|
TMG 2010
A- Tổng quan
1. Giới thiệu
TMG bao hàm bảo mật Web gateway giúp bảo vệ người dùng tránh các đe doạ trong Web-based
Forefront Threat Management Gateway 2010 (TMG) cho phép các doanh nghiệp bảo vệ nhân viên một cách an toàn và hiệu quả khi sử dụng Internet để kinh doanh mà không lo lắng về phần mềm độc hại và các mối đe dọa khác. TMG cung cấp nhiều lớp bảo vệ được cập nhật liên tục và được tích hợp vào một hệ thống thống nhất, dễ dàng quản lý các gateway, giảm chi phí và độ phức tạp của bảo mật Web
Giải pháp Forefront TMG bao gồm hai thành phần riêng biệt được cấp phép:
• Forefront TMG server cung cấp các lọc URL, kiểm tra chống malware, phòng chống xâm nhập, ứng dụng, tường lửa tầng network và kiểm tra HTTP / HTTPS trong một giải pháp duy nhất
• Forefront TMG Dịch vụ Bảo vệ web cung cấp các bản cập nhật liên tục để lọc phần mềm độc hại và truy cập vào địa chỉ URL dựa trên đám mây lọc công nghệ tổng hợp từ các nhà cung cấp bảo mật Web để bảo vệ chống lại các mối đe dọa mới nhất dựa trên Web.
2. Internet protection
Microsoft TMG 2010 cung cấp một trạng thái của kỹ thuật tường lửa và dễ dàng xuất bản Secure ActiveSync và Webmail giữa các tài nguyên khác.
SSTP VPN
Secure ActiveSync
Webmail
3. Lợi điểm
Comprehensive Protection
· Multiple URL filtering data sources for improved blocking of malicious Web sites
· Highly accurate antimalware engine
· Intrusion prevention against exploitation of vulnerabilities
· Built-in, proven network protection technologies of ISA 2006
Integrated Security
· Multiple Web security technologies integrated into a single solution
· Authentication, update, policy distribution and reporting infrastructure investments
Simplified Management
· Single interface for managing Web security policy
· Comprehensive logging and reporting
B- Các tính năng
1. Feature Highlight: HTTPS Inspection
HTTPS Inspection, an innovative feature, enables Forefront TMG to inspect inside users’ SSL-encrypted Web traffic.
By inspecting within these encrypted sessions, Forefront TMG can both detect possible malware as well as limit employee Web usage to approved sites. Sensitive sites, such as banking sites, can be excluded from inspection.
2. Các tính năng mới
|
Feature
|
Description
|
|
URL Filtering
|
Destination URLs are examined for compliance with corporate policy and for malicious potential of destination Web site. Forefront TMG uses Microsoft Reputation Services for URL filtering, combining multiple sources to increase coverage of URLs and categorization.
|
|
Web antivirus/anti-malware protection
|
Inbound and outbound Web traffic is inspected for viruses and malware, including archived folders. Encrypted folders can be blocked. For large files, users are trickled the file to assure them the file is being downloaded.
|
|
E-mail security
|
Forefront TMG provides central management for Exchange and Forefront Protection 2010 for Exchange when located on the same server. Forefront TMG does not include either Exchange or Forefront Protection 2010 for Exchange. Both must be purchased and installed separately.
|
|
HTTPS inspection
|
HTTPS-encrypted sessions can be inspected for malware or exploits. Specific groups of sites—such as banking sites—can be excluded from inspection for privacy reasons. Users of the TMG Firewall Client can be notified of the inspection.
|
|
Network Inspection System (NIS)
|
Traffic can be inspected for exploits of Microsoft vulnerabilities. Based on protocol analysis, NIS enables blocking of classes of attacks while minimizing false positives. Protections can be updated as needed.
|
|
Enhanced Network Address Translation (NAT)
|
Forefront TMG now enables you to specify individual e-mail servers that can be published on a 1-to-1 NAT basis.
|
|
Enhanced Voice over IP support
|
Forefront TMG includes SIP traversal, enabling simpler deployment of Voice over IP within the network.
|
|
Windows Server 64-bit support
|
Forefront TMG is installed on Windows Server 2008 with 64-bit support.
