A apresentação está carregando. Por favor, espere

A apresentação está carregando. Por favor, espere

Microsoft® ISA Server 2006 Visão Geral

Apresentações semelhantes


Apresentação em tema: "Microsoft® ISA Server 2006 Visão Geral"— Transcrição da apresentação:

1 Microsoft® ISA Server 2006 Visão Geral
<SLIDETITLE INCLUDE=7>Title Slide</SLIDETITLE> <KEYWORDS>Title</KEYWORDS> <KEYMESSAGE> Welcome to this Microsoft TechNet session on ISA 2006 Technical Overview.</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Hello and Welcome to this Microsoft TechNet session on ISA 2006 Technical Overview. My name is {insert name} </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH=7>Let us start this session by going into more detail on exactly what we will be covering.</TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION> Eduardo Petizme MVP ISA Server Gerente de Infra-Estrutura TI

2 Agenda Introdução ISA 2006 Publicando Aplicações com Segurança
Outlook Web Access Sharepoint Server Proteção da Filial (Branch Office) Melhorias no Firewall e Proxy <SLIDETITLE INCLUDE=7>Agenda: Introduction to ISA 2006 </SLIDETITLE> <KEYWORDS>Agenda</KEYWORDS> <KEYMESSAGE>Agenda</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> We will start today’s session with an Introduction to ISA 2006 in which we will examine the different ISA editions available, appliances, and new features in ISA 2006. [BUILD1] After your introduction to ISA 2006 we will take a closer look into Secure Application Publishing, covering such topics as Security, Management and User access. [BUILD2] Following our discussion on Secure Application Publishing, we will then have an in-depth look at Branch Office Protection and how the new features in ISA 2006 will help your Branch Offices. [BUILD3] Next up is a look at Firewall and Proxy Enhancements in ISA We will see how ISA 2006 increases the security of your network. [BUILD4] Finally, we will take a brief look into monitoring ISA with MOM by using the ISA 2006 Management Pack. </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH=1>First, let’s review what ISA 2006 is.</TRANSITION> <TRANSITION LENGTH=2>First, let’s review what ISA 2006 is.</TRANSITION> <TRANSITION LENGTH=4>First, let’s review what ISA 2006 is.</TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

3 Visão de segurança em profundidade
Firewalls são hoje a primeira linha de defesa Packet Filtering Stateful Inspection Intrusion Detection A maioria absoluta dos firewalls não pode proteger contra novos tipos de ameaças HTTP Tunneling SSL encryption Anonymous connections Filosofia das soluções atuais de segurança tem limitações na tecnologia de inspeção e atualizações Perimeter Defenses Network Defenses Host Defenses Application Defenses Data and Resources

4 Introdução ISA 2006 ISA Server 2006 O que é o ISA 2006?
<SLIDETITLE INCLUDE= 7>Introducing ISA Server 2006</SLIDETITLE> <KEYWORDS>Enterprise, Standard, ISA, 2006, Edition</KEYWORDS> <KEYMESSAGE> This is a firewall overview. </KEYMESSAGE> <SLIDEBUILDS>5</SLIDEBUILDS> <SLIDESCRIPT> Microsoft Internet Security and Acceleration, or ISA Server 2006 is the advanced application layer firewall, VPN, and Web cache solution that enables you to easily maximize existing IT investments by improving network security and performance. [BUILD1] A firewall is a set of related programs that protects the resources of a private network from users from other networks, such as the Internet. A firewall is usually installed in a specially designated computer separate from the rest of the network so that no incoming request can directly access private network resources. [BUILD2] A firewall is located at a network gateway server, and has two or more network interfaces. One of these interfaces will generally connect directly to the Internet, while the others will connect to your private LAN. [BUILD3] An enterprise with an intranet that allows its workers access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users have access to. You can also control which Internet resources are available to internal users, such as specific Web sites, or services such as FTP. Basically, a firewall examines each network packet against rules you have defined to determine whether to forward it toward its destination. If a packet matches a rule, the rule is then applied and the packet is either forwarded, or denied at the firewall. If there are no rules that match the packet, then it is generally discarded, since it is a best practice to always have a “deny all” rule that executes last. For example, you may have a rule for HTTP traffic destined for your domain. When an external request comes in, the firewall will examine the packets and then forward them to your internal web server behind the firewall. [BUILD4] A firewall also includes or works with a proxy server that makes network requests on behalf of workstation users, as well as forwarding data to web and servers that are not directly accessible from the Internet. A proxy server also caches frequently requested sites (which improves performance) and protects internal systems from connecting to unknown and untrusted sources on the Internet. Protege recursos Conecta diretamente a Internet à sua rede interna Protege tráfego de rede Atua como um proxy para serviços internos Windows XP e superiores tem ICF

