La presentazione è in caricamento. Aspetta per favore

La presentazione è in caricamento. Aspetta per favore

Il nuovo Microsoft ISA Server 2006

PubblicatoAchille Lisa Modificato 10 anni fa

Presentazioni simili

Presentazione sul tema: "Il nuovo Microsoft ISA Server 2006"— Transcript della presentazione:

1 Il nuovo Microsoft ISA Server 2006
3/27/2017 2:28 AM Il nuovo Microsoft ISA Server 2006 © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Di cosa parleremo? 3/27/2017 2:28 AM
© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Accesso protetto a Internet Accesso rapido e sicuro
3/27/2017 2:28 AM Pubblicazione sicura di applicazioni Sicurezza integrata Gateway per uffici remoti Gestione efficiente Accesso protetto a Internet Accesso rapido e sicuro © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Pubblicazione sicura di applicazioni
3/27/2017 2:28 AM Sicurezza integrata Autenticazione multifattore avanzata Integrazione con AD/LDAP Autenticazione forms-based personalizzabile Delega avanzata dell’autenticazione Gestione migliorata delle sessioni Gestione efficiente Bilanciamento delle pubblicazioni Web Tool automatizzati per Exchange, SharePoint altri server web Gestione dei certificati migliorata Accesso rapido e sicuro Maggiori scelte per il sign-on Traduzione automatica dei link © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Gateway per uffici remoti
3/27/2017 2:28 AM Sicurezza integrata BITS caching Gestione efficiente Tool per la connessione automatizzata alle VPN Answer file su media rimovibili Rapida propagazione delle policy di enterprise Accesso rapido e sicuro Compressione del traffico HTTP Gestione dei signali DiffServ BITS caching, compressione HTTP e DiffServ sono gli stessi di ISA Server 2004 service pack 2 © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 Protezione degli accessi ad Internet
3/27/2017 2:28 AM Sicurezza integrata Restistenza ai flood migliorata Resistenza ai worm migliorata Miglioramenti nella creazione degli avvisi Gestione efficiente Controllo delle risorse migliorato © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Pubblicazione sicura 3/27/2017 2:28 AM
© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 I numeri > 35% Accessi non autorizzati alle risorse di calcolo 1:1
3/27/2017 2:28 AM > 35% Accessi non autorizzati alle risorse di calcolo 1:1 Rapporto tra attacchi interni ed esterni CSI/FBI 2005 report © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Più wizards Oggetti Web-based Altri oggetti
3/27/2017 2:28 AM Oggetti Web-based OWA SharePoint Web server Oggetti per regole e reti Altri oggetti Posta SMTP Exchange RPC Regole personalizzate I wizard creano gli elementi di rete e configurano la traduzione dei link se necessario © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Wizard per creare web listener
3/27/2017 2:28 AM Autenticazione Gestione dei certificati Compressione HTTP © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Attributi usabili nell’autenticazione
3/27/2017 2:28 AM Gruppi di appartenenza Protocollo usato User ID Tempo © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 Autenticazione: da client a ISA 2006
3/27/2017 2:28 AM Form HTML RADIUS OTP SecurID HTTP Basic SSL lato client Combinato con fallback su altro metodo Nessuno Add-on di terze parti © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Autenticazione: da ISA 2006 al validatore
3/27/2017 2:28 AM Active Directory Kerberos LDAP RADIUS RADIUS OTP SecurID © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Flusso di autenticazione
3/27/2017 2:28 AM Autenticazione sul listener? Mostra il contenuto pubblicato Client richiede un sito web Si No “All users” è nella regola? Richiesta di credenziali Ricerca di regola di pubblicazione No SI AuthN richiesta nel backend? Si No © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Metodi di autenticazione
3/27/2017 2:28 AM Front-end HTTP Basic Digest Negoziazione Client SSL Ignore Accept Chiede certificato. Ritorna all’AuthN del listener se non fornito Require Chiede certificato regola fallisce se non fornito Si ottiene two-factor AuthN combinandolo con richiesta di credenziali sull’AuthN del listener Form HTML Per-listener o per-regola; 26 lingue Username + password Username + passcode Username + password + passcode Solo browser; Non-browser devono usare HTTP basic © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Metodi di autenticazione
3/27/2017 2:28 AM Gateway Kerberos ISA appartiene al dominio LDAP ISA è standalone Dominio Windows 2000 o 2003 LDAP Non-AD non funziona Round-robin con flag di disponibilità RADIUS (Windows, FreeRADIUS, GNU RADIUS, altri) OTP Time- o counter-based Fornisce cookie per non Re-AuthN (Aladdin, Vasco, ActivCard, Secure Computing) SecurID Supporto è built-in © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 Metodi di autenticazione
3/27/2017 2:28 AM Back-end Nessuno Blocca Pass-through HTTP Basic Negotiate Prova Kerberos quindi passa a NTLM Kerberos Supporta delega S4U2Proxy Solo per domini Windows 2003 domains © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 Metodi di autenticazione
