Multi Layered Security for

1
Multi Layered Security for the Microsoft
Enterprise
2
Are you really protected?

• Approximately 70 of all Web attacks occur at
  the application layer
• Network layer firewalls are not enough
• Attacks are more sophisticated, malware,
• phishing, Trojans, virus,
• HTTP(S) has become a transport protocol because
  it is the universal firewall bypass (port 80)

3
Opening up Web Access to Business
The Risks

• Email and dominance of Exchange unremitting OWA
  Mobile Email OMA
• Spiralling Use of Web Enabled Applications
• 80 of Enterprise Internet traffic is now http
• Application level attacks- 70 of attacks
• Web borne malware spyware, P2P, keylogging
• Availability of unregulated network applications
• Unknown threats email, worms, viruses

Increased access exposes business to risk Web
access is essential to business agility and
adaptability
4
Business Dynamics in Security

• Application level threats Application
  firewall
• Web applications to dominate Web security
  strategy
• Spontaneous threats Real-time protection
• Cost of security rising Consolidate costs
• Complexity management Simplify

5
Penetration of Microsoft in the enterprise

• Over 70 of Enterprises Growing
• Enterprise infrastructure applications
• Exchange continues to grow dominate
• OMA OWA ubiquity of access
• Complete messaging environment
• Active Directory the core to any security
  strategy
• IIS Web Server
• Sharepoint Collaboration server
• LCS Live Communication Server
• Biz Talk B to B collaboration server
• Result Microsoft becomes even more Critical to
  doing business

6
What is the NS Series Family of Appliances?
Full-featured security appliances

• Application Protection Powered by Microsoft
  Internet Security and Acceleration Server (ISA)
  2004
• Application firewall
• Cache
• VPN
• Integrated Websense Security Suite
• Hardened appliances from industry specialist
• Advanced appliance system management features

7
NS Series -Key Deployment Scenarios

• Application Protection- Defense in Depth
• 2nd layer of defence
• Complement existing firewalls
• Add Application protection

• Protect Exchange and Web Servers
• Remote e-mail e.g. OWA
• Protection at the edge
• Web SSL inspection

• Branch Offices
• Caching saves on network costs
• VPN and Firewall built-in
• Improve user productivity

• Comprehensive Web Security
• NEI ISA Appliance is the platform
• Websense Security Suite
• Forward / Reverse proxy

8
NS Series unique protection with ISA 2004

• SSL to SSL BridgingAll traffic, including
  encrypted content, is subjected to detailed
  inspection.
• Exchange RPC FilterNative Outlook clients use
  RPC to communicate with Exchange. The filter
  allows only valid Exchange traffic from
  pre-authenticated users to access Exchange.
• Simple Pre AuthenticationUses Microsoft
  proprietary authentication form used by Exchange
  to verify credentials at the firewall before
  connecting to Exchange. Seamless integration
  with Active Directory.
• Secure access to Exchange from Anywhere
• through Outlook Web Access (OWA)
• through Outlook Mobile Access (OMA)
• through RPC and RPC/HTTPS (Native Outlook Client)

9
Basic authentication delegation
Application Layer Filtering with NS Series
Protection of Microsoft Server Productssuch as
OWA, Exchange, IIS, Sharepoint
NS Series/ISA can stop server attacks at the
perimeter, even over encrypted SSL!!!
Server prompts for authentication any Internet
user can access this prompt
NS Series/ISA pre-authenticates users before
passing the defined network perimeter!
NS Series can decrypt and inspect SSL traffic in
context of the application!
ISA Application Layer Filtering Advanced
filtering of multiple protocols with contextual
knowledge of the applications!! Who better than
Microsoft to understand Microsoft applications??
(e.g. RPC Filter)
It still works with SSL because the SSL tunnel is
terminated at the firewall!
Next, youve just put a giant hole through your
traditional firewall and defeated any ability to
inspect the traffic because they have no ability
to inspect encrypted content!!!
No!! SSL is Privacy not security!! First, an
Unauthenticated User has now passed the perimeter
you established with your traditional firewall
and reached your server!!!
Set up an SSL tunnel to protect the privacy of
the data transferred. Good idea this is secure
right???
Dont throw out those other firewalls yet! They
can still be valuable in a defense-in-depth
scenario!
And, youve defeated the ability for the
traditional firewall AND any IDS/IPS to inspect
the traffic!!!
ISA Server ALF
Authentication can be accomplished through Active
Directory, Radius or RSA SecureID Again, BEFORE
passing the firewall!
Basic Authentication occurs in clear text. Not a
good thing over the internet so, how do you
protect the privacy of user information?
NS Series Appliance
which allows viruses and worms to pass through
undetected
inspected traffic can be sent to the internal
server re-encrypted or in the clear.
and infect internal servers
10
Why an NS Series Security Appliance?

• Protect users, client devices, and web-facing
  servers from Internet-based threats with an
  appliance uniting ISA Server and Websense and
  NEWS
• Tight integration
• Secure
• Scalable performance
• Continuous protection
• Easy to deploy and manage
• Adds up to low TCO throughout product lifecycle

11
Secure Right from the Start

• Secure firewall and web security applications
• ISA Server 2004 reported vulnerabilities Zero
• Full Websense Web Security Suite
• Purpose-built hardened/headless appliance
• All extraneous services removed
• Unsecured connections not allowed

12
Built to Stay Secure

• Network Engines Web Services (NEWS) updates all
  on-board software
• Experts qualify and test updates
• Scheduled downloads eliminate searches
• Automatic installation eliminates misapplication
• Simplified configuration management
• Simplicity increases coverage, reduces error
• Configuration backup speeds error-free recoveries

13
A High-performance Appliance Family

• Scalable set of platforms optimally configured as
  web proxy cache servers
• lt100 to 5,000 users
• Multiple processors
• Variety of NICs

14
Reliability Beyond Generic Servers

• 11 automatic failover
• Dual ISP failover
• Off-box configuration backup
• Fault-tolerant high-end
• Hot-swap mirrored disk drives
• Hot-swap power supplies

15
Web Security Made Simple

• Integration
• Security
• Performance
• Continuous protection
• Ease-of-use
• The most cost-effective solution for
  full-featured web security(111 4)

16
NS Series Websense Web Security Suite
Stops modern threats and exploits
LAN

• NS Series plus Websense Security Suite
• Secures and controls Web, IM, and P2P access
• Accelerates Web content downloads

NS Series plus protects critical Microsoft
server assets with positive protection
VPN
Porous Perimeter Firewall
Remote User
INTERNET
Infected Website
17
Ease of Use Low TCO

• Installs fast
• Configures fast
• Tools simplify integration
• Management alerts speed remediation
• Secure web-based management
• Fast, reliable update management
• Easily configurable failover

18
Integrated Web Security is a Must!
19
Customer Value Proposition

• Multi Layered Security
• Proxy based HTTP/HTTPS protocol inspection
• Secure Web Server Publishing
• Application layer inspection (OWA/OMA)

• Web Authentication Delegation
• Spyware, Key logger, MMC,
• and Phishing threat mitigation
• IM/P2P protection
• Real time updates

• Management
• Remote Configuration
• and backup management
• Web Content filtering / classification /
  access management
• Network bandwidth management / control
• Filtering by protocol / application
• Mobile client management

• Productivity
• Reverse and Forward proxy cache
• Network bandwidth management
• Protocol management and restriction
• Website access restriction

20
Thank you