5 Proteção Avançada Inspeção e filtros de pacotes são características dos firewalls tradicionais Na maioria dos ataques hoje ocorrem na camada de aplicação Exemplos: Code Red, Sasser, Blaster Para os firewalls serem efetivos necessitam de examinar o trafégo na camada de aplicação ISA Server foi desenvolvido para prover um eficiente filtro na camada de aplicação Filtros na camada de aplicação optimizando a sua infra-estrutura Microsoft

6 Versões do ISA 2006 ISA 2006 ISA 2006 Enterprise Edition
Standard Edition ISA 2006 Enterprise Edition <SLIDETITLE INCLUDE= 7>ISA 2006 Editions</SLIDETITLE> <KEYWORDS>Enterprise, Standard, ISA, 2006, Edition</KEYWORDS> <KEYMESSAGE>Information about Standard and Enterprise editions.</KEYMESSAGE> <SLIDEBUILDS>2</SLIDEBUILDS> <SLIDESCRIPT> ISA Server 2006 comes in two editions: Standard and Enterprise. [BUILD1] The Standard Edition is suitable for smaller companies that only need one firewall. [BUILD2] The Enterprise Edition is aimed at larger organizations that need fault-tolerant firewalls and the ability to centrally manage multiple firewalls. In addition to improving protection for the sharing of critical business applications over the Internet, ISA Server 2006 Enterprise Edition offers customers enhanced manageability, scalability and availability features to better control the cost of network security. </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH= 1> There are two deployment options for ISA Server 2006. </TRANSITION> <TRANSITION LENGTH= 2> There are two deployment options for ISA Server 2006. </TRANSITION> <TRANSITION LENGTH= 4> There are two deployment options for ISA Server 2006. </TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM>http://www.microsoft.com/isaserver/2006/default.mspx</ITEM> </ADDITIONALINFORMATION>

7 Benefícios ISA 2006 Appliances Content Filtering Protocol Accelerators
Standard Edition Content Filtering Fácil de distribuir Custo efetivo <SLIDETITLE INCLUDE=7>ISA Server 2006 Appliances</SLIDETITLE> <KEYWORDS>Appliances, ISA 2006</KEYWORDS> <KEYMESSAGE>Overview of ISA 2006 appliances</KEYMESSAGE> <SLIDEBUILDS>5</SLIDEBUILDS> <SLIDESCRIPT> You can install the software on separately purchased server hardware, or you can purchase an ISA Server 2006 appliance from leading hardware vendors. [BUILD1] Microsoft has joined with key original equipment manufacturers to bring pre-installed ISA Server 2006–based security appliances to market. These solutions combine the best of ISA Server 2006 with a hardened version of Windows Server 2003 and optimized hardware so they are ready to deploy right out of the box. [BUIILD2] Several hardware vendors have also added additional components and technology to their products, such as protocol accelerators, antivirus gateways, and content filtering software to extend the value of ISA Server 2006 for your infrastructure. Examples of ISA Server add-ons include antivirus, anti-spam, URL filtering, advanced NLB and high availability, and advanced Web filtering [BUILD3] With ISA Server 2004, only Standard Edition was available on an appliance form-factor. Both Standard Edition and Enterprise Edition of ISA Server 2006 will be available on ISA Server appliances. When Enterprise Edition is installed on an appliance, it will provide extended ISA Server capabilities with respect to scalability and high availability through enhancements to NLB and improved caching through Cache Array Routing Protocol. A multi-server monitoring console will allow for enterprise-level management and support for array and enterprise-level policies. Separate configuration using a dedicated Configuration Storage server will also be supported. [BUILD4] ISA Server 2006 appliances will support fully unattended deployment using a USB flash drive. The new Branch Office Deployment Wizard will also be able to be launched, making the ISA Server 2006 appliance a great choice for branch offices. Hardware loaded & tested ISA 2006 Enterprise Edition Configuração Hardened Melhor valor Ferramenta adm. Web Protocol Accelerators Antivirus Gateways Garantia e Suporte