3/27/2017 2:28 AM Delega avanzata Intefaccia di front-end Provider Delega verso Back-end Commenti HTML form HTTP basic WinLogon LDAP RADIUS None (passthrough) None (blocca) Kerberos S4U2Proxy Negotiate Supporta SSO Può richiedere certificato per two-factor AuthN Digest Integrated Form con Passcode SecurID passcode e password Supports SSO Client SSL n/a Combinazione con SecurID per two-factor AuthN © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Processo di delega browser access-request URL RADIUS 401 Form OWA
3/27/2017 2:28 AM browser access-request URL RADIUS 401 Form OWA access-accept group attribs URL + cred basic Variabili di form cookie data WinLogon token AD WinLogon URL + basic creds token ISA Server data IIS © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Single sign-on 3/27/2017 2:28 AM Eseguito automaticamente tra le applicazioni pubblicate attraverso lo stesso listener Pensate un listener come un contenitore per le impostazioni di autenticazione condivise da tutti i siti pubblicati attraverso il listener © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 Single sign-on flow  dev Documenti, prego eng sup Documenti, prego
3/27/2017 2:28 AM dev Documenti, prego eng sup Documenti, prego Già visto dev.example.com eng.example.com sup.example.com ID+pass mktg example.com Anche se il listener condivide lo stesso profilo di autenticazione ed è abilitato SSO © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Tipi di certificati Richiesti Front-end
3/27/2017 2:28 AM Richiesti Front-end Autenticazione di ISA Server e creazione di una connessione SSL verso il client remoto Back-end Autenticazione dei server pubblicati e apertura di una connessione SSL verso ISA Server Opzionali ISA Server come client Autenticazione di ISA Server verso i server pubblicati Client remoto Autenticazione dei client remoti verso ISA Server © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 Gestione dei certificati
3/27/2017 2:28 AM Certificati multipli per i listener Insieme unico di impostazioni di autenticazione per siti multipli Elimina la necessità di uso dei certificati con wildcard (molto più costosi) Possibile usare differenti certificati per differenti server nell’array Non devono essere certificati thumbprint Possibile usare hardware SSL © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 Stato dei certificati 
3/27/2017 2:28 AM Certificati installati in modo errato In store errato (dev’essere computer, non user) Mancanza di chiave privata Stato su ogni membro dell’array Avvisi se il certificato è scaduto © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 Avvisi amministrativi relativi ai certificati
Problemi con i certificati sono riportati negli alert amministrativi Messaggi migliori di quello generico di ISA 2004 “certificate not installed somewhere” © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 Autenticazione HTML forms-based
3/27/2017 2:28 AM Funziona per ogni sito web pubblicato Premium: browser con funzioni avanzate Basic: browser con capacità limitate Mobile: browser a bassa risoluzione Tre form per ogni classe Logon Logoff SecurID Linguaggi Scelta dipende dal linguaggio del browser Sovrascrivibile © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 Formati delle form Username e password Username e passcode
Combinazione (inserire entrambe) ID+passcode: per SecurID o RADIUS OTP Validati da ISA Server ID+password: per delega Validati dal back-end Insieme predefinito di form (essenzialmente logo) Generico di ISA Server Microsoft Exchange © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 Form generica 3/27/2017 2:28 AM © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 Insieme di form personalizzate
3/27/2017 2:28 AM Possono essere differenti per ogni listener Le regole di pubblicazione possono sovrascrivere le form impostate nel listener © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 Gestione delle sessioni 
3/27/2017 2:28 AM Cookie Persistenti Di sessione Timeout Idle time Durata della sessione Attività Non-user non può reimpostare il timer del cookie Logoff Aggiunta dell’ URL di logoff alla regola di publishing Cancella il cookie; aggiunta alla revocation list Log dell’identità dell’utente remoto © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31 Link translation ? http://www.example.com
3/27/2017 2:28 AM <HREF= ? © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32 Link translation   http://www.example.com
3/27/2017 2:28 AM <HREF= <HREF= © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33 Link translation Ca c’è di buono? Cosa c’è di nuovo?
3/27/2017 2:28 AM Ca c’è di buono? Mantiene privati i dettagli interni Consente agli utenti esterni di accedere ai link interni senza modificare le applicazioni Cosa c’è di nuovo? Abilitato automaticamente Traduzione più rapida © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

