Private Cloud Security via Forefront TMG 2010

1,429 views

Published on

This

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,429
On SlideShare
0
From Embeds
0
Number of Embeds
219
Actions
Shares
0
Downloads
36
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Private Cloud Security via Forefront TMG 2010

  1. 1. Private Cloud Security via Forefront TMG 2010 Esmaeil Sarabadani Systems and Security Consultant
  2. 2. What’s going to be covered…• Overview of the Public and Private Cloud• Public and Private Cloud Security Concerns• Data Isolation in Microsoft Cloud• The Geographical Location of Data• An Overview on Forefront Threat Management Gateway 2010• Virtualization of TMG in the Cloud• TMG Network Inspection System• TMG HTTPS Inspection• TMG Firewall Features• Securing Remote Access to your Private Cloud
  3. 3. What is the cloud?!! • It’s nothing supernatural. • It’s been with you for a long time. • Even our grandparents are using it now  • It’s used for social activities, entertainment, business and so more. • It could be more secure than your own PCs.
  4. 4. Private Cloud Public CloudWhatever…
  5. 5. Public CloudSecurity Concerns Choose where to store your data …
  6. 6. Public Cloud No AccessData Isolation Host VM Guest VM Guest VM Guest VM Hypervisor Physical Hardware
  7. 7. Public Cloud HackersNetwork Security Differentiating between the legitimate and illegitimate traffic is quite challenging. Analysis… Malicious Traffic ?!! VM VM VM VM VM VM VM VM VM Hypervisors Microsoft Public Cloud
  8. 8. Private CloudSecurity Concerns• Isolation of VMs from one another• You are the only one responsible for the security of the cloud• Attacks from inside the cloud• Huge attacks from the internet. Such as DoS or DDoS• Authentication, Authorization or Auditing of access to cloud services
  9. 9. ForefrontThreat Management Gateway 2010 • Network Inspection System • Web Anti-malware • HTTPS Inspection • Builds on ISA Server 2006 • Active Directory Integration • Custom Reports • Can be virtualized
  10. 10. DemoAn Overview on TMG
  11. 11. Software vs. Hardware Are hardware firewalls more Secure than software firewalls?
  12. 12. Software vs. Hardware Hardware firewalls are all software-based but only come in a hardware package.
  13. 13. Virtualization of TMG Internet Data transmission between the private and public clouds. Private Cloud Host Guest Guest Guest VM VM VM TMG VM Hypervisor • The edge gateway and FW • The only Guest connectedNot Connected to to the Internetthe Internet • At least two virtual NIC
  14. 14. Two Virtual NICsHost VM Guest VM Guest VM TMG Hypervisor Physical Hardware
  15. 15. Private Cloud Hypervisor Hypervisor Hypervisor Data transmission inside the private cloud.
  16. 16. DemoVirtualization of TMG
  17. 17. Virtualization of TMGBest Practices • Always disconnect the Host VM from the Internet • All the traffic to the Internet must pass through the VM with TMG • If there are multiple hypervisors (Physical Servers), the traffic between the VMs in different physical servers should be filtered using TMG. • The virtual Switch connecting the VMs in every physical server must be Private.
  18. 18. Network Inspection System • Inspects the traffic for exploits of vulnerabilities • With the minimum number of false positives • Has a repository to store signatures for different types of attacks and can update the repository • Able to create inspection exception for some parts of the network
  19. 19. DemoTMG Network Inspection System
  20. 20. HTTPS Inspection • It acts as a man-in-the-middle between the two SSL connection parties • It can inspect inside SSL-Encrypted traffic • It looks for possible malware or exploits inside an SSL connection
  21. 21. DemoTMG HTTPS Inspection
  22. 22. TMG Firewall Features • Multi-Layer Firewall. It provides access control and protection on three layers: • Packet filtering • Stateful inspection • Application layer filtering • DoS Protection • Supports so many protocols and new protocols can be defined. • Granular HTTP Control: • File Download Controls • Signature Based Blocking • HTTP Method Control
  23. 23. DemoTMG Firewall Features
  24. 24. Securing Remote Access to your Private Cloud Active Directory Integration for Authentication, Authorization, Auditing VPN Client TMGPrivate Cloud Active Directory RODC Outlook Web Access
  25. 25. Securing Remote Access to your Private Cloud • Remote Access VPN by PPTP, L2TP/IPSec and SSTP • Inspection of VPN traffic • Integration with Active Directory • Integration with Network Access Protection and VPN Quarantine
  26. 26. DemoTMG Secure Remote Access
  27. 27. Thank You Q&A
  28. 28. void contact() { e-mail Address: e.sarabadani@gmail.com My Blog: http://esihere.wordpress.com/ Twitter: http://www.twitter.com/esmaeils}

×