8 O que tem de novo no ISA 2006 Segurança Integrada
Autenticação multi-fator melhorada Delegação de autenticação melhorada BITS caching (SP2 ISA2004) Resistencia flood melhorada (DoS, DDoS) Resistencia worm melhorada Alert triggers e respostas

9 Gerenciamento Eficiente
O que tem de novo no ISA 2006 Gerenciamento Eficiente Administração certificados melhorada Publicar Web load balancing Arquivos de respostas Propagação rápida, otimização de banda Management Pack para MOM 2005

10 O que tem de novo no ISA 2006 Rápido, Acesso Seguro Single sign on
Completo link translation HTTP traffic compression and caching Melhor utilização da banda (Diffserv)

11 Upgrade ISA 2004 para ISA 2006 Versão para mesma versão
Win 2003 SP1 com ISA 2004 SP2 Versão para mesma versão Exemplo: Standard para Standard Backup das políticas, log e cache Upgrade com Instalação Restaurando Backup do ISA 2004

12 demonstração Demo Introdução ISA Server 2006 Modelo de Rede Cache
Explorar a interface Modelo de Rede Cache <SLIDETITLE INCLUDE=7>Demonstration: Introducing ISA Server 2006</SLIDETITLE> <KEYWORDS>Demo, UI, Configure, Perimeter, Cache</KEYWORDS> <KEYMESSAGE>Demonstration</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> In this demo, we will review the new user interface and create the network infrastructure. We will also see how to configure caching to speed up Internet access and create the perimeter network. </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH= 1>Let’s move onto the next item on the agenda, Secure Application Publishing.</TRANSITION> <TRANSITION LENGTH= 2>Let’s move onto the next item on the agenda, Secure Application Publishing.</TRANSITION> <TRANSITION LENGTH= 4>Let’s move onto the next item on the agenda, Secure Application Publishing.</TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

13 Agenda Introdução ISA 2006 Publicando Aplicações com Segurança
Outlook Web Access Sharepoint Server Proteção da Filial (Branch Office) Melhorias no Firewall e Proxy <SLIDETITLE INCLUDE=7>Agenda: Introduction to ISA 2006 </SLIDETITLE> <KEYWORDS>Agenda</KEYWORDS> <KEYMESSAGE>Agenda</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> We will start today’s session with an Introduction to ISA 2006 in which we will examine the different ISA editions available, appliances, and new features in ISA 2006. [BUILD1] After your introduction to ISA 2006 we will take a closer look into Secure Application Publishing, covering such topics as Security, Management and User access. [BUILD2] Following our discussion on Secure Application Publishing, we will then have an in-depth look at Branch Office Protection and how the new features in ISA 2006 will help your Branch Offices. [BUILD3] Next up is a look at Firewall and Proxy Enhancements in ISA We will see how ISA 2006 increases the security of your network. [BUILD4] Finally, we will take a brief look into monitoring ISA with MOM by using the ISA 2006 Management Pack. </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH=1>First, let’s review what ISA 2006 is.</TRANSITION> <TRANSITION LENGTH=2>First, let’s review what ISA 2006 is.</TRANSITION> <TRANSITION LENGTH=4>First, let’s review what ISA 2006 is.</TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

