ISA Server 2004

1
ISA Server 2004
2
Microsofts Goals

• Security is a top priority for Microsoft, and we
  are committed to helping our customers protect
  their intellectual property and data
• Remediation
• Innovation

3
Security Issues Today
The Soft Underbelly
4
Customer Impact
Application Layer Attacks
Implications
Compliance Sarbanes Oxley Gramm Leach Bliley US
Patriot HIPPA The Privacy Act (CA) Litigation
File Sharing Piracy HR Issues
Shareholder Suits
Identity Theft Web Site Defacement Unauthorized
Access Modification of Data, Logs and
Records Theft of Proprietary Information Service
Disruption
5
Security - Defense In Depth

• Perimeter Defenses Packet Filtering, Stateful
  Inspection of Packets, Intrusion Detection
• Network Defenses VLAN Access Control Lists,
  Internal Firewall, Auditing, Intrusion Detection
• Host Defenses Server Hardening, Host Intrusion
  Detection, Auditing
• Application Defenses Validation Checks, Verify
  HTML / Cookies Source, Secure IIS
• Data and Resources Databases, Network Services
  and Applications, File Shares

Perimeter Defenses
Network Defenses
Assume Prior Layers Fail
Host Defenses
Application Defenses
Data and Resources
6
TWC At The Perimeter

• Security in depth begins at the perimeter
• Limits access from outside to known ports
• Blocks reconnaissance
• Blocks casual trespass
• The central place to enforce network policy
• Privacy in depth ends at the perimeter
• Can block known ports used by Trojans
• Reliability enabled at the perimeter
• Keeps DoS attacks on the outside
• Manages network load with proxy cache
• Integrity enabled at the perimeter
• VPN termination creates virtual company network

7
Traditional Firewalls
8
Perimeter Security Evolution
9
Introducing ISA Server 2004
The advanced application layer firewall, VPN and
Web cache solution that enables customers to
maximize IT investments by improving network
security performance
10
Microsoft ISA Server 2004
Multi-layer firewall, VPN and Web cache solution
What it is
Secures the network edge with advanced
application-layer protection
What it does

• Application-aware intelligent security with
  stateful inspection protects against the latest
  types of threats
• Easy to use and rich management tools reduce TCO
  and help prevent firewall misconfiguration
• An integrated solution that enabled diverse
  deployment scenarios with secure anytime /
  anywhere access to applications and data
• Enhances user productivity with fast web access,
  protects network infrastructure investments

Key Features
11
Microsoft ISA Server 2004

• Next-generation security

New features
12
Application Layer Filtering

• Modern threats call for deep inspection
• Protects network assets from exploits at the
  application layer Nimda, Slammer...
• Provides the ability to define a fine grain,
  application level, security policy
• Best protection for Microsoft applications
• Application filtering framework
• Built in filters for common protocols
• HTTP, SMTP, RPC, FTP, H.323, DNS, POP3, Streaming
  media
• Scenario-driven design
• Extensible plug-in architecture

13
Industry-Leading Performance

• Optimized performance architecture
• Industry-leading application filtering
  performance
• Optimized for real life usage scenarios
• Scale up with additional CPUs

14
Ease of Use

• Unified firewall policy
• Keeps administration costs low
• Simplified administration tools
• Reduces training costs

15
Task-Based Administration

• All tools for common tasks in one place
• Reduced risk of misconfiguration

16
Monitoring and Reporting

• Real-time monitoring for troubleshooting
• Variety of report formats summarizes Internet
  activity and performance

17
Adjusts to Network Changes

• Flexibility to support most network types
• Templates simplify many deployments
• Fast, easy deployment

18
ISA Server 2004Architecture
19
Network Design

• Any number of networks
• Packet filteringon all interfaces
• NAT or routingbetween networks
• VPN as network
• Local host asnetwork
• Per-network policies
• Any topology, any policy

ISA 2004
Local HostNetwork
20
Comprehensive Protection

• Filtering at all levels

ISAServer
Enterprise Policy Store (EE)
Web Filters
Application Filters
Web Proxy Filter
Local Policy Store
Firewall Service
PolicyEngine
TCP/IP
Firewall Engine
21
Extensibility
22
Firewall Policies

• Flexible Rule Structure

• Destination network
• Destination IP address
• Destination site

• Allow
• Deny

• User
• Group

action on traffic from user from source to
destination with conditions

• Source network
• Source IP address

• Protocol
• IP Port / Type

• Published server
• Published Web site
• Schedule
• Filtering properties

23
Enabling DiverseCustomer Scenarios
24
Such As

• Secure e-mail access via the Internet
• Enable web applications on the Internet
• Secure partner connectivity
• Secure remote access
• Remote branch office
• Rich internet access policies
• Fast user web access
• Protect users from malicious traffic

