  • Hands-on experience with Windows 2000 or Windows
    Server 2003
  • Working knowledge of networking, including basics
    of security
  • Basic knowledge of network security-assessment
    strategies

Level 300
3
Agenda
  • 1000 1100 Network Security
  • 1100 1115 Break
  • 1130 1200 Securing SQL Server
  • 1200 100 Lunch
  • 100 200 Securing Exchange
  • 230 215 Break
  • 215 315 Lab Sessions
  • 315 QA

4
This sessions are about
  • about operational security
  • The easy way is not always the secure way
  • Networks are usually designed in particular ways
  • In many cases, these practices simplify attacks
  • In some cases these practices enable attacks
  • In order to avoid these practices it helps to
    understand how an attacker can use them

5
This sessions are NOT
  • a hacking tutorial
  • Hacking networks you own can be enlightening
  • HACKING NETWORKS YOU DO NOT OWN IS ILLEGAL
  • demonstrating vulnerabilities in Windows
  • Everything we show stems from operational
    security or custom applications
  • Knowing how Windows operates is critical to
    avoiding problems
  • for the faint of heart

6
The Sessions
7
The Network
8
Introducing the Case-Study Scenario
9
Understanding Defense-in-Depth
  • Using a layered approach
  • Increases an attackers risk of detection
  • Reduces an attackers chance of success

10
Why Does Network Security Fail?
Network security fails in several common areas,
including
  • Human awareness
  • Policy factors
  • Hardware or software misconfigurations
  • Poor assumptions
  • Ignorance
  • Failure to stay up-to-date

11
What we will cover
  • How to Implement Perimeter defenses
  • How ISA Server protects networks
  • Using Windows Firewalls to Protect Clients
  • How to Protect Wireless Networks

12
Purpose and Limitations of Perimeter Defenses
  • Properly configured firewalls and border routers
    are the cornerstone for perimeter security
  • The Internet and mobility increase security risks
  • VPNs have exposed a destructive, pernicious entry
    point for viruses and worms in many organizations
  • Traditional packet-filtering firewalls only block
    network ports and computer addresses
  • Most modern attacks occur at the application
    layer

13
Purpose and Limitations of Intrusion Detection
  • Detects the pattern of common attacks and records
    suspicious traffic in event logs and/or alerts
    administrators
  • Integrates with other firewall features to
    prevent common attacks
  • Threats and vulnerabilities are constantly
    evolving, which leaves systems vulnerable until a
    new attack is known and a new signature is
    created and distributed

14
Implementing Network-Based Intrusion-Detection
Systems
Provides rapid detection and reporting of
external malware attacks
Network-based intrusion-detection system
Important points to note
  • Network-based intrusion-detection systems are
    only as good as the process that is followed once
    an intrusion is detected
  • ISA Server 2004 provides network-based
    intrusion-detection abilities

15
Perimeter Connections
Branch Office
16
Firewall Design Three Homed
17
Firewall Design Back-to-Back
18
Software vs Hardware Firewalls
19
Types of Firewalls
  • Packet Filtering
  • Stateful Inspection
  • Application-Layer Inspection

Multi-layer inspection (including
application-layer filtering)
20
Agenda
  • Introduction/Defense in Depth
  • Using Perimeter Defenses
  • Using ISA Server to Protect Perimeters
  • Using Windows Firewall to Protect Clients
  • Protecting Wireless Networks
  • Protecting Networks by Using IPSec

21
Protecting Perimeters
  • ISA Server has full screening capabilities
  • Packet filtering
  • Stateful inspection
  • Application-level inspection
  • ISA Server blocks all network traffic unless you
    allow it
  • ISA Server is ICSA and Common Criteria certified

22
Protecting Clients
23
Protecting Web Servers
  • Web Publishing Rules
  • Protect Web servers behind the firewall from
    external attacks by inspecting HTTP traffic and
    ensuring it is properly formatted and complies
    with standards.
  • Inspection of SSL traffic
  • Inspects incoming encrypted Web requests for
    proper formatting and standards compliance.
  • Will optionally re-encrypt the traffic before
    sending them to your Web server

24
URLScan
  • ISA Server Feature Pack 1 includes URLScan 2.5
    for ISA Server
  • Allows URLScan ISAPI filter to be applied at the
    network perimeter
  • General blocking for all Web servers behind the
    firewall
  • Perimeter blocking for known and newly discovered
    attacks

Web Server 1
Web Server 2
ISA Server
Web Server 3
25
Protecting Exchange Server
26
Demonstration 1Application-Layer Inspection in
ISA Server URL ScanWeb PublishingMessage
Screener
27
Traffic that Bypasses Firewall Inspection
  • SSL tunnels through traditional firewalls because
    it is encrypted, which allows viruses and worms
    to pass through undetected and infect internal
    servers.
  • VPN traffic is encrypted and cant be inspected
  • Instant Messenger (IM) traffic often is not
    inspected and may be used to transfer files in
    addition to be used for messaging.

28
Inspecting All Traffic
  • Use intrusion detection and other mechanisms to
    inspect VPN traffic after it has been decrypted
  • Remember Defense in Depth
  • Use a firewall that can inspect SSL traffic
  • Expand inspection capabilities of your firewall
  • Use firewall add-ons to inspect IM traffic

29
SSL Inspection
  • SSL tunnels through traditional firewalls because
    it is encrypted, which allows viruses and worms
    to pass through undetected and infect internal
    servers.
  • ISA Server pre-authenticates users, eliminating
    multiple dialog boxes and allowing only valid
    traffic through.
  • ISA Server can decrypt and inspect SSL traffic.
    Inspected traffic can be sent to the internal
    server re-encrypted or in the clear.

