Title: Introduction to ISA 2004
1Introduction to ISA 2004
Dana Epp Microsoft Security MVP
2(No Transcript)
3Who am I?
4Microsoft Windows Security MVP
5Information Security Professional
6Computer Security Software Architect
7Small Business Owner
8What do I know about firewalls?
9Ive written firewall code
10(No Transcript)
11Ive deployed firewalls(big and small)
12(No Transcript)
13(No Transcript)
14(No Transcript)
15- 100s of small businesses
- Many different verticals
- Manufacturing
- Medical
- Professional Services
- Educational
- Financial
- etc
16Ive invented new firewalls
17(No Transcript)
18I know a bit about them.
19ISA Server 2004
caching
caching
Content filtering
application publishing
content filtering
application publishing
advanced application layer firewall
advanced application layer firewall / vpn
20Whats the differencebetween ISA and other SMB
firewalls?
21Differences in SMB Firewalls
Typical Hardware Firewall
Advanced Hardware Firewall
Microsoft ISA 2004
NAT Device
Simple Ingress Filtering
Simple Egress Filtering
Complex Ingress Filtering
Rarely available
Complex Egress Filtering
Application Content Filtering
Virtual Private Networking
Web Caching
Some have limited VPN
AD Authentication
22Patch management issues for the firewall
23Whats the important difference?
24A traditional firewalls view of a packet
- Only packet headers are inspected
- Application layer content appears as black box
25Problem. UFBP!
26ISA Servers view of a packet
27Whats new in ISA 2004?
28Updated security architecture
Advanced Protection Application layer security
designed to protect Microsoft applications
Deep content inspection
- Enhanced, customizable HTTP protocol filters
- Comprehensive and flexible policies
- Stateful routing for all IP protocols
Enhanced Exchange Server Integration
- Support for Outlook RPC over HTTP
- Enhanced Outlook Web Access security
- Easy to use configuration wizards
Fully integrated VPN
- Unified firewall -- VPN filtering
- Site-to-site IPsec Tunnel Mode support
- Network access quarantine
Secure Internet Information Server and SPS
- SSL Bridging for IIS and SPS
- Easy to use Web publishing wizards
- AD, RADIUS, SecurID authentication
29New management tools and UI
Ease of Use Efficient and cost effective network
security
Multi-network architecture
- Unlimited network definitions and types
- Firewall policy applied to all traffic
- Per network routing relationships
Network templates and wizards
- Wizard simplifies routing configuration
- Easy setup for common network topologies
- Easily customized for sophisticated scenarios
Visual policy editor
- Firewall policy with single, ordered rule-base
- Drag and drop editing, scenario-driven wizards
- XML-based configuration import and export
Enhanced trouble-shooting
- Monitoring dashboard
- Real-time log viewer
- Content sensitive task panes
30Commitment to integration
Fast, Secure Access Empowers you to connect users
to relevant information on yournetwork in a cost
efficient manner
Enhanced architecture
- High speed data transport
- Utilizes latest Windows and PC hardware
- High speed application filtering platform
Web cache
- Updated policy rules
- Serve content locally
- Pre-fetch content during low activity periods
Internet access control
- User- and group-based Web usage policy
- Extensible by third parties
Comprehensive authentication
- New support for RADIUS and RSA SecurID
- User- and group-based access policy
- Third-party extensibility
31Sample Scenarios
32Scenario Securely make email available to
outside employees
33Solution Outlook over RPC, OMA, Virtual Private
Networking
34Scenario Control Internet access and protect
clients from malicious Internet traffic
35Solution Content filtering, scheduled access,
firewall client
36Scenario Ensure fast access to the most
frequently used web content
37Solution Web Proxy
38Call to Action
- Give ISA 2004 a try
- Consider buying SBS Premium instead of SBS
Standard. - If managing hardware firewalls, CHECK FOR
FIRMWARE UPDATES.
39For more information
- Amys ISA in SBS blog
http//isainsbs.blogspot.com - ISA Server Resource site
http//www.isaserver.org - Danas security blog
http//silverstr.ufies.org - Firewall Dashboard http//www.scorpionsof
t.com
Dana Epp Microsoft Security MVP