390 likes | 880 Views
Network and Perimeter Security. Paula Kiernan Senior Consultant Ward Solutions. Session Overview. Network Perimeter Security Protecting the Network Virtual Private Networking. Purpose and Limitations of Perimeter Defenses.
E N D
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions
Session Overview • Network Perimeter Security • Protecting the Network • Virtual Private Networking
Purpose and Limitations of Perimeter Defenses • Properly configured firewalls and border routers are the cornerstone for perimeter security • The Internet and mobility increase security risks • VPNs have exposed a destructive, pernicious entry point for viruses and worms in many organizations • Traditional packet-filtering firewalls only block network ports and computer addresses • Most modern attacks occur at the application layer
Securing the Network Perimeter: What Are the Challenges? Business partner Main office • Challenges Include: • Determining proper firewall design • Access to resources for remote users • Effective monitoring and reporting • Need for enhanced packet inspection • Security standards compliance Internet Wireless Branch office Remote user
What Firewalls Do NOT Protect Against • Malicious traffic that is passed on open ports and not inspected by the firewall • Any traffic that passes through an encrypted tunnel or session • Attacks after a network has been penetrated • Traffic that appears legitimate • Users and administrators who intentionally or accidentally install viruses • Administrators who use weak passwords
Securing the Network Perimeter: What Are the Design Options? Three-legged configuration Bastion host Internal network Internal network Perimeternetwork Web server Back-to-backconfiguration Internal network Perimeternetwork Internet
Packet filtering: • Filters packets based on information in the network and transport layer headers • Enables fast packet inspection, but cannot detect higher-level attacks Stateful filtering: • Filters packets based on the TCP session information • Ensures that only packets that are part of a valid session are accepted, but cannot inspect application data Application filtering: • Filters packets based on the application payload in network packets • Can prevent malicious attacks and enforce user policies Firewall Requirements: Multiple-Layer Filtering
Configuring ISA Server to Secure the Network Perimeter Use ISA Server to: • Provide firewall functionality • Publish internal resources such as Web or Exchange servers • Implement multilayer packet inspection and filtering • Provide VPN access for remote users and sites • Provide proxy and caching services WebServer LAN WebServer ISAServer VPN Server Internet ExchangeServer Remote User User
Implementing Network Templates to Configure ISA Server 2004 Bastion host Three-legged configuration Internal network Internal network Perimeternetwork Web server Deploy the 3-Leg Perimeter template Back-to-backconfiguration Deploy the EdgeFirewall template Internal network Deploy theFront end or Back endtemplate Perimeternetwork Internet Deploy the Single Network Adapter template for Web proxy and caching only
Session Overview • Network Perimeter Security • Protecting the Network • Virtual Private Networking
Protecting the Network: What Are the Challenges? Challenges related to protecting the network layer include: • Balance between security and usability • Lack of network-based detection or monitoring for attacks
Implementing Network-Based Intrusion-Detection Systems Network-based intrusion-detection system Provides rapid detection and reporting of external malware attacks Important points to note: • Network-based intrusion-detection systems are only as good as the process that is followed once an intrusion is detected • ISA Server 2004 provides network-based intrusion-detection abilities
Implementing Application Layer Filtering Application layer filtering includes the following: • Web browsing and e-mail can be scanned to ensure that content specific to each does not contain illegitimate data • Deep content analyses, including the ability to detect, inspect, and validate traffic using any port and protocol
Protecting the Network: Best Practices Have a proactive antivirus response team monitoring early warning sites such as antivirus vendor Web sites ü Have an incident response plan ü Implement automated monitoring and report policies ü Implement ISA Server 2004 to provide intrusion- detection capabilities ü
Session Overview • Network Perimeter Security • Protecting the Network • Virtual Private Networking
Virtual Private Networking: What Are the Challenges? VPNs provide a secure option for communicating across a public network VPNS are used in two primary scenarios: • Network access for remote clients • Network access between sites VPN quarantine control provides an additional level of security by providing the ability to check the configuration of the VPN client machines before allowing them access to the organization’s network
Understanding Quarantine Networks Standard features of a quarantine network include: • Typically restricted or blocked from gaining access to internal resources • Provides a level of connectivity that allows temporary visitors’ computers to work productively without risking the security of the internal network • Currently only available for VPN remote access solutions
VPN clients network Webserver Domaincontroller Quarantine script Quarantine remote access policy Rqc.exe ISAserver DNSserver Fileserver Quarantined VPN Clients Network How Does Network Quarantine Work? VPN Clients Network WebServer DomainController Quarantine script Quarantine remote access policy RQC.exe ISAServer DNSServer FileServer VPN QuarantineClients Network
Session Summary Properly configured firewalls and border routers are the cornerstone for perimeter security ü Use an appropriate firewall design ü Firewalls do not protect against bad security practices ü ü Implement a firewall that provides multiple layer filtering ü ISA Server 2004 provides network-based intrusion-detection abilities ü VPN quarantine control provides an additional level of security
Next Steps • Find additional security training events: http://www.microsoft.com/seminar/events/security.mspx • Sign up for security communications: http://www.microsoft.com/technet/security/signup/default.mspx • Get additional security information on ISA Server: http://www.microsoft.com/technet/security/prodtech/isa/default.mspx
pkiernan@ward.ie www.ward.ie