Access and Protection: A Technical Preview and Deep Dive of the Next Generation of Microsoft ISA Server

Alan SchmarrConsultantBUISession Code: 303

Agenda

Forefront OverviewTMG Value PropositionThe deep dip

Deployment and ManagementWeb client protectionIntrusion Prevention SystemFirewall enhancements

Demos Demos Demos!Call to Action

Management & Visibility

Dynamic Response

Network EdgeServer ApplicationsClient and Server OS

An Integrated Security System

TMG At A GlanceControl Network Policy Access at the Edge (Firewall)

Protect users from Web browsing threats (Web Client Protection)

Protect users from E-mail threats (Email Protection)

Protect desktops and servers from Intrusion attempts (NIPS)Enable Users to Remotely Access Corporate Resources (VPN, Secure Web Publishing)

Simplified Management & Deployment

Comprehensive

Integrated Simplified

TMG New Feature Drill Down• VoIP traversal (SIP) • Enhanced NAT• ISP Link Redundancy

& Aggregation

Firewall

• HTTP Anti-virus/spyware

• URL Filtering• HTTPS forward

inspection

Secure Web Access

• Exchange Edge/FSE integration

• Anti-Virus• Anti-spam

E-mail Protection

• Network Inspection System (NIS)

• Security Assessment and Response (SAS)

Intrusion Prevention

• NAP integration with VPN role

• SSTP support

Remote Access

• Array Management• Scenario UI & Wizards• Change tracking• Enhanced reporting• W2K8, native 64-bit

Deployment & Management

• Update Center :• HTTP: AV+URL

Filtering• Email: AV+Anti-Spam• NIS signatures

Subscription Services

6

TMG as a Firewall

First and foremost: World Class FirewallIntegrated SIP and VOIP supportISP link redundancy & aggregationEnhanced NAT support (ENAT)SQL logging and offline supportUpdated Firewall Client

Secure auto-discovery using Active Directory

Deployment & ManagementGetting Started Wizard

Re-designed user interface with task discoverability

All new array support and management

Update Center for signatures and content updates

Windows Server 2008 and 2008 R2 platforms

Virtualization ready!

Deployment Roles for TMG

Secure

Web Gateway

Firewall / IPS

Secure Email Relay Rem

ote Acce

ss

Unified Threat Management (UTM)

Forefront TMG in the Branch

Web Proxy & CacheFeaturing• Anti-Virus• URL Filtering• HTTPS Inspection• Network Intrusion Inspection

Site to Site VPN

Windows Server 2008 R2:Single Host for TMG & BranchCache (Hosted Cache)

Web Client Protection

Malware inspection

•Download scanning of files•Integrated Microsoft AV/AM engine•Inspection settings per rule

URL filtering•URL category sets and exclusions•Integrated with forward proxy •Beta 3 functionality

HTTPS inspection

•URL filtering, malware scanning and IPS protection•Firewall client notification to end users

Logging & Reporting

•New log fields with URL/Malware info•SQL Server Reporting Services•Customizable reports

Secure Web AccessAlan SchmarrConsultantBUI

demo

What's new in TMG Reports?

TMG Reports – New Security Insights

Secure Email Relay

Full featured SMTP hygieneIntegrated with Forefront Security for Exchange

Anti-malwareAnti-spamAnti-phishing

Also supports generic SMTP mail serversRequires Exchange Server installation or media

Intrusion Prevention System

Forefront Network Inspection System (NIS)Closing the vulnerability window between vulnerability announcement and patch deployment

Signatures distribution by Microsoft Update

Security assessments and responses (SAS)0-Day detection and response

Behavior based Security Assessments

Using NIS for IPS

Detect and prevent known vulnerability-based attack attempts at the Edge of the network or in datacenterSame day availability of the patch and NIS signature Closes the vulnerability window which is needed for patch testing\deployment:

Patches need to be tested more thoroughlyCustomer acceptance (similar to AV updates)

17

Vulnerabilityfound Signature authoring team

TMG

Intrusion Prevention SystemAlan SchmarrConsultantBUI

demo

Enforcement Point• Security Assessment Services (SAS) – in response to security assessments,

enforcement of policy to block or restrict internet access

• NAP Integration – integration with NAP policy to enforce VPN client quarantine

Enhanced Security• Security Assessment Services (SAS) – better security with assessment generation

from TMG data

Enterprise Reporting• Rich Forensic Investigations – investigate security incidents with data from TMG

• Security Suite Reporting – view consolidated security reports across protection technologies

TMG – Stirling Integration

TMG Analytics

Honey pot GAPA Signature Hit

Spam Detection

Click Fraud

Bot Access

Horizontal Scan

Vertical Scan

Vulnerability Scan

Outbound Bandwidth

Failed HTTP Request

Denied Connections

Stirling CoreConfiguration and Reports

Stirling DAC

TMG Logs

Firewall Process

Write Logs

Read Logs

Assessments, Configuration via SAS Channel

SAS Agent

COMInterface

SecurityResponses

Dynamic Policy

Update

Read

SQL Report Summaries

Stirling Agent

Reports via SCOM

TMG Adapter(APTA)

Analctics in Action

SummaryCall-to-action

Test and deploy our upcoming Beta!Join Stirling private beta program through http://connect.microsoft.com

More than next generation firewall: full featured Threat Management solutionMultiple Threat Protection:

Scan, detect and mitigate malware threats

Secure Connectivity:Publishing, VPN and forward proxy

Integrated Security Management:Simple deployment and dynamic response integration with Stirling product suite

question & answer

www.microsoft.com/teched

International Content & Community

http://microsoft.com/technet

Resources for IT Professionals

http://microsoft.com/msdn

Resources for Developers

www.microsoft.com/learning

Microsoft Certification & Training Resources

Resources Tech·Ed Africa 2009 sessions will be made available for download the week after the event from: www.tech-ed.co.za

Track Resources

ISA/TMG Product Team Blog: http://blogs.technet.com/isablog/

Complete a session evaluation and enter to win!

10 pairs of MP3 sunglasses to be won

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,

IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.