34 Link translation negli array
3/27/2017 2:28 AM Traduce i link anche se il contenuto web è in qualche altro array Aiuta ad aumentare la disponibilità Se qualche array in una regione geografica muore è possibile passare da altri array senza perdere la traduzione dei link © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

35 Server farm Definite come un oggetto di rete
3/27/2017 2:28 AM Definite come un oggetto di rete Usabili in qualsiasi regola di pubblicazione si desideri © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

36 Server farm 3/27/2017 2:28 AM Consente di definire un’opzione di verifica della connessione HTTP/S “GET” Ping Connessione TCP ad una porta © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

37 Bilanciamento del carico di pubblicazioni web
Usa una web server farm Preserva il contenuto applicativo Solamente affinità singola Non serve NLB sui server pubblicati Eliminati problemi con NAT e routing La non dipendenza dall’IP di ISA assicura l’uso equanime di tutti i server Scelta del tipo di balance Cookie (default per OWA) IP sorgente (default per RPC/HTTP) © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

38 Controllo dello stato dei server
3/27/2017 2:28 AM Attivo In esaurimento Rimosso Out of service © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

39 Controllo dello stato dei server 
3/27/2017 2:28 AM Active Stato ordinario quando il server è aggiunto all’array ed è in grado di accettare richieste in ingresso Draining In fase di modifica di stato, termina le richieste in coda, non accetta nuove richieste Out of service Stato impostato automaticamente da ISA quando il server non risponde alla verifica di connessione Removed Rimosso dall’array e dalla UI Non accetta alcuna richiesta Quando un server in errore si ripristina, accetta nuove richieste; le precedenti richieste rimangono sul server che le aveva accettate © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

40  Reverse caching Cache in RAM L’ho! Trasferisce su disco
Trasferisce in RAM  © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

41 Pubblicazione di server di posta
3/27/2017 2:28 AM Accessi Non-web SMTP RPC POP-3 IMAP-4 NNTP Accessi Web OWA RPC/HTTPS OMA EAS © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

42 Integrazione con Exchange 
3/27/2017 2:28 AM Selezione della versione di Exchange Anche per le farm Selezione dei metodi Con Exchange 2007, ISA 2006 fornisce accesso pieno (non solo in lettura) a: Librerie SharePoint Share di rete Usa una UI dedicata a OWA Non il tab “Documents” di OWA 2007 © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

43 Gateway per i Branch Office
3/27/2017 2:28 AM Gateway per i Branch Office © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

44 I numeri 30% Organizzazioni USA con uffici remoti 33%
3/27/2017 2:28 AM 30% Organizzazioni USA con uffici remoti 33% Quantità di budget IT consumata per la gestione degli uffici remoti $ Spese per WAN delle organizzazioni con più di 1000 dipendenti 55% Organizzazioni USA con più di 1000 dipendenti negli uffici remoti Dimensioni tipiche dello staff IT negli uffici remoti Harte-Hanks 2004; AMI Partners 2003 © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