14 Segurança Interesse em segurança Solução
Proteção contra ataques embutidos em conteúdo criptografado SSL Bridging <SLIDETITLE INCLUDE= 7>Security</SLIDETITLE> <KEYWORDS>ISA 2006, Security, Secure Application Publishing</KEYWORDS> <KEYMESSAGE>Security concerns with regards to Application Publishing and ISA 2006’s solutions</KEYMESSAGE> <SLIDEBUILDS>6</SLIDEBUILDS> <SLIDESCRIPT> Along with features found in previous versions of ISA, several new features are included in ISA 2006 to help IT administrators address key security concerns. [BUILD1] As has been the case in the past, there is a need for protection against attacks cloaked in encrypted content. [BUILD2] And, like ISA 2004, ISA 2006 provides SSL Bridging for inspection of encrypted content, better application scalability via offloading SSL processing to the ISA Server, and lower latency via support for SSL hardware accelerators. [BUILD3] Another concern is the need to provide increased security and make better use of Active Directory authentication while accounting for different devices being used for access. [BUILD4] To address this ISA 2006 provides enhanced multi-factor authentication, flexible integration with Active Directory, and customizable forms-based pre-authentication for almost any web application and client device, increasing security and deployment flexibility for web application servers throughout the organization. [BUILD5] Business rules are dictating stronger authentication methods for servers, and mobile users often connect and then walk away without logging off. [BUILD6] In order to overcome these obstacles, ISA 2006 provides easy integration with your existing authentication infrastructure through enhanced authentication delegation, including NTLM, Kerberos, and SecurID, and provides more access control with improved session management that detects non-user traffic through automatic idle-based timeouts. </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH= 1 > ISA 2006, as in previous versions of ISA, can prevent hackers from and exploiting the connections remote users are making to corporate network. </TRANSITION> <TRANSITION LENGTH= 2 > ISA 2006, as in previous versions of ISA, can prevent hackers from and exploiting the connections remote users are making to corporate network. </TRANSITION> <TRANSITION LENGTH= 4 > ISA 2006, as in previous versions of ISA, can prevent hackers from and exploiting the connections remote users are making to corporate network. </TRANSITION> </SLIDETRANSITION><COMMENT></COMMENT> <ADDITIONALINFORMATION><ITEM> </ITEM></ADDITIONALINFORMATION> Aumente a segurança Faça melhor uso da autenticação do AD Autenticação multi-fator melhorada Suporte autenticação LDAP Pré-autenticação baseada em form Delegação autenticação melhorada Gerenciamento de sessão melhorado Métodos de autenticação mais fortes

15 Acesso do Usuário Single sign-on Automatic link translation
<SLIDETITLE INCLUDE= 7>User Access</SLIDETITLE> <KEYWORDS>ISA 2006, User, Access, Login</KEYWORDS> <KEYMESSAGE>How the user experience has changed in ISA 2006</KEYMESSAGE> <SLIDEBUILDS>1</SLIDEBUILDS> <SLIDESCRIPT> In previous versions of ISA remote users could not access internal sites linked in and had to authenticate repeatedly to access different corporate resources. [BUILD1] ISA 2006 provides users with a smoother experience for published Web applications, document libraries, and content through single sign-on and automatic link translation to help ensure secure and consistent access. </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH= 1>Let’s see a demonstration on how to publish servers in ISA 2006.</TRANSITION> <TRANSITION LENGTH= 2>Let’s see a demonstration on how to publish servers in ISA 2006.</TRANSITION> <TRANSITION LENGTH= 4>Let’s see a demonstration on how to publish servers in ISA 2006.</TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM>http://www.microsoft.com/isaserver/2006/sap.mspx</ITEM> </ADDITIONALINFORMATION> Automatic link translation

16 demonstração Demo Publicando Servidores Publicando Sharepoint
Publicando OWA do Exchange Publicando Sharepoint <SLIDETITLE INCLUDE=7>Demonstration: Publishing Servers</SLIDETITLE> <KEYWORDS>OWA, Exchange, Publish</KEYWORDS> <KEYMESSAGE>Demo</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> In this demo we will see how to publish an Exchange server for secure access using Outlook Web Access. </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH= 1>Let’s move onto the next item on the agenda, Branch office protection.</TRANSITION> <TRANSITION LENGTH= 2>Let’s move onto the next item on the agenda, Branch office protection.</TRANSITION> <TRANSITION LENGTH= 4>Let’s move onto the next item on the agenda, Branch office protection.</TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

