Enabling Secure Internet Access with ISA Server

1
Enabling Secure InternetAccess with ISA Server
2
What Is Secure Access to Internet Resources?

• Users can access the resources that they need.
• The connection to the Internet is secure.
• The data that users transfer to and from the
  Internet is secure.
• Users cannot download malicious programs from the
  Internet.

3
How ISA Server Enables Secure Access to Internet
Resources

• Implementing ISA Server as a firewall
• Implementing ISA Server as a proxy server.
• Using ISA Server to implement the organizations
  Internet usage policy

4
What is a Proxy Server?

• A proxy server is a server that is situated
  between a client application
• All client requests are sent to the proxy server
• A proxy server can provide enhanced security and
  performance for Internet connections.

5
Configuring ISA Server as a Proxy Server

• User authentication
• Filtering client requests
• Content inspection
• Logging user access
• Hiding the internal network details

6
How Proxy Servers Work?

• Proxy servers can be used to secure both inbound
  and outbound Internet access.
• Forward Proxy Server a proxy server is used to
  secure outbound Internet access
• Reverse proxy server a proxy server is used to
  secure inbound Internet access

Forward Proxy Server
Reverse Proxy Server
7
How Does a Forward Proxy Server Work?
Client makes a request for an object located on
Internet
Check the request
Send the request to Internet
The request is sent to the proxy server
Web Server
Web server response is sent back to the proxy
server.
The object is returned to the client
8
How Does a Reverse Proxy Server Work?
resolve to the IP address
DNS Server
Check the request
send the request to the appropriate server on
internal network
sends the request for the object
make a request for an object on Internal
ISA SERVER
Client
Web Server
Web server response is sent back to the proxy
server
The object is returned to the client
9
Web Proxy Chaining

• Use to forward Web Proxy connections from one
  ISA firewall to another ISA firewall

10
Configuring Web Chaining Rule
11
ISA firewalls Access Policy

• Web Publishing Rules
• Server Publishing Rules
• Access Rules
• Web Publishing Rules and Server Publishing Rules
  are used to allow inbound access
• Access Rules are used to control outbound access.

12
Access Rule Elements

• Protocols
• User Sets
• Content Types
• Schedules
• Network Objects

13
Protocols

• Protocol Type
• Direction
• Port range
• Protocol number
• ICMP properties
• (Optional) Secondary connections

14
User Sets

• All Authenticated Users
• All Users
• System and Network Service

15
Configuring ISA Server Authentication

• Basic authentication
• Digest authentication
• Integrated Windows authentication
• Digital certificates authentication
• Remote Authentication Dial-In User Service

16
Content Types

• Application
• Application data files
• Audio
• Compressed files
• Documents
• HTML documents
• Images
• Macro documents
• Text
• Video
• VRML

17
Schedules and Network Objects

• Schedules
• Work Hours
• Weekends
• Always
• Network Objects used to control the source and
  destination of connections moving through the ISA
  firewall.

18
Configuring Access Rules for OutboundAccess

• By default, ISA Server denies all network traffic
  between networks connected to the ISA Server
  computer.

19
Configuring Access Rules for OutboundAccess
20
The Rule Action Page

• Allow
• Deny

21
The Protocols Page

• All outbound traffic
• Selected protocols
• All outbound traffic except selected

22
The Access Rule Sources Page
23
The Access Rule Sources Page
24
The Access Rule Destinations Page
25
The User Sets Page
26
Access Rule Properties

• The General tab
• The Action tab
• The Protocols tab
• The From tab
• The Users tab
• The Schedule tab
• The Content Types tab