45 Configuration storage server
3/27/2017 2:28 AM Instanza di ADAM Directory LDAP No DNS, no domini Windows Dettagli di installazione Su ISA, computer in dominio o in workgroup Per avere replica multimaster deve essere in dominio Numero qualsiasi di array Può essere replicato su più server Gestito da uno snap-in Funzionano anche tool AD e LDAP Configurazione letta in blocchi larghi < 1 minuto per propagare la singola modifica 20-30 minuti per replica completa © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

46 Branch office wizard Sede centrale Ufficio remoto
3/27/2017 2:28 AM Sede centrale Ufficio remoto Creazione di una VPN site-to-site con l’ufficio centrale Associazione del server ISA nell’ufficio remoto con il Configuration Storage Server nell’ufficio centrale e sicronizzazione Associazione dell’ISA nell’ufficio remoto con uno specifico array File risposte © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

47 Cache degli update con BITS
3/27/2017 2:28 AM Regole ed elementi built-in per il caching dei download da Microsoft Update I client prendono gli update dalla cache Vengono onorati i range richiesti dai client ISA mette in cache solo gli update richiesti dai sistemi operativi in uso Salva uso della banda e spazio disco Ogni regola di pubblicazione web può usare BITS... © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

48 Compressione HTTP GZip e Deflate; richiede HTTP 1.1
3/27/2017 2:28 AM GZip e Deflate; richiede HTTP 1.1 Scope: per-listener (nuovo in ISA 2006) o globale Nessuna possibilità di impostazione per regola Implementata come web filter In alto nell’ordine dei filtri; alta priorità Deve decomprimere prima che ISA possa ispezionare il traffico Contenuti in cache forniti compressi se il client lo richiede Anche se salvati in modo non compresso Può impattare le prestazione; nel caso pulire la cache Disabilitare la funzione di caching Cancellare i file di cache nel folder Urlcache su ogni disco HTTPS non è mai compresso © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

49 Compressione HTTP sui client
3/27/2017 2:28 AM I client HTTP 1.1 richiedono automaticamente la compressione Si deve abilitare l’impostazione nel browser © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

50 Caching e compressione
3/27/2017 2:28 AM Prego comprimere Non comprimere © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

51 Caching e compressione
3/27/2017 2:28 AM Prego comprimere Incomprimibile Prego comprimere © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

52 Caching, compressione e ispezione 
3/27/2017 2:28 AM Prego comprimere Ispezione:off Ispezione: on Prego comprimere Per mitigare problemi di prestazione, pulire la cache se si esclude l’ispezione © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

53 Prioritizzazione con DiffServ 
3/27/2017 2:28 AM Policy HTTP globali Assegnazione della priorità in base a URL o domini Concordanza di configurazione con i router Solo per HTTP e HTTPS Non mettere bit DiffServ ad altri protocolli Possono essere rimossi bit DiffServ da pacchetti Non-HTTP-HTTPS © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

54 Protezione degli accessi ad Internet
3/27/2017 2:28 AM Protezione degli accessi ad Internet © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

55 I numeri 70% Attacchi che avvengo a livello applicativo 95%
3/27/2017 2:28 AM 70% Attacchi che avvengo a livello applicativo 95% Attacchi consentiti da errori nella configurazione Orgoglio Motivazione meno frequente per gli attacchi Profitto Motivazione più frequente per gli attacchi Studi vari © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

56 Resistenza ai flood Protegge ISA Server da
3/27/2017 2:28 AM Protegge ISA Server da Propagazione di worm Syn flood Denials of service Distributed DoS Bombe HTTP In alcuni casi sono protetti anche i computer dietro ISA, ma questo non è il principale obbiettivo di questa funzionalità © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

