1 / 22

Network and Perimeter Security

Network and Perimeter Security. Paula Kiernan Senior Consultant Ward Solutions. Session Overview. Network Perimeter Security Protecting the Network Virtual Private Networking. Purpose and Limitations of Perimeter Defenses.

Download Presentation

Network and Perimeter Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions

  2. Session Overview • Network Perimeter Security • Protecting the Network • Virtual Private Networking

  3. Purpose and Limitations of Perimeter Defenses • Properly configured firewalls and border routers are the cornerstone for perimeter security • The Internet and mobility increase security risks • VPNs have exposed a destructive, pernicious entry point for viruses and worms in many organizations • Traditional packet-filtering firewalls only block network ports and computer addresses • Most modern attacks occur at the application layer

  4. Securing the Network Perimeter: What Are the Challenges? Business partner Main office • Challenges Include: • Determining proper firewall design • Access to resources for remote users • Effective monitoring and reporting • Need for enhanced packet inspection • Security standards compliance Internet Wireless Branch office Remote user

  5. What Firewalls Do NOT Protect Against • Malicious traffic that is passed on open ports and not inspected by the firewall • Any traffic that passes through an encrypted tunnel or session • Attacks after a network has been penetrated • Traffic that appears legitimate • Users and administrators who intentionally or accidentally install viruses • Administrators who use weak passwords

  6. Securing the Network Perimeter: What Are the Design Options? Three-legged configuration Bastion host Internal network Internal network Perimeternetwork Web server Back-to-backconfiguration Internal network Perimeternetwork Internet

  7. Packet filtering: • Filters packets based on information in the network and transport layer headers • Enables fast packet inspection, but cannot detect higher-level attacks Stateful filtering: • Filters packets based on the TCP session information • Ensures that only packets that are part of a valid session are accepted, but cannot inspect application data Application filtering: • Filters packets based on the application payload in network packets • Can prevent malicious attacks and enforce user policies Firewall Requirements: Multiple-Layer Filtering

  8. Configuring ISA Server to Secure the Network Perimeter Use ISA Server to: • Provide firewall functionality • Publish internal resources such as Web or Exchange servers • Implement multilayer packet inspection and filtering • Provide VPN access for remote users and sites • Provide proxy and caching services WebServer LAN WebServer ISAServer VPN Server Internet ExchangeServer Remote User User

  9. Implementing Network Templates to Configure ISA Server 2004 Bastion host Three-legged configuration Internal network Internal network Perimeternetwork Web server Deploy the 3-Leg Perimeter template Back-to-backconfiguration Deploy the EdgeFirewall template Internal network Deploy theFront end or Back endtemplate Perimeternetwork Internet Deploy the Single Network Adapter template for Web proxy and caching only

  10. Session Overview • Network Perimeter Security • Protecting the Network • Virtual Private Networking

  11. Protecting the Network: What Are the Challenges? Challenges related to protecting the network layer include: • Balance between security and usability • Lack of network-based detection or monitoring for attacks

  12. Implementing Network-Based Intrusion-Detection Systems Network-based intrusion-detection system Provides rapid detection and reporting of external malware attacks Important points to note: • Network-based intrusion-detection systems are only as good as the process that is followed once an intrusion is detected • ISA Server 2004 provides network-based intrusion-detection abilities

  13. Implementing Application Layer Filtering Application layer filtering includes the following: • Web browsing and e-mail can be scanned to ensure that content specific to each does not contain illegitimate data • Deep content analyses, including the ability to detect, inspect, and validate traffic using any port and protocol

  14. Protecting the Network: Best Practices Have a proactive antivirus response team monitoring early warning sites such as antivirus vendor Web sites ü Have an incident response plan ü Implement automated monitoring and report policies ü Implement ISA Server 2004 to provide intrusion- detection capabilities ü

  15. Session Overview • Network Perimeter Security • Protecting the Network • Virtual Private Networking

  16. Virtual Private Networking: What Are the Challenges? VPNs provide a secure option for communicating across a public network VPNS are used in two primary scenarios: • Network access for remote clients • Network access between sites VPN quarantine control provides an additional level of security by providing the ability to check the configuration of the VPN client machines before allowing them access to the organization’s network

  17. Understanding Quarantine Networks Standard features of a quarantine network include: • Typically restricted or blocked from gaining access to internal resources • Provides a level of connectivity that allows temporary visitors’ computers to work productively without risking the security of the internal network • Currently only available for VPN remote access solutions

  18. VPN clients network Webserver Domaincontroller Quarantine script Quarantine remote access policy Rqc.exe ISAserver DNSserver Fileserver Quarantined VPN Clients Network How Does Network Quarantine Work? VPN Clients Network WebServer DomainController Quarantine script Quarantine remote access policy RQC.exe ISAServer DNSServer FileServer VPN QuarantineClients Network

  19. Session Summary Properly configured firewalls and border routers are the cornerstone for perimeter security ü Use an appropriate firewall design ü Firewalls do not protect against bad security practices ü ü Implement a firewall that provides multiple layer filtering ü ISA Server 2004 provides network-based intrusion-detection abilities ü VPN quarantine control provides an additional level of security

  20. Next Steps • Find additional security training events: http://www.microsoft.com/seminar/events/security.mspx • Sign up for security communications: http://www.microsoft.com/technet/security/signup/default.mspx • Get additional security information on ISA Server: http://www.microsoft.com/technet/security/prodtech/isa/default.mspx

  21. Questions and Answers

  22. pkiernan@ward.ie www.ward.ie

More Related