1 enabling secure internet access with isa server
TRANSCRIPT
2
What Is Secure Access to Internet Resources?
• Users can access the resources that they need.
• The connection to the Internet is secure.• The data that users transfer to and from the
Internet is secure.• Users cannot download malicious programs
from the Internet.
3
How ISA Server Enables Secure Access to Internet Resources
• Implementing ISA Server as a firewall• Implementing ISA Server as a proxy server.• Using ISA Server to implement the
organization’s Internet usage policy
4
What is a Proxy Server?
• A proxy server is a server that is situated between a client application
• All client requests are sent to the proxy server• A proxy server can provide enhanced security
and performance for Internet connections.
5
Configuring ISA Server as a Proxy Server
• User authentication• Filtering client requests• Content inspection• Logging user access• Hiding the internal network details
6
How Proxy Servers Work?• Proxy servers can be used to secure both
inbound and outbound Internet access.• Forward Proxy Server: a proxy server is used
to secure outbound Internet access• Reverse proxy server: a proxy server is used
to secure inbound Internet access
Reverse Proxy Server
Forward Proxy Server
7
How Does a Forward Proxy Server Work?
Web Server
Client makes a request for an object located
on Internet
Client makes a request for an object located
on Internet
The request is sent to the proxy server
Check the request
Check the request
Send the request to Internet
Web server response is sent back to the proxy server.
The object is returned to the client
8
How Does a Reverse Proxy Server Work?
send the request to the appropriate server on internal network
resolve to the IP
address
resolve to the IP
address
make a request for an object on Internal
The object is returned to the client
Web server response is sent back to the proxy server
DNS ServerDNS Server
sends the request for the object
Check the request
Check the request
ISA SERVERISA SERVER
Web ServerWeb ServerClientClient
9
Web Proxy Chaining
• Use to forward Web Proxy connections from one ISA firewall to another ISA firewall
11
ISA firewall’s Access Policy
• Web Publishing Rules• Server Publishing Rules• Access RulesWeb Publishing Rules and Server Publishing
Rules are used to allow inbound accessAccess Rules are used to control outbound
access.
13
Protocols
• Protocol Type• Direction• Port range• Protocol number• ICMP properties• (Optional) Secondary connections
15
Configuring ISA Server Authentication
• Basic authentication• Digest authentication• Integrated Windows authentication• Digital certificates authentication• Remote Authentication Dial-In User Service
16
Content Types• Application• Application data files• Audio• Compressed files• Documents• HTML documents• Images• Macro documents• Text• Video• VRML
17
Schedules and Network Objects
Schedules:• Work Hours• Weekends• AlwaysNetwork Objects: used to control the source
and destination of connections moving through the ISA firewall.
18
Configuring Access Rules for OutboundAccess
• By default, ISA Server denies all network traffic between networks connected to the ISA Server computer.
21
The Protocols Page
• All outbound traffic• Selected protocols• All outbound traffic except selected