57 I default per le impostazioni
3/27/2017 2:28 AM Mitigazioni Default Eccez. Concurrent TCP connections allowed per source IP Mitiga gli attacchi TCP flood dove gli host attaccanti mantengono numerose connessioni TCP con ISA o host alle spalle di ISA 100 400 HTTP requests created per minute per source IP Mitiga attacchi DoS su HTTP dove gli host attaccanti inviano numerose richieste HTTP ai siti web vittime 600 6000 Concurrent non-TCP connections allowed per IP Mitiga attacchi Non-TCP dove host attaccanti inviano numerosi messaggi UDP o ICMP alle vittime dietro ISA Non-TCP sessions per minute per rule Mitiga attacchi DDoS Non-TCP dove molti host zombie partecipano all’attacco con molti pacchetti Non-TCP 1000 Trigger event when denied packets per minute per IP exceeds limit L’Alert notifica agli amministratori di ISA l’IP attaccante © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

58 Controllo delle risorse
3/27/2017 2:28 AM Log throttling Ferma il log dei record denied dopo il raggiungimento di una certa soglia Consumo di memoria Rifiuta nuove connessioni se si raggiunge il 90% d’uso della Non-Paged Pool Memory Continua a servire le connessioni esistenti Completamente automatizzato Query DNS Limita il numero di query DNS in attesa dopo il superamento dell’80% d’uso dei thread FW client richiede a ISA di risolvere l’hostname ISA risolve i nome DNS come parti della regola © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

59 Scenario di attacco mitigati
3/27/2017 2:28 AM Propagazione dei worm Host interni infetti mandano numerose richieste TCP a IP random sulla medesima porta Verifica delle soglie di connessione Verifica che gli IP sorgenti non siano “spooffati” Blocca questi IP fino all’approvazione dell’amministratore Forma più comune di attacchi flood ISA 2004 non protegge completamente © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

60 Scenari di attacco mitigati
3/27/2017 2:28 AM Exploit su ISA connection table Attaccanti possono usare molti IP non “spooffati” per eseguire DoS su ISA con connessioni TCP Non vengono superati i limiti per-source Verifica della quantità di Non-Paged Pool Memory. Ferma l’accettazione di nuove connessioni al superamento del 90% NPPM in uso Pulisce la tabella delle conessioni da quelle in idle Non è un attacco comune Può portare a DoS permanente su ISA 2004 Pochi altri firewall sul mercato possono gestire questo attacco © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

61 Scenari di attacco mitigati
3/27/2017 2:28 AM Exploit Pending DNS ISA configurato per vietare connessioni a domini non desiderati (o consentire connessioni solo a specifici domini) Host infetti mandano molte connessioni TCP a IP random; ISA esegue reverse DNS Blocco di nuove richieste al superamento dell’80% dei threads in uso Continua a servire richieste che non necessitano di reverse DNS o dove la risposta è in cache Causa più comune: propagazione di worm Può portare a DoS temporanei su ISA 2004 © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

62 Scenari di attacco mitigati
3/27/2017 2:28 AM Flood con connessioni sequenziali TCP L’attaccante sequenzialmente apre e quindi chiude molte connessioni Usata la stessa tecnica di mitigazione della diffusione dei worm: riconoscimento di un elevato numero di connessioni dallo stesso IP Blocco dell’IP Attacco non comune Su ISA 2004 può portare a DoS temporanei © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

63 Scenari di attacco mitigati
3/27/2017 2:28 AM DoS HTTP su connessioni esistenti Attaccante stabilisce una connessione sul server web Invia numerose richieste HTTP, superando la soglia ISA riconosce il superamento della soglia e limita il tasso di richieste dal client In aumento di popolarità Può condurre a DoS temporanei su ISA 2004 © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

64 Generazione degli alert
3/27/2017 2:28 AM IP sorgente in eccezione? É un attacco? © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

65 3/27/2017 2:28 AM Cos’altro? © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

66 Appliance Versione “rafforzata” di W2K3 Alcuni componenti aggiuntivi
3/27/2017 2:28 AM Versione “rafforzata” di W2K3 Alcuni componenti aggiuntivi Accelleratori di protocollo Antivirus Filtro dei contenuti (URL, web) Filtri antispam Add-ons per high availability Versione Standard e Enterprise Farm di appliance NLB, CARP Console di controllo multi-server Configurazione di storage dedicata Distribuzione unattended USB drive Wizard per branch office © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

