Title: Network and Perimeter Security
1Network and Perimeter Security
- Paula Kiernan
- Senior Consultant
- Ward Solutions
2Session Overview
- Network Perimeter Security
- Protecting the Network
- Virtual Private Networking
3Purpose and Limitations of Perimeter Defenses
- Properly configured firewalls and border routers
are the cornerstone for perimeter security - The Internet and mobility increase security risks
- VPNs have exposed a destructive, pernicious entry
point for viruses and worms in many organizations
- Traditional packet-filtering firewalls only block
network ports and computer addresses - Most modern attacks occur at the application
layer
4Securing the Network Perimeter What Are the
Challenges?
Business partner
Main office
- Challenges Include
- Determining proper firewall design
- Access to resources for remote users
- Effective monitoring and reporting
- Need for enhanced packet inspection
- Security standards compliance
Internet
Wireless
Branch office
Remote user
5What Firewalls Do NOT Protect Against
- Malicious traffic that is passed on open ports
and not inspected by the firewall - Any traffic that passes through an encrypted
tunnel or session - Attacks after a network has been penetrated
- Traffic that appears legitimate
- Users and administrators who intentionally or
accidentally install viruses - Administrators who use weak passwords
6Securing the Network Perimeter What Are the
Design Options?
Three-legged configuration
Bastion host
Internal network
Internal network
Perimeternetwork
Web server
Back-to-back configuration
Internal network
Perimeternetwork
Internet
7Firewall Requirements Multiple-Layer Filtering
8Configuring ISA Server to Secure the Network
Perimeter
- Use ISA Server to
- Provide firewall functionality
- Publish internal resources such as Web or
Exchange servers - Implement multilayer packet inspection and
filtering - Provide VPN access for remote users and sites
- Provide proxy and caching services
WebServer
LAN
WebServer
ISAServer
VPN
Server
Internet
ExchangeServer
Remote User
User
9Implementing Network Templates to Configure ISA
Server 2004
Bastion host
Three-legged configuration
Internal network
Internal network
Perimeternetwork
Web server
Deploy the 3-Leg Perimeter template
Back-to-back configuration
Deploy the EdgeFirewall template
Internal network
Deploy theFront end or Back endtemplate
Perimeternetwork
Internet
Deploy the Single Network Adapter template for
Web proxy and caching only
10Session Overview
- Network Perimeter Security
- Protecting the Network
- Virtual Private Networking
11Protecting the Network What Are the Challenges?
Challenges related to protecting the network
layer include
- Balance between security and usability
- Lack of network-based detection or monitoring
for attacks
12Implementing Network-Based Intrusion-Detection
Systems
Provides rapid detection and reporting of
external malware attacks
Network-based intrusion-detection system
Important points to note
- Network-based intrusion-detection systems are
only as good as the process that is followed once
an intrusion is detected - ISA Server 2004 provides network-based
intrusion-detection abilities
13Implementing Application Layer Filtering
Application layer filtering includes the
following
- Web browsing and e-mail can be scanned to ensure
that content specific to each does not contain
illegitimate data
- Deep content analyses, including the ability to
detect, inspect, and validate traffic using any
port and protocol
14Protecting the Network Best Practices
Have a proactive antivirus response team
monitoring early warning sites such as antivirus
vendor Web sites
ü
Have an incident response plan
ü
Implement automated monitoring and report
policies
ü
Implement ISA Server 2004 to provide intrusion-
detection capabilities
ü
15Session Overview
- Network Perimeter Security
- Protecting the Network
- Virtual Private Networking
16Virtual Private Networking What Are the
Challenges?
VPNs provide a secure option for communicating
across a public network VPNS are used in two
primary scenarios
- Network access for remote clients
- Network access between sites
VPN quarantine control provides an additional
level of security by providing the ability to
check the configuration of the VPN client
machines before allowing them access to the
organizations network
17Understanding Quarantine Networks
Standard features of a quarantine network include
- Typically restricted or blocked from gaining
access to internal resources
- Provides a level of connectivity that allows
temporary visitors computers to work
productively without risking the security of the
internal network
- Currently only available for VPN remote access
solutions
18How Does Network Quarantine Work?
VPN Clients Network
WebServer
DomainController
Quarantine script
Quarantine remote access policy
RQC.exe
ISAServer
DNSServer
FileServer
VPN QuarantineClients Network
19Session Summary
Properly configured firewalls and border routers
are the cornerstone for perimeter security
ü
Use an appropriate firewall design
ü
Firewalls do not protect against bad security
practices
ü
ü
Implement a firewall that provides multiple layer
filtering
ü
ISA Server 2004 provides network-based
intrusion-detection abilities
ü
VPN quarantine control provides an additional
level of security
20Next Steps
- Find additional security training events
- http//www.microsoft.com/seminar/events/security.m
spx - Sign up for security communications
- http//www.microsoft.com/technet/security/signup/d
efault.mspx - Get additional security information on ISA
Server - http//www.microsoft.com/technet/security/prodtech
/isa/default.mspx -
21Questions and Answers
22- pkiernan_at_ward.ie
- www.ward.ie