Microsoft® ISA Server 2006 Recursos Avançados <SLIDETITLE INCLUDE=7>Title Slide</SLIDETITLE> <KEYWORDS>Title</KEYWORDS> <KEYMESSAGE> Welcome to this Microsoft TechNet session on ISA 2006 Technical Overview.</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Hello and Welcome to this Microsoft TechNet session on ISA 2006 Technical Overview. My name is {insert name} </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH=7>Let us start this session by going into more detail on exactly what we will be covering.</TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION> Alberto Oliveira MVP ISA Server MCSA/MCSE: Security Security Engineer
Agenda Tipos de Firewall Regras de acesso (Firewall Policy) VPN (Virtual Private Network) Troubleshooting <SLIDETITLE INCLUDE=7>Agenda: Introduction to ISA 2006 </SLIDETITLE> <KEYWORDS>Agenda</KEYWORDS> <KEYMESSAGE>Agenda</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> We will start today’s session with an Introduction to ISA 2006 in which we will examine the different ISA editions available, appliances, and new features in ISA 2006. [BUILD1] After your introduction to ISA 2006 we will take a closer look into Secure Application Publishing, covering such topics as Security, Management and User access. [BUILD2] Following our discussion on Secure Application Publishing, we will then have an in-depth look at Branch Office Protection and how the new features in ISA 2006 will help your Branch Offices. [BUILD3] Next up is a look at Firewall and Proxy Enhancements in ISA 2006. We will see how ISA 2006 increases the security of your network. [BUILD4] Finally, we will take a brief look into monitoring ISA with MOM by using the ISA 2006 Management Pack. </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH=1>First, let’s review what ISA 2006 is.</TRANSITION> <TRANSITION LENGTH=2>First, let’s review what ISA 2006 is.</TRANSITION> <TRANSITION LENGTH=4>First, let’s review what ISA 2006 is.</TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>
Tipos de Firewall - Packet Filtering Stateful Inspection Full inspection
Tipos de Firewall - Packet Filtering Firewall de primeira geração. Checa apenas portas (protocolos), origem e destino.
Tipos de Firewall - Stateful Inspection Firewall de segunda geração. Checa portas (protocolos), origem , destino e inspeciona o estado da conexão.
Tipos de Firewall - Full Inspection Firewall de última geração. Checa portas (protocolos), origem , destino , inspeciona o estado da conexão e checa diversos protocolos na camada de aplicação.
Como um firewall tradicional vê um pacote Apenas o cabeçalho é inspecionado O conteúdo da camada de aplicação é uma “caixa preta” IP Header Source Address, Dest. Address, TTL, Checksum TCP Header Sequence Number Source Port, Destination Port, Checksum Application Layer Content ???????????????????????????????????????????? As decisões de permissão são baseadas em portas Tráfego legítimo e ataques na camada de aplicação utilizam as mesmas portas!!! Internet Expected HTTP Traffic Unexpected HTTP Traffic Attacks Non-HTTP Traffic Corporate Network
Como o ISA vê um pacote Cabeçalho e conteúdo são inspecionados Application Layer Content <html><head><meta http- quiv="content-type" content="text/html; charset=UTF-8"><title>MSNBC - MSNBC Front Page</title><link rel="stylesheet" IP Header Source Address, Dest. Address, TTL, Checksum TCP Header Sequence Number Source Port, Destination Port, Checksum Decisões de permissão definidas pelo conteúdo. Não só pelas portas! Apenas tráfego legítimo e permitido é liberado Internet Expected HTTP Traffic Unexpected HTTP Traffic Attacks Non-HTTP Traffic Corporate Network
Agenda Tipos de Firewall Regras de acesso (Firewall Policy) VPN (Virtual Private Network) Troubleshooting <SLIDETITLE INCLUDE=7>Agenda: Introduction to ISA 2006 </SLIDETITLE> <KEYWORDS>Agenda</KEYWORDS> <KEYMESSAGE>Agenda</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> We will start today’s session with an Introduction to ISA 2006 in which we will examine the different ISA editions available, appliances, and new features in ISA 2006. [BUILD1] After your introduction to ISA 2006 we will take a closer look into Secure Application Publishing, covering such topics as Security, Management and User access. [BUILD2] Following our discussion on Secure Application Publishing, we will then have an in-depth look at Branch Office Protection and how the new features in ISA 2006 will help your Branch Offices. [BUILD3] Next up is a look at Firewall and Proxy Enhancements in ISA 2006. We will see how ISA 2006 increases the security of your network. [BUILD4] Finally, we will take a brief look into monitoring ISA with MOM by using the ISA 2006 Management Pack. </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH=1>First, let’s review what ISA 2006 is.</TRANSITION> <TRANSITION LENGTH=2>First, let’s review what ISA 2006 is.</TRANSITION> <TRANSITION LENGTH=4>First, let’s review what ISA 2006 is.</TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION> 9
Firewall Policy 2 Tipos básicos de ação Permitir Negar
Firewall Policy Regra de acesso: Permitir
Firewall Policy Regra de acesso: Negar
Firewall Policy Filtros Avançados: HTTP Filter
Firewall Policy Filtros Avançados: HTTP Filter Listas com várias assinaturas disponível em: http://www.applicationsignatures.com/backend/index.php http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/com monapplicationsignatures.mspx