17 Agenda Introdução ISA 2006 Publicando Aplicações com Segurança
Outlook Web Access Sharepoint Server Proteção da Filial (Branch Office) Melhorias no Firewall e Proxy <SLIDETITLE INCLUDE=7>Agenda: Introduction to ISA 2006 </SLIDETITLE> <KEYWORDS>Agenda</KEYWORDS> <KEYMESSAGE>Agenda</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> We will start today’s session with an Introduction to ISA 2006 in which we will examine the different ISA editions available, appliances, and new features in ISA 2006. [BUILD1] After your introduction to ISA 2006 we will take a closer look into Secure Application Publishing, covering such topics as Security, Management and User access. [BUILD2] Following our discussion on Secure Application Publishing, we will then have an in-depth look at Branch Office Protection and how the new features in ISA 2006 will help your Branch Offices. [BUILD3] Next up is a look at Firewall and Proxy Enhancements in ISA We will see how ISA 2006 increases the security of your network. [BUILD4] Finally, we will take a brief look into monitoring ISA with MOM by using the ISA 2006 Management Pack. </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH=1>First, let’s review what ISA 2006 is.</TRANSITION> <TRANSITION LENGTH=2>First, let’s review what ISA 2006 is.</TRANSITION> <TRANSITION LENGTH=4>First, let’s review what ISA 2006 is.</TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

18 Novas Características de Gerenciamento
Ferramentas automatizadas de conexão VPN Arquivos de respostas em mídia removível Propagação rápida de políticas empresa <SLIDETITLE INCLUDE= 7>New Management Features</SLIDETITLE> <KEYWORDS>Gateway, Management, Off site, ISA</KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>3</SLIDEBUILDS> <SLIDESCRIPT> One concern IT administrators have is that deployment at branch offices and remote locations is difficult because there is no local IT staff to setup the firewall or VPN. A new feature in ISA 2006 provides easy deployment and configuration in branch offices by using automated VPN connectivity tools and answer files on removable media for unattended installation. [BUILD1] Another concern IT administrators have that is significant portion of IT budget is consumed by costs of managing IT infrastructure at remote locations. Another new feature ISA 2006 provides is effective management with faster propagation of enterprise policies, reduced server requirements, and low-bandwidth optimizations. [BUILD2] As with previous versions of ISA, in order to centrally manage branch office security and connectivity and prevent network access downtime Secure remote management of firewall and web cache services is provided. [BUILD3] Also, in order to to deploy into existing IT environments without changing the network architecture ISA 2006, as with previous versions, provides multi-network architecture, network templates and configuration tools to flexibly integrate into existing infrastructure. </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH= 1> One concern that IT administrators may have is that branch office desktops do not get software updates as fast as they should.</TRANSITION> <TRANSITION LENGTH= 2> One concern that IT administrators may have is that branch office desktops do not get software updates as fast as they should.</TRANSITION> <TRANSITION LENGTH= 4> One concern that IT administrators may have is that branch office desktops do not get software updates as fast as they should.</TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM>http://www.microsoft.com/isaserver/2006/bog.mspx</ITEM> </ADDITIONALINFORMATION> Gerenciamento remoto seguro Arquitetura múltiplas redes Templates de rede e ferramentas de configuração