25
Controlling E-Mail Traffic

• The challenges of controlling e-mail traffic
• VPN? Outlook? OWA? IMAP4? POP3?
• Malformed SMTP, malicious attachments
• ISA Server helps protect mail servers
• Easy configuration of client access using a
  wizard
• Support for all major mail protocols
• Content filtering of SMTP-based e-mail
• Support for Outlook Web Access (OWA)
• Content inspection
• Attachment blocking
• Strong authentication

26
Outlook Client Access

• The challenge of providing access for Outlook
  clients
• RPC cannot pass securely across traditional
  firewalls because requires secondary ports
• ISA Server helps secure RPC traffic
• Application-layer filtering allows only traffic
  that is negotiated between client and server
• ISA Server can enforce RPC encryption

TCP 135
Client Port for 12341234-1111-2222-3333-11bb...
?
Server Port 4402
RPC server (Exchange)
RPC client (Outlook)
Client Data Exchange over port 4402
Server maintains table of RPC services
27
Blocking Web Server Attacks

• The challenge of securing Web servers
• Web servers are under constant attack from the
  Internet
• Most of todays attacks against Web servers are
  contained in HTTP requests
• ISA Server blocks attacks before they reach Web
  servers
• Application-layer filtering inspects the content
  of HTTP requests and responses
• Administrator-defined filters can block virtually
  any traffic pattern while allowing legitimate
  traffic

28
Blocking Embedded ProtocolsHTTP deep content
inspection example
In the beginning P2P apps used fix ports
The deep HTTP protocol inspection
Your Firewall can block fixed ports.
Applications got smarter
Applications started to use the HTTP Protocol as
a transport protocol.
P2P
IM
Admins had granular control of their networks
traffic
ISA Server 2004 gives you back that control
While good for users, administrators lost
granular control of their networks
Blocks tunneled traffic at the edge
Tunneling Software
29
Inspecting Encrypted Traffic

• The challenge of encrypted Web traffic
• Traffic to Web servers must be encrypted to
  ensure confidentiality, but encrypted traffic
  bypasses firewall inspection
• ISA Server SSL Bridging
• SSL Traffic to your Web server is encrypted
  across the Internet, ensuring confidentiality
• ISA Server decrypts the traffic, performing
  application-layer inspection to help secure the
  Web server
• ISA Server forwards allowed traffic to Web server

SSL
SSL
SSL or HTTP
30
VPN Access

• The challenge of providing VPN access
• Configuring secure remote access is
  time-consuming, difficult and expensive. Remote
  clients extend the perimeter of the corporate
  network.
• VPNs with ISA Server
• Client or site-to-site VPN connections
• Utilizes VPN features in Windows Server 2003
• Supports PPTP and L2TP/IPsec, IPsec Tunnel Mode
• Integration with third-party VPN servers
• Full integration with firewall policy
• Easy configuration using wizards
• Network quarantine

31
Accelerating Internet Access

• The challenge of providing fast Internet access
• Insufficient bandwidth hampers productivity,
  providing more bandwidth is expensive
• ISA Server accelerates access to Web content and
  decreases bandwidth needs
• Web caching keeps local copies of Web content
• Serving content from the cache accelerates
  responses to user requests and saves bandwidth
• No configuration required, but extensive
  customization possible, if desired

Client
ISA Server
Client 2
32
Integrated Solution

• Enterprise-class features for any business
• Realize savings through integration
• One-stop solution for Internet access
• Firewall, access control, caching, publishing,
  and VPN in a single component
• Centralized administration
• Full logging and extensive reporting
• Real-time monitoring

33
Call to Action

• No IIS, Exchange or SQL Server deployment is
  complete without Microsoft ISA Server
• Protect your network from the Internet and
  accelerate Internet access
• Save time and resources by securely connecting
  any size office to the Internet
• Trust a firewall with an excellent track record

34
Reasons to Upgrade

• Improve on Microsoft Internet Security and
  Acceleration Server 2000
• Advanced application-layer protection
• Improved ease of use
• High performance

• Multiple network support
• New policy model
• Application-layer filtering
• Better performance
• Integrated policy enforcement for VPN clients
• VPN client quarantine

• Support for more protocols
• Packet filtering on all interfaces
• Better RPC publishing
• New authentication options
• Real-time monitoring
• Easier administration tools

35
Summary

• ISA Server 2004 Delivers
• Next-generation edge security
• Application-aware
• Integrated solution
• Simplified management
• Enables diverse scenarios
• Key features
• Multi-layer protection
• Secure access to business applications
• Simplified management