30
Demonstration 2SSL Inspection in ISA Server
31
ISA Server Hardening
  • Secure your Server Wizard
  • Review Bastion Host information in Security
    Guides
  • Disable unnecessary services
  • Harden the Network Stack
  • Disable unnecessary network protocols on the
    external network interface
  • File and print sharing
  • Client for Microsoft Networks
  • NetBIOS over TCP/IP

32
Best Practices
  • Use access rules that only allow requests that
    are specifically allowed
  • Use ISA servers authentication capabilities to
    restrict and log Internet access
  • Configure Web publishing rules only for specific
    URLs
  • Use SSL Inspection to inspect encrypted data that
    is entering your network

33
Demonstration 3Internet Connection Firewall
(ICF) Configuring ICF ManuallyTesting
ICFReviewing ICF Log FilesConfiguring Group
Policy Settings
34
Agenda
  • Introduction/Defense in Depth
  • Using Perimeter Defenses
  • Using ISA Server to Protect Perimeters
  • Using Windows Firewall to Protect Clients
  • Protecting Wireless Networks
  • Protecting Networks by Using IPSec

35
New Security Features in Windows Firewall
On by default
On with no exceptions
ü
ü
Windows Firewall exceptions list
Boot-time security
ü
ü
Global configuration and restore defaults
Multiple profiles
ü
ü
RPC support
ü
Local subnet restrictions
ü
Unattended setup support
ü
Command-line support
ü
36
Configuring Windows Firewall for Antivirus Defense
37
Agenda
  • Introduction/Defense in Depth
  • Using Perimeter Defenses
  • Using ISA Server to Protect Perimeters
  • Using Windows Firewall to Protect Clients
  • Protecting Wireless Networks
  • Protecting Networks by Using IPSec

38
Wireless Security Issues
  • Limitations of Wired Equivalent Privacy (WEP)
  • WEP is inherently weak to due poor key exchange.
  • WEP keys are not dynamically changed and
    therefore vulnerable to attack.
  • No method for provisioning WEP keys to clients.
  • Limitations of MAC Address Filtering
  • Scalability - Must be administered and propagated
    to all APs. List may have a size limit.
  • No way to associate a MAC to a username.
  • User could neglect to report a lost card.
  • Attacker could spoof an allowed MAC address.

39
Possible Solutions
  • VPN Connectivity
  • PPTP
  • L2TP
  • Third Party
  • IPSec
  • Many vendors
  • Password-based Layer 2 Authentication
  • Cisco LEAP
  • RSA/Secure ID
  • IEEE 802.1x PEAP/MSCHAP v2
  • Certificate-based Layer 2 Authentication
  • IEEE 802.1x EAP/TLS

40
WLAN Security Comparisons
41
802.1X
  • Defines port-based access control mechanism
  • Works on anything, wired and wireless
  • Access point must support 802.1X
  • No special encryption key requirements
  • Allows choice of authentication methods using EAP
  • Chosen by peers at authentication time
  • Access point doesnt care about EAP methods
  • Manages keys automatically
  • No need to preprogram wireless encryption keys

42
802.1X using EAP/TLS or MSCHAPv2
802.11/.1XAccess Point
RADIUS (IAS)
Server Certificate
Domain User/Machine Certificate
3, 5, 7
1, 2, 6
EAP Connection
4
Certification Authority
Laptop
Domain Controller
DHCP
Exchange
File Server
43
Wi-Fi Protected Access (WPA)
  • A specification of standards-based, interoperable
    security enhancements that strongly increase the
    level of data protection and access control for
    existing and future wireless LAN systems
  • Goals
  • Enhanced Data Encryption
  • Provide user authentication
  • Be forward compatible with 802.11i
  • Provide non-RADIUS solution for Small/Home
    offices (WPA-PSK)
  • Products shipping

44
Best Practices
  • Use 802.1x authentication
  • Organize wireless users and computers into groups
  • Apply wireless access policies using Group Policy
  • Use EAP/TLS and 128 bit WEP
  • Set clients to force user authentication as well
    as machine authentication
  • Develop a method to manage rogue APs such as LAN
    based 802.1x authentication and wireless sniffers.

45
What Firewalls Do NOT Protect Against
  • Malicious traffic that is passed on open ports
    and not inspected by the firewall
  • Any traffic that passes through an encrypted
    tunnel or session
  • Attacks after a network has been penetrated
  • Traffic that appears legitimate
  • Users and administrators who intentionally or
    accidentally install viruses
  • Administrators who use weak passwords

46
Understanding Application and Database Attacks
Common application and database attacks include
Buffer overruns
  • Write applications in managed code

SQL injection attacks
  • Validate input for correct size and type

47
Attacks Buffer Overflow
  • Aka the Boundary Condition Error Stuff more
    data into a buffer than it can handle. The
    resulting overflowed data falls into a precise
    location and is executed by the system
  • Local overflows are executed while logged into
    the target system
  • Remote overflows are executed by processes
    running on the target that the attacker
    connects to
  • Result Commands are executed at the privilege
    level of the overflowed program

48
Attacks Input validation
  • An process does not strip input before
    processing it, ie special shell characters such
    as semicolon and pipe symbols
  • An attacker provides data in unexpected fields,
    ie SQL database parameters

49
Implementing Application Layer Filtering
Application layer filtering includes the
following
  • Web browsing and e-mail can be scanned to ensure
    that content specific to each does not contain
    illegitimate data
  • Deep content analyses, including the ability to
    detect, inspect, and validate traffic using any
    port and protocol

50
Session Summary
  • Introduction/Defense in Depth
  • Using Perimeter Defenses
  • Using ISA Server to Protect Perimeters
  • Using ICF to Protect Clients
  • Protecting Wireless Networks

51
(No Transcript)
52
Questions and Answers
Write a Comment
User Comments (0)
About PowerShow.com