Agenda Tipos de Firewall Regras de acesso (Firewall Policy) VPN (Virtual Private Network) Troubleshooting <SLIDETITLE INCLUDE=7>Agenda: Introduction to ISA 2006 </SLIDETITLE> <KEYWORDS>Agenda</KEYWORDS> <KEYMESSAGE>Agenda</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> We will start today’s session with an Introduction to ISA 2006 in which we will examine the different ISA editions available, appliances, and new features in ISA 2006. [BUILD1] After your introduction to ISA 2006 we will take a closer look into Secure Application Publishing, covering such topics as Security, Management and User access. [BUILD2] Following our discussion on Secure Application Publishing, we will then have an in-depth look at Branch Office Protection and how the new features in ISA 2006 will help your Branch Offices. [BUILD3] Next up is a look at Firewall and Proxy Enhancements in ISA 2006. We will see how ISA 2006 increases the security of your network. [BUILD4] Finally, we will take a brief look into monitoring ISA with MOM by using the ISA 2006 Management Pack. </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH=1>First, let’s review what ISA 2006 is.</TRANSITION> <TRANSITION LENGTH=2>First, let’s review what ISA 2006 is.</TRANSITION> <TRANSITION LENGTH=4>First, let’s review what ISA 2006 is.</TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION> 15
VPN (Virtual Private Network) Tipos: Site to Site Client to Site Quarentined VPN Clients
VPN (Virtual Private Network) Tipos: Site to Site
VPN (Virtual Private Network) Tipos: Client to Site
Quarentined VPN Clients Rede Corporativa Conexão do cliente 1 ISA coloca o usuário na rede isolada de quarentena 2 O script no cliente verifica se a estação está de acordo com os padrões. 3 O script envia a notificação de sucesso para o ISA 4 ISA Server designa o usuário à rede de VPN Clients para prover acesso 5
VPN (Virtual Private Network) Protocolos disponíveis: - Site to Site: PPTP, L2TP e IPSec Client to Site PPTP e L2TP
Agenda Tipos de Firewall Regras de acesso (Firewall Policy) VPN (Virtual Private Network) Troubleshooting <SLIDETITLE INCLUDE=7>Agenda: Introduction to ISA 2006 </SLIDETITLE> <KEYWORDS>Agenda</KEYWORDS> <KEYMESSAGE>Agenda</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> We will start today’s session with an Introduction to ISA 2006 in which we will examine the different ISA editions available, appliances, and new features in ISA 2006. [BUILD1] After your introduction to ISA 2006 we will take a closer look into Secure Application Publishing, covering such topics as Security, Management and User access. [BUILD2] Following our discussion on Secure Application Publishing, we will then have an in-depth look at Branch Office Protection and how the new features in ISA 2006 will help your Branch Offices. [BUILD3] Next up is a look at Firewall and Proxy Enhancements in ISA 2006. We will see how ISA 2006 increases the security of your network. [BUILD4] Finally, we will take a brief look into monitoring ISA with MOM by using the ISA 2006 Management Pack. </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH=1>First, let’s review what ISA 2006 is.</TRANSITION> <TRANSITION LENGTH=2>First, let’s review what ISA 2006 is.</TRANSITION> <TRANSITION LENGTH=4>First, let’s review what ISA 2006 is.</TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION> 21
Troubleshooting Problemas comuns: - ISA Server não autentica usuários - Bloqueios do ISA não são efetivos - Acesso negado ao invés de permitido
Troubleshooting Problemas comuns: - ISA Server não autentica usuários Causas mais comuns: DNS incorretamente configurado, Active Directory com Problemas, ordem de consulta dos binds das placas de rede Incorreto.
Troubleshooting Problemas comuns: - ISA Server não autentica usuários Ações corretivas: Verificar resolução de nomes interna à partir do ISA; Verificar a configuração da system policy; Verificar ordem dos binds de consulta das placas de rede.
Troubleshooting Problemas comuns: - Bloqueios do ISA não são efetivos Causas mais comuns: Ordem das regras incorreta HTTP Filter desabilitado Regra criada incorretamente
Troubleshooting Problemas comuns: - Bloqueios do ISA não são efetivos Ações corretivas: Verificar ordem das regras. Bloquear vem antes de liberar! Verificar filtro HTTP Verificar ação da regra
Troubleshooting Problemas comuns: - Acesso negado ao invés de permitido Causas mais comuns: Regras incorretamente posicionadas Usuário/Grupo presente em mais de uma regra Regra criada incorretamente
Troubleshooting Problemas comuns: - Acesso negado ao invés de permitido Ações corretivas: Verificar posicionamento das regras Verificar a presença do usuário em vários grupos e regras Verificar os objetos utilizados na criação da regra
Troubleshooting Dica final: Utilize SEMPRE a guia de monitoração do ISA Server!!
Conclusão Teoria dos firewalls Firewall Policy VPN Troubleshooting
Para maiores informações… Visite o www.technetbrasil.com.br Informações sobre ISA Server: www.microsoft.com/isaserver www.isaserver.org www.isastools.org
Seu potencial. Nossa inspiração.MR © 2006 Microsoft Corporation. Todos os direitos reservados. O propósito desta apresentação é apenas informativa. Microsoft não faz nenhuma garantia expressa ou implícita nesta apresentação. Seu potencial. Nossa inspiração.MR