Microsoft Internet Security & Acceleration Server 2006 Overview 1
What is ISA Server 2006? Three Deployment Scenarios Making Exchange, SharePoint and Web application servers available for secure remote access Securely connecting your branch offices and utilizing bandwidth efficiently Protecting your environment from internal users accessing unwanted or harmful content on the Internet 2
What s New in ISA Server 2006? ISA 2004 New Features in ISA 2006 Load Balancing of Web farms SharePoint Publishing Wizard Automatic Link Translation Manual Link Translation Exchange Publishing Wizard Customizable forms NTLM, Kerberos, Delegation Smartcards, one time password Single Sign On Active Directory via LDAP HTTP Basic Delegation Active Directory via RADIUS BITS Caching HTTP Compression Central policy storage HTTP content caching Policy storage at branches 3
Secure Application Publishing 4
The Need 5
The Concerns An increasing number of employees need access to information hosted on the corporate network Hackers want to steal information on corporate data servers for personal gain. Able to evade current hardware firewall by hiding attacks in encrypted sessions Opening ports on the corporate firewall to company resources puts the customer at risk of Internet based attackers Traditional hardware firewalls are not specifically built to protect their Microsoft Exchange Server and Microsoft SharePoint Portal Server 2003 servers. 1 2 3 4 Remote User Hacker Exchange Farm SharePoint Internet link Firewall INTERNAL NETWORK Active Directory 6
The Solution Remote User Hacker Automatic translation of links to internal shares Strong user/group based access controls NTLM, Kerberos authentication support Load balancing of server farms Exchange & SharePoint publishing tools Smartcard & one time password support Internet link Exchange Farm Inspection of encrypted traffic using SSL Bridging Single sign on for access to multiple servers ISA 2006 Pre authentication so only valid traffic reaches servers Active Directory Authentication with Active directory via LDAP SharePoint Internal Network 7
Branch Office Gateway 8
The Need 9
The Concerns Branch office employee productivity suffers when they cannot access corporate data at the main office, or when data access is slow. The cost of WAN links is a major line item for many companies with extensive branch office deployments. Companies with large numbers of branch offices need to reduce the overhead in managing thousands of firewall and Web proxy servers. Branch offices that are not as tightly maintained and managed can lead to increased probability of a security breach that can impact the main office network. 1 2 3 4 Windows Update Exchange SharePoint WAN link or Site to Site VPN Firewall Internal Network Active Directory 10
The Solution BRANCH OFFICE Web caching for faster response times DiffServ IP settings for traffic prioritization BITS support to accelerate software update deployment Answer files on removable media for unattended installation Windows Update Integrated application layer firewall, VPN & web proxy HTTP traffic compression to minimize bandwidth use WAN link or Site to Site VPN Enterprise & array policy model for large deployments ISA Server 2006 Array Exchange Active Directory Application Mode SharePoint HEAD QUARTERS Cache Array Routing protocol for efficient cache use Central policy storage and fast propagation of policy using bandwidth optimizations 11
Web Access Protection 12
The Need 13
The Concern Security breaches require that customers determine the source of the breach (what user, on what computer, at what time, using what application). Uncontrolled Internet access can lead to decrease in employee productivity as well as them introducing viruses, worms, Trojan horses, and other exploit code to the internal network A variety of applications can be used to send proprietary corporate information out to the Internet, such as e mail, newsgroups, peer topeer file sharing, instant messaging, and more. Slow or unusable Internet connections can put the company at a competitive disadvantage and reduce overall employee productivity 1 2 3 4 Extranet Web Server Attacker External Web Site DMZ Internet INTERNAL NETWORK 14
The Solution Attacker Enhanced protection against DoS, DDoS & DNS attacks External Web Site Integrated applicationlayer firewall & web proxy Integrated Network Load Balancing for high availability Comprehensive alert triggers & responses Securityenhanced remote management using TLS Built in traffic inspection for over 120 protocols Internet Customizable cache rules for flexibility ISA Server 2006 Array Fast RAM & ondisk caching for fast web page response times Enhanced worm protection through connection quotas INTERNAL NETWORK 15
ISA 2006 on Appliances 1. Hardware comes preloaded, preconfigured, and pretested with ISA Server. 2. Hardened configuration for reduced attack surface. 3. Easy to purchase, set up, and deploy. 4. Out of box configuration tools and Webbased administration available 16
More information 1 Feature Overview, Configuration Training, Capacity Planner & more on http://www.microsoft.com/isaserver 2 Try out FREE virtual labs at http://www.microsoft.com/technet/traincert/virtuallab/isa.mspx 3 Download Standard & Enterprise Edition trials on http://www.microsoft.com/isaserver/prodinfo/trial software.mspx 17