1 / 14

What's new in Threat Management Gateway (TMG) 2010

What's new in Threat Management Gateway (TMG) 2010. Ronald Beekelaar ronald@beekelaar.com. Introductions. Presenter – Ronald Beekelaar MVP Security MVP Virtual Machine Technology E-mail: Beekelaar Consultancy BV ronald@beekelaar.com Work Security consultancy Virtualization consultancy

hina
Download Presentation

What's new in Threat Management Gateway (TMG) 2010

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What's new in Threat Management Gateway (TMG) 2010 Ronald Beekelaarronald@beekelaar.com

  2. Introductions • Presenter – Ronald Beekelaar • MVP Security • MVP Virtual Machine Technology • E-mail: Beekelaar Consultancy BVronald@beekelaar.com • Work • Security consultancy • Virtualization consultancy • Create many VM-based labs and demos • Software to optimize, manage and run VM

  3. Session Objectives • Main goal: • Make it easier for you to talk to customers aboutThreat Management Gateway (TMG) 2010. • Or: implement TMG 2010 within your own organization • How to do that? • Focus on new features in TMG 2010 • As successor to ISA 2006 • Understand NIS • Explain Outbound SSL Inspection • Sub goal: • Use the lab environment for demos

  4. Demo and Lab Environment • For study, testing, demo, POC, etc • Download from: • http://go.microsoft.com/fwlink/?LinkId=190269 • Contains all Forefront products • Including FIM and AD FS

  5. What's new in TMG? • Malware Inspection (AM) • For HTTP and HTTPS • Email antivirus / antispam filtering • Network Inspection System (NIS) • Intrusion Prevention System • URL Filtering • HTTPS Inspection • Web Access Policy • ISP Redundancy (ISP-R) • Failover and load-balancing • Enhanced NAT • For multiple outbound SMTP servers

  6. TMG “Network Rules” • New Feature: Enhanced NAT • Eg. SMTP Sender Policy Framework

  7. Malware Inspection • Detects viruses in HTTP traffic • Uses MS AV engine • Same as FCS, FSE, FSSP, etc • Single engine – not multi-vendor • Issue: • Scanning takes time – client may time out • Solution: • Progress notification (for browser clients) • Content trickling + recall • Send 50 bytes every 5 seconds

  8. Network Inspection System (NIS) • Signature-based detection of malicious network traffic • Based on MS Research GAPA project • Generic Application Protocal Analyzer • Signatures for vulnerabilities (MS08-33) • And some signatures for existing exploits • Microsoft releases security bulletin+ security update (patch)+ NIS signature • Protects unpatched computers behind TMG

  9. URL Filtering • Microsoft Reputation Service (MRS) returns one of 91 “category” indications for each URL • Including “Unknown” MRS Request www.soccer.com ? category = sports + in cache www.soccer.com Content Content Firewall rule:Allow category Sports after 5 PM only

  10. URL Filtering – Walking the Path Internet Services category Health category Health category URL Filtering Categories: - health.msn.com/kids-health/caffeine-use.htm - Not found - health.msn.com/kids-health – Not found - health.msn.com – Health category - msn.com – Internet Servicescategory

  11. HTTPS InspectionOutbound traffic • For Web publishing, inbound SSL Bridging is well-known (ISA Server 2000) • Issue: • Cannot inspect outbound traffic in encrypted tunnel (SSL) • Solution: • Use “SSL Bridging” on outbound SSL connections as well • Difference with Web publishing is that client can go to many different Web sites

  12. HTTPS InspectionMechanism Signed by”TMG CA” Signed by Verisign www.fabrikam.com www.fabrikam.com Request Request Certificate Certificate SSL SSL In Web browser: https://www.fabrikam.com In TMG request: https://www.fabrikam.com

More Related