Microsoft Internet Security And Accerlation Server 2000

1
Microsoft Internet Security Acceleration Server
2000 Keren MasterGroup Program ManagerISA
Server TeamMicrosoft Corporation
2
Agenda

• Overview
• Firewall
• Caching
• Management
• Deployment Scenarios
• Extensibility
• ISA Sever and Proxy 2.0

3
Why Firewall

• Internet connectivity is part of todays business
  requirements
• Benefits
• Access to wide variety of data and resources
• Exposure of company on the Internet
• Risks
• Outside world could gain access to internal
  resources
• Poor configuration may result in security
  breaches

4
Firewall
Online Service
VPN
Online Service
Intruders
Do-It-Smart-Bank Internal Network
5
Forward Caching
Forward Proxy
Internet
ISA Server
Lisas Desktop
6
Reverse Caching
Reverse Proxy
Internet
7
Cache Benefits

• Faster browsing
• Reduce network bandwidth costs
• Reduce stress on web servers
• Increase Performance
• - and -
• Reduce Costs

8
Microsoft ISA Server 2000Secure, Fast Internet
Connectivity
Secure internetworking with a scalable,
multi-layer firewall
Security
Fast access with a scalable, high performance Web
cache
Performance
Robust policy and management, integrated with
Windows 2000
Management
Extensibility
Superior platform for extension and customization
9
Firewall

• Secure internetworking with a scalable,
  multi-layered firewall

10
Multi-Layered Firewall
Firewall Service
Traffic Control
ApplicationFilters
Access Control
Authentication
Transparency
Protocols Support
Packet Filter
Static Filters Dynamic Filters
11
Smart Application Filters

• Protocol aware filters
• Inspect the traffic
• Intelligent filtering out-of-the-box
• HTTP Web request caching
• SMTP Traffic filtering
• Streaming media Stream splitting
• FTP Read only restriction
• H.323 NetMeeting through the firewall

12
SecureNAT - Network Address Translation
Internal Network
13
Secure Publishing
Publishing Server
Internal Network
14
Intrusion Detection
15
VPN Integration

• Fully integrated VPN capabilities
• Choice of VPN tunneling
• L2TP/IPSec
• PPTP
• Support both connectivity options
• Server to Server
• Client to Server
• Simplified setup through wizards

16
Caching

• Scalable, high performance Web cache

17
ISA Web Proxy Features

• Protocols HTTP 1.1, FTP
• Multiple cache routing topologies
• High performance cache
• Cache pre Fetching
• Advanced authentication

18
Optimized Cache Store
RAM Caching

• hot content served from RAM
• Scales

• Efficient disk store
• Batch mode disk update
• Scales

19
CARP ISA Arrays
Client Side
Server Side
ISA or browser
ISA or browser
Downstream ISA/Client implements routing
algorithm
Downstream ISA/Client DOES NOT implement routing
algorithm
20
Hierarchical Caching
New York
San Francisco
Toronto
21
Management

• Tiered policy and flexible management integrates
  with Windows 2000

22
ISA Server Policy

• Rich Set of Rules
• Consolidated Management
• Cache, Firewall
• Tiered Policy Architecture
• Integration with Windows 2000

23
Enterprise Level

• Top-down approach to building policy, based on
  least common denominator
• E.g. Everyone needs to use HTTP

• Set multiple enterprise policies
• Each can be individually secured
• Decentralized model

24
Access Control with Policy Rules

• Enterprise array-level
• Access control
• By user/group
• By application
• By destination
• By content type
• By schedule
• Bandwidth priorities

25
ISA Administration Wizards and Tasks Pads

• Wizards
• Simple easy, policy definition
• Tasks Pads
• The easy way to set up and
• maintain

26
Bandwidth Control Rules

• Impose bandwidth policy via UI
• Manage inbound and outbound network traffic
  independently
• Adds this layer on top of Windows 2000 QoS
• QoS traffic control IP queuing using flows

27
ISA Alerts

• Events triggers alerts

ISA Server
28
Logging

• Logging components
• Log types
• Customizable

29
Reporting
30
Deployment Scenario

• Scaleable

31
Common Deployments
Small Organization
Internet
ISA Server
32
Deployments Cont.
Medium Org Enterprise
Internet
ISA Server Array
33
Deployments Cont.
Firewall Chaining
ISA Server
Internet
Main
Leased line / VPN connection
ISA Server
Branch
34
DMZ Secure Publishing
DMZ 2
Internet
ISA 2
ISA 1
Intranet
DMZ 1
35
Extensibility

• Superior platform for extension and customization

36
Extensibility Mechanisms

• Application filters
• Web filters
• Administration COM object
• Cache API
• Alerts

37
ISA Server and Proxy 2.0
38
Security

• Multi-Layered Firewall
• Extensible application filters
• Transparency (SecureNAT)
• SMTP filter
• Streaming media splitting
• H.323 filter Gatekeeper
• Configuring Exchange server behind firewall
• VPN integration
• Intrusion detection
• System hardening
• Server publishing
• Firewall Service
• Dynamic Packet Filter
• Socks

NEW
NEW
NEW
NEW
NEW
NEW
NEW
NEW
NEW
NEW
Enhanced
Enhanced
Enhanced
39
Performance

• CARP
• Hierarchical Caching
• RAM caching
• Advance disk storage
• Scheduled content download
• NTLM Kerberos authentication
• Dual-hop SSL

Enhanced
Enhanced
NEW
NEW
NEW
Enhanced
NEW
40
Management

• Enterprise policy
• Schedules
• Active Directory integration
• MMC-based UI
• Task Pads, Wizards
• Fully Scriptable
• Customizable alerts
• Logging
• Integrated reporting
• Bandwidth control
• Modular installation
• Client deployment

NEW
NEW
NEW
Enhanced
NEW
Enhanced
NEW
Enhanced
NEW
NEW
NEW
NEW
41
Extensibility

• Application filters
• Web filters
• Administration COM object
• Cache API
• Extensible UI (MMC)

NEW
Enhanced
NEW
NEW
NEW
42
Summary ISA Server

• Secure, fast Internet connectivity
• Enterprise ready
• Multi-layered firewall
• High-performance cache
• Flexible management
• A platform for customization and extension

43
For More Information

• Additional ISA Sessions
• Caching and Acceleration with Microsoft ISA
• Securing the Network with Microsoft ISA Server
• Microsoft ISA Server Enterprise Deployment
• Microsoft ISA Server extensibility
• http//www.microsoft.com/ISAServer