19 Branch Office Gateway Access
Compressão do tráfego HTTP Configurações DiffServ IP <SLIDETITLE INCLUDE=7>Branch Office Gateway Access</SLIDETITLE> <KEYWORDS>Performance, diffserv, bandwidth</KEYWORDS> <KEYMESSAGE>Fast, Secure Access</KEYMESSAGE> <SLIDEBUILDS>2</SLIDEBUILDS> <SLIDESCRIPT> One such new feature specifically addresses the fact that WAN links are expensive and poorly utilized. Through HTTP traffic compression and caching which improves web page load times and reduces WAN costs for users in branch offices. [BUILD1] Another new feature addresses the fact that low priority traffic may override critical application traffic on WAN links, reducing application functionality. In ISA 2006, diffServ IP settings ensure that the highest priority applications get precedence over other network traffic, and better bandwidth utilization and response times is realized for critical Web resources. [BUILD2] Also, as was the case in previous versions of ISA to address the need for enhanced network performance and optimize branch office content delivery, integrated Web caching in corporate data centers, cache server array functionality and distributed hierarchical caching is implemented. </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH= 1>In this next demonstration we will see how to configure a branch office gateway.</TRANSITION> <TRANSITION LENGTH= 2>In this next demonstration we will see how to configure a branch office gateway.</TRANSITION> <TRANSITION LENGTH= 4>In this next demonstration we will see how to configure a branch office gateway.</TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM>http://www.microsoft.com/isaserver/2006/bog.mspx</ITEM> </ADDITIONALINFORMATION> Cache de Web integrado Cache server array Distributed Hierarchical caching

20 Agenda Introdução ISA 2006 Publicando Aplicações com Segurança
Outlook Web Access Sharepoint Server Proteção da Filial (Branch Office) Melhorias no Firewall e Proxy <SLIDETITLE INCLUDE=7>Agenda: Introduction to ISA 2006 </SLIDETITLE> <KEYWORDS>Agenda</KEYWORDS> <KEYMESSAGE>Agenda</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> We will start today’s session with an Introduction to ISA 2006 in which we will examine the different ISA editions available, appliances, and new features in ISA 2006. [BUILD1] After your introduction to ISA 2006 we will take a closer look into Secure Application Publishing, covering such topics as Security, Management and User access. [BUILD2] Following our discussion on Secure Application Publishing, we will then have an in-depth look at Branch Office Protection and how the new features in ISA 2006 will help your Branch Offices. [BUILD3] Next up is a look at Firewall and Proxy Enhancements in ISA We will see how ISA 2006 increases the security of your network. [BUILD4] Finally, we will take a brief look into monitoring ISA with MOM by using the ISA 2006 Management Pack. </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH=1>First, let’s review what ISA 2006 is.</TRANSITION> <TRANSITION LENGTH=2>First, let’s review what ISA 2006 is.</TRANSITION> <TRANSITION LENGTH=4>First, let’s review what ISA 2006 is.</TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

21 Proxy e Firewall mais seguros
<SLIDETITLE INCLUDE= 7>More Secure Firewall and Proxy</SLIDETITLE> <KEYWORDS>Worm, Flood, Resiliency, Protection, Firewall, Proxy, Hacker, Hack, Alert, Trigger</KEYWORDS> <KEYMESSAGE>An example of some of the security features of ISA 2006</KEYMESSAGE> <SLIDEBUILDS>2</SLIDEBUILDS> <SLIDESCRIPT> ISA 2006 addresses the need to combat increasing number of attacks on externally facing Web resources through it’s new enhanced flood resiliency features for event handling and monitoring that provide better resistance to Denial of Service & Distributed Denial of Service attacks. [BUILD1] Also, to address the potential for worms which propagate from user to user and network to network ISA 2006 has a new enhanced worm resiliency which allows it to mitigate the impact infected machines have on the network through simplified client IP alert pooling and connection quotas. [BUILD2] In the past, attacks could go unnoticed for hours, or even days, underscoring the need for better ways to detect attacks when they occur, and take appropriate action. ISA 2006 provides enhanced attack remediation through comprehensive alert triggers and responses which can quickly notify administrators of network problems. </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH= 1>The Flood Resiliency feature also provides resource control to avoid denial of service attacks to the ISA Server 2006 system through several different methods.</TRANSITION> <TRANSITION LENGTH= 2>The Flood Resiliency feature also provides resource control to avoid denial of service attacks to the ISA Server 2006 system through several different methods.</TRANSITION> <TRANSITION LENGTH= 4>The Flood Resiliency feature also provides resource control to avoid denial of service attacks to the ISA Server 2006 system through several different methods.</TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM>http://www.microsoft.com/isaserver/code/beta/simu3b.htm</ITEM> <ITEM>http://www.microsoft.com/isaserver/2006/wap.mspx</ITEM> <ITEM>http://www.microsoft.com/isaserver/2006/prodinfo/faq.mspx</ITEM> </ADDITIONALINFORMATION>