67 Webcast per approfondire
3/27/2017 2:28 AM ISA 2006 Overview 19/09/2006 10:00-11:00 Gestione degli accessi 13/10/2006 Pubblicazione di Exchange e SharePoint 24/10/2006 10:00-11:30 Gestire al meglio la connessione con i branch office 09/11/2006 14:00-15:00 Il single sign-on 07/12/2006 Pubblicazione di applicazioni con Whale Communications IAG 21/12/2006 © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

68 3/27/2017 2:28 AM © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Scaricare ppt "Il nuovo Microsoft ISA Server 2006"

Presentazioni simili

Amministrazione dei servizi di stampa. Sommario Introduzione ai servizi di stampa Introduzione ai servizi di stampa Terminologia della stampa Terminologia.

Amministrazione dei servizi di stampa. Sommario Introduzione ai servizi di stampa Introduzione ai servizi di stampa Terminologia della stampa Terminologia.
Gli ipertesti del World Wide Web Funzionamento e tecniche di realizzazione a cura di Loris Tissìno (www.tissino.it)

Gli ipertesti del World Wide Web Funzionamento e tecniche di realizzazione a cura di Loris Tissìno (
CORSO DI SICUREZZA SU RETI II PROF. A. DE SANTIS ANNO 2006/07 Informatica granata Gruppo 2 ISP Gruppo 3 ISP.

CORSO DI SICUREZZA SU RETI II PROF. A. DE SANTIS ANNO 2006/07 Informatica granata Gruppo 2 ISP Gruppo 3 ISP.
Windows Server 2003 Active Directory Diagnostica, Troubleshooting e Ripristino PierGiorgio Malusardi IT Pro – Evangelist Microsoft.

Windows Server 2003 Active Directory Diagnostica, Troubleshooting e Ripristino PierGiorgio Malusardi IT Pro – Evangelist Microsoft.
Servizi integrati e completi per la piccola impresa Andrea Candian.

Servizi integrati e completi per la piccola impresa Andrea Candian.
ISA Server 2004 Enterprise Edition Preview. ISA Server 2004.

ISA Server 2004 Enterprise Edition Preview. ISA Server 2004.
ISA Server 2004 Configurazione di Accessi via VPN

ISA Server 2004 Configurazione di Accessi via VPN
Windows Server 2003 SP1 Security Configuration Wizard PierGiorgio Malusardi IT Pro Evangelist Microsoft.

Windows Server 2003 SP1 Security Configuration Wizard PierGiorgio Malusardi IT Pro Evangelist Microsoft.
Introduzione ad Active Directory

Introduzione ad Active Directory
Liberiamo(ci) (dal)le applicazioni con Softgrid

Liberiamo(ci) (dal)le applicazioni con Softgrid
Configuring Network Access

Configuring Network Access
SSL/TLS.

SSL/TLS.
| | Microsoft Certificate Lifecycle Manager.

| | Microsoft Certificate Lifecycle Manager.
Branch office update – SP2. Agenda Messa in esercizio degli uffici remoti Compressione HTTP Differentiated Services Cache di BITS.

Branch office update – SP2. Agenda Messa in esercizio degli uffici remoti Compressione HTTP Differentiated Services Cache di BITS.
Active Directory Federation Services

Active Directory Federation Services
Windows XP SP 2 e Office 2003 I dati nel vostro PC sempre sicuri Come rendere sicuro il proprio computer… …ed ottenere la massima produttività Aldo Tuberty.

Windows XP SP 2 e Office 2003 I dati nel vostro PC sempre sicuri Come rendere sicuro il proprio computer… …ed ottenere la massima produttività Aldo Tuberty.
Sicurezza e Policy in Active Directory

Sicurezza e Policy in Active Directory
Organizzazione di una rete Windows 2003

Organizzazione di una rete Windows 2003
Sicurezza e Policy in Active Directory. Sommario Amministrazione della sicurezza in una rete Windows 2003 Amministrazione della sicurezza in una rete.

Sicurezza e Policy in Active Directory. Sommario Amministrazione della sicurezza in una rete Windows 2003 Amministrazione della sicurezza in una rete.
Amministrazione di una rete con Active Directory

Amministrazione di una rete con Active Directory

Presentazioni simili

Annunci Google