Celestix MSA 5000 Series Instrukcja Użytkownika

WhatWhat’’s New in s New in Internet Security & Internet Security & Acceleration (ISA) Acceleration (ISA) Server 2004Server 2004Avinash LotkeA

ISA ServerISA Server’’s View Of A Packets View Of A PacketPacket headers and application content are inspectedPacket headers and application content

ISA Server 2004 New FeaturesISA Server 2004 New FeaturesNew management tools and user interfaceNew management tools and user interfaceMultiMulti--netw

Fast, secure accessFast, secure accessEmpowers you to connect users to relevant info. on your networkEmpowers you to connect users to relevant info. o

PolicyPolicyEngineEngineNDISTCP/IP StackISA 2004 ArchitectureISA 2004 ArchitectureFirewall EngineFirewall EngineFirewallFirewallserviceserviceApplicat

Enterprise EditionEnterprise EditionDifferences for EE over SEDifferences for EE over SE¾¾Increased scalability and availabilityIncreased scalabilit

OS Compatibility and OS Compatibility and MigrationMigrationISA 2004 SEISA 2004 SEMicrosoft WindowsMicrosoft Windows®®2000 Server or 2000 Server or

ISA Server 2004 Top PartnersISA Server 2004 Top PartnersAntivirusAntivirus¾¾McAfee and GFIMcAfee and GFIURL FilteringURL Filtering¾¾SurfControlSur

DemoDemo

CelestixCelestixMSA Series Appliance MSA Series Appliance Lee Wei ShunLee Wei ShunProduct ManagerProduct ManagerCelestix Networks Celestix Networks Pt

Product FeaturesProduct FeaturesTrue APPLIANTIZED version of ISA 2004True APPLIANTIZED version of ISA 2004Optimized appliance form factorOptimized

••90% detected security breaches 90% detected security breaches 66••85% detected computer viruses 85% detected computer viruses 66••95% of all breache

MSA Web UIMSA Web UI

Market Segments AddressedMarket Segments AddressedSmall BusinessSmall Business 1-100 users One or two sites No security staff DSL connectionMidMid

ContactsContactsAsia PacificAsia Pacific+65 6+65 [email protected]@celestix.comNorth AmericaNorth America510510--668668--

Session SummarySession SummaryISA Server 2004 provides many benefitsISA Server 2004 provides many benefits¾¾Advanced application layer firewall Adva

Key takeawaysKey takeawaysDownloadable 120Downloadable 120--day day evalevalat at www.microsoft.com/www.microsoft.com/isaserverisaserverProduct av

© 2004 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or impl

Additional Ref.Additional Ref.

Application Layer FilteringApplication Layer FilteringModern threats call for deep Modern threats call for deep inspectioninspection¾¾Protects netwo

VPN ProtectionVPN ProtectionDetunneledDetunneledtraffic is inspectedtraffic is inspected¾¾Injected back to the stackInjected back to the stack¾¾ISA

VPN QuarantineVPN QuarantineVPN Quarantine ensures the security VPN Quarantine ensures the security and configuration of clients connected and confi

Application Layer AttacksApplication Layer AttacksIdentity TheftIdentity TheftWeb Site Web Site DefacementDefacementUnauthorized Unauthorized AccessAc

Customer example: VPN QuarantineCustomer example: VPN QuarantineConsists of five componentsConsists of five components¾¾Quarantine Policy Service Qu

Engine Security EnhancementsEngine Security EnhancementsFloodFlood--DoS protectionDoS protection¾¾SYNSYN--flood protectionflood protection¾¾Client c

Authentication FrameworkAuthentication FrameworkMulti source authenticationMulti source authentication¾¾Firewall client authenticationFirewall clien

RADIUS AuthenticationRADIUS AuthenticationFederation through RADIUS proxiesFederation through RADIUS proxiesCan be used for centralized authentica

ISA 2000 (old) Networking ModelISA 2000 (old) Networking ModelInternalNetworkInternetDMZ 1Static PFFixed zonesFixed zones¾¾““ININ””= LAT= LAT¾¾““OUT

ISA 2004 Networking ModelISA 2004 Networking ModelCorpNet_1CorpNet_1CorpNet_nCorpNet_nNet ANet AInternetVPNVPNISA 2004DMZ_nDMZ_nDMZ_1DMZ_1Local HostLo

Network TemplatesNetwork TemplatesObjectiveSimplified network configFeatures• 5 templates• Automatic routing relationships• CustomizableObjectiveSimpl

ISA 2004 Policy ModelISA 2004 Policy ModelSingle, ordered rule baseSingle, ordered rule base¾¾More logical and easier to understandMore logical and

Rule Structure & Policy MappingRule Structure & Policy Mapping Basic ISA 2004 rules:¾ Protocol rules¾ Site and Content rules¾ Static packet f

Visual Policy EditorVisual Policy Editor

Traditional FirewallsTraditional FirewallsWide open to Wide open to advanced attacksadvanced attacksCode Red, Code Red, NimdaNimdaSSLSSL--based at

DashboardDashboardObjectiveCentralized status viewFeatures•Real time• Aggregated• Easy to spot problemsObjectiveCentralized status viewFeatures•Real t

AlertsAlertsObjectiveOne place for all problemsFeatures• Alerts history• Managing alerts• Severity & categoryObjectiveOne place for all problemsFe

SessionsSessionsObjectiveActive sessions viewFeatures• Powerful querymechanism• VPN sessions • Disconnect sessionObjectiveActive sessions viewFeatures

ServicesServicesObjectiveISA and dependent services statusFeatures• Start & stop serviceObjectiveISA and dependent services statusFeatures• Start

ReportsReportsObjectiveComprehensive set of server activity reportsFeatures• Recurring reports• Report categories• Email notification• Report publishi

ConnectivityConnectivityObjectiveMonitor connectivity to critical network servicesFeatures• Request types• Response time &threshold• GroupingObjec

LoggingLoggingObjectiveView of ISA traffic activitiesFeatures• Real-time mode• Historical view • Powerful querymechanismObjectiveView of ISA traffic a

PerformancePerformanceEnhanced ArchitectureEnhanced ArchitectureOptimized for real life usage scenariosOptimized for real life usage scenariosImpr

Updated Firewall ClientUpdated Firewall ClientWhat is the ISA Firewall Client?What is the ISA Firewall Client?¾¾Enables / disables Winsock applicati

Migration PlanningMigration PlanningISA 2000 SE > ISA 2004 SEISA 2000 SE > ISA 2004 SE¾¾Policy migration toolPolicy migration tool¾¾Recommend

Perimeter Security EvolutionPerimeter Security EvolutionWide open to Wide open to advanced attacksadvanced attacksApplicationApplication--level protec

TheTheadvanced application layer firewall, VPN and Web cacheadvanced application layer firewall, VPN and Web cachesolution that enables customers to m

Securely make e-mail available to outside employeesSecurely make eSecurely make e--mail mail available to outside available to outside employeesemploy

ISA Server 2004 New FeaturesISA Server 2004 New FeaturesUpdated security architectureUpdated security architectureAdvanced protectionAdvanced protecti

Application Layer Application Layer ContentContent????????????????????????????????????????????A Traditional FirewallA Traditional Firewall’’s Views Vi