Incorporating ISA Server in your Security Plan - Dr. Tom Shinderamp;#039;s Configuring ISA Server 1002004 [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

Dr. Tom Shinderamp;#039;s Configuring ISA Server 1002004 [Electronic resources] - نسخه متنی

Thomas W. Shinder; Debra Littlejohn Shinder

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید









Incorporating ISA Server in your Security Plan

ISA Server can be an important part of your overall security plan. In a sense, this entire book concerns itself with how to incorporate your ISA Server(s) into the corporate security plan, and how to use it to implement your security policies.

In the following sections, we will look at just a few specific ways ISA can play an important role in creating the secure, but accessible, network environment that is right for your organization:



ISA Server's role in intrusion detection



Implementing a system-hardening plan with ISA



Using SSL tunneling and bridging for secure web communications



ISA Server Intrusion Detection


Microsoft has made it easy for you to configure ISA Server to protect against common intrusion types and notify you when such an attack is detected. ISA Server 2004 can protect against the following common attack types:



Windows out-of-band attacks (also called OOB or WinNuke)



LAND attacks (a variation on the SYN flood)



Ping of Death (also called Killer Packet)



IP half scan



UDP bomb (also called UDP flood or UDP packet storm)



Port scan



Third party add-ons, such as GFI's LANguard and ISS's RealSecure, integrate with ISA Server to provide additional intrusion detection functionality. LANguard recognizes over 800 attack types and includes automatic downloading of updates to the attack database. RealSecure combines host-based and network-based intrusion detection into a single package and allows a variety of configurable responses to detected intrusions.






Note

For more information on third-party products, see:



www.gfi.com - LANguard



www.iss.net - RealSecure




Implementing a System Hardening Plan with ISA


The claims of expensive security specialists aside, it is not possible to 'hack proof' your network-at least, not if you want to maintain accessibility to authorized users.






Note

Once again, let's look at a law enforcement analogy. Several years ago, in the wake of a number of incidents where police officers had their own guns taken from them and used against them, the popularity of so-called 'security holsters' soared. These are made in such a way that there is a 'trick' to getting the weapon out of the holster, intended to prevent officer disarmings. The intent is good; however, it soon became apparent that there was cause for concern when officers themselves were unable to free their guns from the holsters when they were needed. Soon they realized that, as in networking, the need for security must be weighed against the need for accessibility. The only completely secure holster was the one that kept everyone-including the officer-from removing the gun. But it wasn't a very practical solution.


Although it may not be possible or even desirable to have complete security, it is possible-and important-to know exactly where your network's vulnerabilities are. Every system that is accessible from the network has weaknesses. There are a number of third-party tools available that will allow you to test your system's vulnerabilities.

ISA Server's firewall function prevents unauthorized packets from entering your internal network. ISA also provides monitoring of intrusion attempts, as well as allowing you to set Alerts to notify you when they occur.

When an Alert is triggered, one of several actions can be configured to occur. For example, an email message can be sent to members of the Administrators group, an event can be logged to the Event Log, an application or script can be executed, or one or more ISA Server services can be stopped (or started).

As you can see, ISA gives you several layers of security, similar to the layered home security scheme suggested by crime prevention experts. ISA's filtering features act like the locks that keep the 'bad guys' out, and its monitoring and alerting features act like the burglar alarm system that lets you know when someone is trying to gain entry.


System-Hardening Goals and Guidelines


The goal of system hardening is to create as many barriers as possible to unauthorized persons who would try to access your network. A good system-hardening plan for your ISA Server deployment must take into consideration the security needs on your network and the configuration of the ISA Server computer


SSL tunneling


SSL tunneling allows a client computer to create a tunnel through the ISA server to a Web server whenever the browser on a client machine requests a Secure HTTP object.

The ISA server will send a connect request in the following format: https://URL_name. Then the following request will be sent to port 8080 on the ISA computer: CONNECT URL_name:443 HTTP/1.1.

The ISA machine will connect to the destination Web server on port 443, and when the TCP connection has been established, the ISA server will return the following message: HTTP/1.0 200 connection established. Now the client machine can communicate directly with the destination Web server, using SSL tunneling.


SSL bridging


Using SSL bridging, ISA Server can encrypt or decrypt requests from clients, and forward the requests to a Web server. This can be used for both outgoing and incoming requests, but is more typically used in the publishing or reverse proxy situation, in which a client requests an HTTP or SSL object from an internal Web server (when an internal client makes an HTTPS request on port 8080, SSL tunneling, rather than bridging, is used). To use SSL bridging for outbound Web requests, the client's browser software must support secure communication with the Web Proxy service.


SSL bridging with reverse publishing

Here is an example of the steps used for SSL bridging with reverse publishing:



The client requests an object from the ISA Server.



The ISA Server forwards the request to the published Web server.



The browser (which is a Web Proxy client) connects to the ISA Server.



The ISA Server authenticates itself to the client by returning a server-side certificate.



The client sends an encrypted HTTP request to the ISA Server.



The ISA Server decrypts the request.



The ISA Server checks its cache for the requested object.



If the object is in the cache, the ISA Server returns it to the client. If not, the ISA Server encrypts the request and sends it to the Web server.



The Web server authenticates itself by returning a server-side certificate to the ISA Server.



The ISA Server sends the encrypted HTTP request to the Web server.



The Web server decrypts the request and returns the object to the ISA Server.



The ISA Server encrypts the object and returns it to the requesting client.



The above is only one possible SSL bridging scenario. You will note that there is a great deal of encrypting and decrypting going on to maintain the security of the object.

/ 145