Professional Documents
Culture Documents
Sandeep Modhvadia
Security Specialist
Agenda
Exchange Publishing
Support for Exchange 2007
Certificate Management
Forms Based Authentication
Custom Forms
Multi-Language Support
Authentication Enhancements
Certificates, OTP, Radius, LDAP
ISA Server 2006 – New Features
Single Sign On
Cookie based authentication
SharePoint publishing
Specialised Wizard driven publishing
Cross Array Link Translation
Demo
T?
Applications
Knowledge Centre Awareness Centre
N
T?
overnance
IA
OWA Citrix ISO77 Corporate G Web
… A …….. 99
………
... Sharepoint
PL
Basel2
H
. ……….... SarbOx
W
M
Java/Browser
O
Embedded
C
Tunneling Authentication Application Client/Server
Security Authorization SSL VPN Aware
Gateway Modules
User Experience
?
Specific
O
Applications
H
W
OWA
E?
Devices
ER
Knowledge Centre
SharePoint/
H
PDA Linux
Citrix
MAC Portals
W
….... ……..
Windows ….....
. ………...
Integrated Solution Benefits
External World Applications Intranet
External e-Gap Internal e-Gap e-Mail
SSL Engine
File
Browser-Side Shares
Security Manager
HAT Engine Authentication
SSL Engine
File
Browser-Side Shares
Security Manager
Transaction is sent over HAT Engine Authentication
internet to external server
Air Gap Switch
External World Applications Intranet
External e-Gap Internal e-Gap e-Mail
SSL Engine
File
Browser-Side Shares
Security Manager
HAT Engine Authentication
External eGap, receives
packet Air Gap Switch
External World Applications Intranet
External e-Gap Internal e-Gap e-Mail
SSL Engine
File
Browser-Side Shares
Security Manager
HAT Engine Authentication
All protocol layers and
TCP/IP headers are Air Gap Switch
stripped off
External World Applications Intranet
External e-Gap Internal e-Gap e-Mail
SSL Engine
File
Browser-Side Shares
Security Manager
HAT Engine Authentication
SSL Engine
File
Browser-Side Shares
Security Manager
HAT Engine Authentication
Switch disconnects from
external server, connects
to internal server
External World Applications Intranet
External e-Gap Internal e-Gap e-Mail
SBC
SSL Engine
File
Browser-Side Shares
Security Manager
HAT Engine Authentication
Data is fetched from
appliance memory
External World Applications Intranet
External e-Gap Internal e-Gap e-Mail
SSL Engine
File
Data
Browser-Side Shares
Security Manager
HAT Engine Authentication
Data is decrypted, SSL session is
established and platform dependent
Endpoint Compliance Module is sent back to
browser to interrogate machine
External World Applications Intranet
External e-Gap Internal e-Gap e-Mail
SBC
SSL Engine
File
Browser-Side Shares
Security Manager
HAT Engine Authentication
If Endpoint Compliance Module
doesn’t find the machine ‘up to Air Gap Switch
scratch’ stricter security policies
are enforced
External World Applications Intranet
External e-Gap Internal e-Gap e-Mail
SSL Engine
File
Data
Browser-Side Shares
Security Manager
HAT Engine Authentication
encrypted login page is
generated and sent back
External World Applications Intranet
External e-Gap Internal e-Gap e-Mail
SSL Engine
File
Browser-Side Shares
Security Manager
HAT Engine Authentication
Customized login page
appears in browser’s Air Gap Switch
window
Data Flow
Username: John Smith
External World
Password: ***********
Applications Intranet
SecurID: **********
External e-Gap Internal e-Gap e-Mail
SSL Engine
File
Browser-Side Shares
Security Manager
HAT Engine Authentication
User completes
authorization credentials Air Gap Switch
& submits response
External World Applications Intranet
External e-Gap Internal e-Gap e-Mail
SBC
SSL Engine
File
Browser-Side Shares
Security Manager
HAT Engine Authentication
Air Gap Switch shuttles the
data across the air gap
External World Applications Intranet
External e-Gap Internal e-Gap e-Mail
SBC
SSL Engine
File
Browser-Side Shares
Security Manager
HAT Engine Authentication
User receives dynamically
generated “Home Page” Air Gap Switch
(based on identity and
location) and selects desired
application
External World Applications Intranet
External e-Gap Internal e-Gap e-Mail
SSL Engine
File
Browser-Side Shares
Security Manager
HAT Engine Authentication
Air Gap Switch shuttles the
data across the air gap
External World Applications Intranet
External e-Gap Internal e-Gap e-Mail
SBC
Data
Virtual Web Server App-Level
Inspection
Authentication
Real Web Server
SSL Engine
File
Browser-Side Shares
Security Manager (SMB)
HAT Engine Authentication
Application data is
Air Gap Switch
inspected and compared
to Mandatory Access
Control List
External World Applications Intranet
External e-Gap Internal e-Gap e-Mail
SBC
SSL Engine
File
Browser-Side Shares
Security Manager
HAT Engine Authentication
SSL Engine
File
Browser-Side Shares
Security Manager
HAT Engine Authentication
SSL Engine
File
Browser-Side Shares
Data
Security Manager
HAT Engine Authentication
Response is converted by
HAT engine for external use.
Response may also be
rewritten and/or blocked
depending on Policy
External World Applications Intranet
External e-Gap Internal e-Gap e-Mail
SSL Engine
File
Browser-Side Shares
Security Manager
HAT Engine Authentication
SSL Engine
File
Browser-Side Shares
Security Manager
HAT Engine Authentication
After user completes session
Attachment Wiper cleans up to Air Gap Switch
ensure nothing sensitive
remains on access machine
Demo
www.microsoft.com/isaserver
www.microsoft.com/forefront
Thank you for attending this TechNet Event