22 Flood Resiliency www.microsoft.com/isaserver/2006/prodinfo/guide.mspx
<SLIDETITLE INCLUDE=7 >Flood Resiliency</SLIDETITLE> <KEYWORDS>Flood, throttling, DNS queries, memory, attack, DOS</KEYWORDS> <KEYMESSAGE>The tools ISA 2006 uses to prevent DOS and other attacks.</KEYMESSAGE> <SLIDEBUILDS>4</SLIDEBUILDS> <SLIDESCRIPT> Using Log throttling ISA 2006 measures the volume of denied records being written to the log. If the volume exceeds a specified threshold, ISA Server 2006 will stop logging denied records. [BUILD1] Another feature that allows ISA 2006 to avoid DOS attacks is through the control of memory consumption.   ISA Server 2006 monitors the amount of consumed non-paged pool memory and, if it is close to being full, will reject new connections but will continue to service existing connections. When enough non-paged pool memory is again available, ISA Server 2006 will once again service new requests. This is a fully automated mechanism and only a sophisticated massive attack would cause ISA Server 2006 to activate it. [BUILD2] ISA 2006 can control pending DNS queries which allows it to make sure that clients cannot cause a denial of service attack by causing ISA Server 2006 to manage too many pending DNS queries. There are two scenarios where ISA Server 2006 sends a DNS request. [BUILD3] One type of attack is in which a firewall client asks ISA Server 2006 to resolve a DNS name on its behalf. [BUILD4] Another is when ISA Server sends a reverse DNS query to find the host name, and then uses a policy to allow or block the request based on a list of allowed or denied hosts. </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH= 1> Let’s take a look at just how exactly ISA 2006 implements flood resiliency. </TRANSITION> <TRANSITION LENGTH= 2> Let’s take a look at just how exactly ISA 2006 implements flood resiliency. </TRANSITION> <TRANSITION LENGTH= 4> Let’s take a look at just how exactly ISA 2006 implements flood resiliency. </TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM>http://www.microsoft.com/isaserver/code/beta/simu3b.htm</ITEM> <ITEM>http://www.microsoft.com/isaserver/2006/wap.mspx</ITEM> <ITEM>http://www.microsoft.com/isaserver/2006/prodinfo/faq.mspx</ITEM> </ADDITIONALINFORMATION> Log throttling Control of memory consumption Control of pending DNS queries

23 demonstração Demo Configuring Flood Resiliency
<SLIDETITLE INCLUDE=7>Demonstration: Configuring Flood Resiliency</SLIDETITLE> <KEYWORDS>Flood, ISA, Resiliency</KEYWORDS> <KEYMESSAGE>Demo</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> In this demonstration, you will explore the flood mitigation functionality of ISA Server 2006. </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH= 1 > Lets move onto the next item on the agenda, Monitoring ISA with MOM. </TRANSITION> <TRANSITION LENGTH= 2 > Lets move onto the next item on the agenda, Monitoring ISA with MOM. </TRANSITION> <TRANSITION LENGTH= 4 > Lets move onto the next item on the agenda, Monitoring ISA with MOM. </TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

24 Conclusão Características do ISA Server 2006
Publicação OWA e Sharepoint Melhorias no Firewall e Proxy

25 Seu potencial. Nossa inspiração.MR
© 2006 Microsoft Corporation. Todos os direitos reservados. O propósito desta apresentação é apenas informativa. Microsoft não faz nenhuma garantia expressa ou implícita nesta apresentação. Seu potencial. Nossa inspiração.MR


Carregar ppt "Microsoft® ISA Server 2006 Visão Geral"

Apresentações semelhantes


Anúncios Google