Network and Perimeter Security

1
Network and Perimeter Security

• Paula Kiernan
• Senior Consultant
• Ward Solutions

2
Session Overview

• Network Perimeter Security
• Protecting the Network
• Virtual Private Networking

3
Purpose and Limitations of Perimeter Defenses

• Properly configured firewalls and border routers
  are the cornerstone for perimeter security
• The Internet and mobility increase security risks
• VPNs have exposed a destructive, pernicious entry
  point for viruses and worms in many organizations
  
• Traditional packet-filtering firewalls only block
  network ports and computer addresses
• Most modern attacks occur at the application
  layer

4
Securing the Network Perimeter What Are the
Challenges?


Business partner
Main office

• Challenges Include
• Determining proper firewall design
• Access to resources for remote users
• Effective monitoring and reporting
• Need for enhanced packet inspection
• Security standards compliance

Internet

Wireless

Branch office
Remote user
5
What Firewalls Do NOT Protect Against

• Malicious traffic that is passed on open ports
  and not inspected by the firewall
• Any traffic that passes through an encrypted
  tunnel or session
• Attacks after a network has been penetrated
• Traffic that appears legitimate
• Users and administrators who intentionally or
  accidentally install viruses
• Administrators who use weak passwords

6
Securing the Network Perimeter What Are the
Design Options?
Three-legged configuration
Bastion host
Internal network
Internal network
Perimeternetwork
Web server
Back-to-back configuration
Internal network
Perimeternetwork
Internet
7
Firewall Requirements Multiple-Layer Filtering
8
Configuring ISA Server to Secure the Network
Perimeter

• Use ISA Server to
• Provide firewall functionality
• Publish internal resources such as Web or
  Exchange servers
• Implement multilayer packet inspection and
  filtering
• Provide VPN access for remote users and sites
• Provide proxy and caching services

WebServer
LAN
WebServer
ISAServer
VPN
Server
Internet
ExchangeServer
Remote User
User
9
Implementing Network Templates to Configure ISA
Server 2004
Bastion host
Three-legged configuration
Internal network
Internal network
Perimeternetwork
Web server
Deploy the 3-Leg Perimeter template
Back-to-back configuration
Deploy the EdgeFirewall template
Internal network
Deploy theFront end or Back endtemplate
Perimeternetwork
Internet
Deploy the Single Network Adapter template for
Web proxy and caching only
10
Session Overview

• Network Perimeter Security
• Protecting the Network
• Virtual Private Networking

11
Protecting the Network What Are the Challenges?
Challenges related to protecting the network
layer include

• Balance between security and usability
• Lack of network-based detection or monitoring
  for attacks

12
Implementing Network-Based Intrusion-Detection
Systems
Provides rapid detection and reporting of
external malware attacks
Network-based intrusion-detection system
Important points to note

• Network-based intrusion-detection systems are
  only as good as the process that is followed once
  an intrusion is detected
• ISA Server 2004 provides network-based
  intrusion-detection abilities

13
Implementing Application Layer Filtering
Application layer filtering includes the
following

• Web browsing and e-mail can be scanned to ensure
  that content specific to each does not contain
  illegitimate data

• Deep content analyses, including the ability to
  detect, inspect, and validate traffic using any
  port and protocol

14
Protecting the Network Best Practices
Have a proactive antivirus response team
monitoring early warning sites such as antivirus
vendor Web sites
ü
Have an incident response plan
ü
Implement automated monitoring and report
policies
ü
Implement ISA Server 2004 to provide intrusion-
detection capabilities
ü
15
Session Overview

• Network Perimeter Security
• Protecting the Network
• Virtual Private Networking

16
Virtual Private Networking What Are the
Challenges?
VPNs provide a secure option for communicating
across a public network VPNS are used in two
primary scenarios

• Network access for remote clients
• Network access between sites

VPN quarantine control provides an additional
level of security by providing the ability to
check the configuration of the VPN client
machines before allowing them access to the
organizations network
17
Understanding Quarantine Networks
Standard features of a quarantine network include

• Typically restricted or blocked from gaining
  access to internal resources

• Provides a level of connectivity that allows
  temporary visitors computers to work
  productively without risking the security of the
  internal network

• Currently only available for VPN remote access
  solutions

18
How Does Network Quarantine Work?
VPN Clients Network
WebServer
DomainController
Quarantine script
Quarantine remote access policy
RQC.exe
ISAServer
DNSServer
FileServer
VPN QuarantineClients Network
19
Session Summary
Properly configured firewalls and border routers
are the cornerstone for perimeter security
ü
Use an appropriate firewall design
ü
Firewalls do not protect against bad security
practices
ü
ü
Implement a firewall that provides multiple layer
filtering
ü
ISA Server 2004 provides network-based
intrusion-detection abilities
ü
VPN quarantine control provides an additional
level of security
20
Next Steps

• Find additional security training events
• http//www.microsoft.com/seminar/events/security.m
  spx
• Sign up for security communications
• http//www.microsoft.com/technet/security/signup/d
  efault.mspx
• Get additional security information on ISA
  Server
• http//www.microsoft.com/technet/security/prodtech
  /isa/default.mspx

21
Questions and Answers
22

• pkiernan_at_ward.ie
• www.ward.ie