Microsoft ISA Server 2000

Presented byRicardo DiazRyan Fansa

Module 1

Introduction

The Purpose of the ISA Server Microsoft® Internet Security and Acceleration Server 2000 (ISA

Server) is an extensible enterprise firewall and Web cache server built on the Windows® 2000 operating system security, management and directory for policy-based access control, acceleration and management of internetworking.

ISA Server Enterprise Edition adds support for clustering, but makes modifications to the local domain's Microsoft Active Directory® active directory schema. For evaluation purposes, you should set up a four-computer test environment that is isolated from your production network.

With the ISA Server Standard Edition, you can review the core firewall and caching functionality of ISA Server without an update to your Active Directory schema.

The Purpose of The ISA Server (cont.) ISA Server 2000 is an intelligent application layer firewall and Web caching

server that helps protect the network from external attacks and from exploits that may originate from the internal network behind the ISA Server 2000 machine.

The ISA Server 2000 Web cache helps network users reduce overall bandwidth utilization and can provide for a faster Web access experience for campus Internet users by returning popular Web content from the ISA Server 2000 Web cache on the local network instead of from a increasingly congested Internet.

ISA Server can provide value to information technology managers, network administrators, and information security professionals who are concerned about the security, performance, manageability, or operating costs of their networks.

ISA Server can be used in a wide range of scenarios, from small schools, districts and satellite campuses to major, multi-campus systems and statewide networks.

End of Module

Module 2

ISA Server Installation

Installation Process

Installation Process (cont.)

Installation Process (cont.)

Installation Process (cont.)

Installation Process (cont.)

Installation Process (cont.)

Installation Process (cont.)

Installation Process (cont.)

Installation Process (cont.)

Installation Process (cont.)

End of Module

Module 3

Network Security

Network Security

The Threat (Internet)– Hackers/Crackers– Script Kiddies

Type of Firewalls– Traditional– Application

Hackers/Cracker

Skill Level– High Level

Motivation– Test Skill Level– Monetary Gain– Freedom

Script Kiddies

Skill Level– Low to Medium Level

Motivation– Imitation– Curiosity– Build Skill Level

Traditional Firewall OSI Layer 3 & Layer 4

NAT

Function of SPI firewall– source address, destination address, source port,

destination port and direction– Denial of Service (DoS) attacks, Ping of Death, SYN

Flood, LAND Attack, and IP Spoofing (Pattern)

Great at lower level protocol attacks

Application Firewall (Proxies)

OSI Layer 7

Application Level Filtering (Going up the OSI Layer)– OS vulnerabilities, Application vulnerabilities– Nimda, Code Red, SQL Slammer worm, SQL

poisoning – Most likely to spread via email or

unfiltered/open port

End of Module

Module 4

ISA Server to the Rescue

ISA Server Architecture

Standalone Enterprise

– Firewall– Cache Proxy– Integrated

ISA Server as a Standalone

[1]

ISA Server in the Enterprise

[1]

Multi-layered Firewall

Static and Dynamic packet filtering

Circuit Filtering (ISA Client)

Application Filtering

Features of ISA Server

Stateful Inspection Secure Server Publishing Intrusion Detection Client Transparency (SecureNAT) Strong Authentication SDK

Stateful Inspection

Allows ISA Server to determine the state of a given session

Configurable through access policy rules that open ports automatically (dynamic IP packet filtering)

Excellent for filtering streaming media applications

Secure Publishing

Web Server

Email Server (Exchange)

Servers are Never Exposed

Intrusion Detection

Licensed technology from Internet Security Systems

Administrator can set triggers

Triggers can be configured to stop the firewall, write to system log or run script

Client Transparency

SecureNAT

No client to install

Configurable for outbound traffic

Software Development Kit SDK

Create Custom Extensions

Comes with Sample Code

Detailed Documentation

Authentication Web ProxyIncoming/Outgoing Web Traffic

Basic (plain text) (Not Strong!) Digest Integrated Windows (NTLM & Kerberos) Client Certificates Pass-through authentication

End of Module

Module 5

A Closer Look to The ISA Server Management Tool

ManagementConsole

ISA Server – Web Publishing Feature

ISA Server – Web Publishing Feature (cont.)

ISA Server – Web Publishing Feature (cont.)

ISA Server – Web Publishing Feature (cont.)

ISA Server – Web Publishing Feature (cont.)

ISA Server – Web Publishing Feature (cont.)

ISA Server – Web Publishing Feature (cont.)

ISA Server – Web Publishing Feature (cont.)

ISA Server – Web Publishing Feature (cont.)

ISA Server – Web Publishing Feature (cont.)

ISA Server – Web Publishing Feature (cont.)

ISA Server – Web Publishing Feature (cont.)

ISA Server – Web Publishing Feature (cont.)

ISA Server – Web Publishing Feature (cont.)

ISA Server – Web Cashing Feature

ISA Server – Web Cashing Feature (cont.)

ISA Server – Web Cashing Feature (cont.)

ISA Server – Web Cashing Feature (cont.)

ISA Server – Web Cashing Feature (cont.)

ISA Server – Web Cashing Feature (cont.)

ISA Server – Web Cashing Feature (cont.)

Module 6

SQL Slammer Filter

Creating a Filter for SQL Slammer

Create a definition

Create a rule

Step 1 – Create Definition

Step 2

Step 3

Step 4

Step 5

Step 6

Step 7 – Create Rule

Step 8

Step 9

Step 10

Step 11

Step 12

Step 13

End of Module

Conclusion ISA Server was designed to meet the needs of Internet-

enabled business by providing enterprise-class security, fast Web caching performance and powerful unified management tools built for Windows 2000 and 2003 Server.

ISA Server provides a multilayered firewall with built-in intrusion detection to keep internal networks safe.

ISA Server provides businesses with secure, fast Internet connectivity built on the powerful management features of Windows 2000 and 2003 Server.

ISA Server provides scalability for both small and enterprise class environments

Resources

[1] http://www.microsoft.com/isaserver/ [2] http://www.isaserver.org [3]

http://www.techiwarehouse.com/Articles/2002-12-23.html

[4] http://labmice.techtarget.com/BackOffice/ISAServer2000/default.htm

Glossary

Kerberos - a secure method for authenticating a request for a service in a computer network. Kerberos was developed in the Athena Project at the Massachusetts Institute of Technology (MIT).

NTLM - a Microsoft-Proprietary protocol that authenticates users and computers based on an authentication challenge and response.

Stateful Inspection - Stateful inspection is an advanced firewall architecture that was invented by Check Point Software Technologies in the early 1990s. Inspects the header of packets.

NAT - Network Address Translation (NAT) is the translation of an Internet Protocol address used within one network to a different IP address known within another network.