形状图例5.ppt

RADIUS Authentication Federation through RADIUS proxies Can be used for centralized authentication services Domain membership not required Great for DMZ placement ISA Server 2000 (Old)Networking Model Fixed zones “IN” = LAT “OUT” = DMZ, Internet Packet filter only on external interfaces Single outbound policy NAT always Static filtering from DMZ to Internet ISA Server 2004 Networking Model Any number of networks VPN as network Localhost as network Assigned relationships (NAT/Route) Per-Network policy Packet filtering onall interfaces Support for DoD Any topology, any policy Rule Structure Policy Mapping Basic ISA 2000 rules Protocol rules Site and Content rules Static packet filters Publishing rules Web publishing rules Selected filtering configuration Other ISA 2000 rules Address translation rules Web routing rules ISA Server 2004 Architecture IIS 5 Request Processing IIS 6.0 Request Processing What is Remote Access Quarantine? Detailed Quarantine Process Exploit Timeline MBSA – How It Works MSSecure.xml contains Security bulletin names Product-specific updates Version and checksum info Registry keys changed KB article numbers Etc. Defense In Depth Using a layered approach Increases attacker’s risk of detection Reduces attacker’s chance of success Requirements For Successful Patch Management Patch Management Process SUS – How It Works SUS – Sample Deployment Scenario Software Update Service SUS Deployment Scenario 1 Software Update Service SUS Deployment Scenario 2 Software Update Service SUS Deployment Scenario 3 Managing A ComplexSUS Environment Centrally manage downloading and approving updates Use OU structure and GPOs to manage SUS update distribution Use the WUAU.ADM template file to configure AU client settings Assign GPOs to OUs Ages of Security No decent tools No mythology, no guidance Very little information shared Global lack of awareness SMS – What It Does Security Policy Model System = Programs + Servers + Solutions + Services Measuring S