|
3. Firewall Protections
|
Feature
|
Description
|
|
Multi-layer firewall
|
Forefront TMG provides access control and protection on three layers: packet filtering, stateful inspection, and application layer filtering.
|
|
Application layer filtering
|
Forefront TMG provides deep content filtering through built-in application filters.
|
|
Granular HTTP controls
|
Forefront TMG delivers customizable, granular controls to HTTP traffic, including:
- File download controls
- Signature-based blocking
- HTTP method controls
Forefront TMG provides strong controls over Web-based threats.
|
|
DoS protections
|
Forefront TMG provides resiliency against flood attacks and re-allocates resources to provide higher security inspection.
|
|
Extensive protocol support
|
Forefront TMG delivers out-of-the-box support for many protocols. New protocols can be defined.
|
4. Highly Secure Application Publishing
|
Feature
|
Description
|
|
Highly secure e-mail access from Outlook Client
|
Remote users can access Exchange Server using the full Outlook MAPI client over the Internet without establishing a VPN connection. The connection is encrypted for security.
|
|
Simple Outlook Web Access and Microsoft Office SharePoint Server publishing
|
Simple wizards allow quick configuration of remote access for both Outlook Web Access and SharePoint servers. Outlook Web Access users can be authenticated at the Forefront TMG server, preventing attacks by unauthenticated users.
|
|
Highly secure publishing of Web servers, internal servers, and Terminal Services
|
Remote users can access internal resources or Web servers more securely. Link translation is provided.
|
|
Single sign on
|
Forefront TMG allow users to access a group of published Web sites without being required to authenticate with each Web site.
|
|
Delegation of basic authentication
|
Forefront TMG helps protect published Web sites from unauthenticated access by requiring the Forefront TMG firewall to authenticate the user before the connection is forwarded to the published Web site. This prevents exploits from unauthenticated users from reaching the published Web server.
|
|
Link translation to internal servers
|
Forefront TMG includes a link translation feature that you can use to create a dictionary of definitions for internal computer names that map to publicly known names. Implements link translation automatically during Web publishing.
|
|
SSL bridging support
|
To guard against embedded attacks in HTTP traffic, SSL bridging allows SSL protected packets to be decrypted by Forefront TMG, inspected, and re-encrypted.
|
5. Virtual Private Networks
|
Feature
|
Description
|
|
Site-to-site VPN
|
Forefront TMG enables quick connectivity between sites via wizard-based approach. Also can be configured for tunnel-mode IPSec for support of third party devices.
|
|
Remote access VPN
|
Forefront TMG provides termination of L2TP/IPSec and PPTP VPN sessions, using the native Windows VPN services.
|
|
Inspection of VPN traffic
|
VPN traffic terminated on the Forefront TMG server is inspected according to the appropriate security policy.
|
|
VPN quarantine
|
Forefront TMG provides deep VPN client inspection and integration of your firewall policy.
|
|
SecureNAT for VPN clients
|
Forefront TMG helps ensure remote users connected to the network can gain Internet access while maintaining a strong security policy for the corporate network.
|
|
Publish VPN servers
|
Forefront TMG can be used to publish internal Windows Servers as VPN servers.
|
6. Management
|
Feature
|
Description
|
|
Enterprise policy
|
Policy can be assigned to gateways, arrays, or enterprise-wide.
|
|
Easy-to-use wizards
|
Forefront TMG simplifies configuration with multiple wizards for features such as Web publishing, Web access, and array configuration.
|
|
Real-time monitoring and reporting
|
Logs may be viewed real-time or historically – including active sessions.
|
|
Query building
|
With a built-in query tool, historical data can be found quickly. Complex queries can be built.
|
|
Report creation and publishing
|
Reports can be designed for specific needs and then published locally or to a network file share.
|
|
External logging
|
Logs may be sent to a Microsoft SQL Server located on the internal network.
|
|
Delegated permissions
|
Admin roles can be delegated to users or groups.
|
7. Networking and Performance
|
Feature
|
Description
|
|
Network load balancing
|
Forefront TMG leverages network load balancing to provide fail over and scaling of performance.
|
|
Network-based configuration
|
You may configure one or more networks, each with distinct relationships to other networks. Access policies are defined relative to the networks and not necessarily relative to a specific internal network. Forefront TMG extends the firewall and security features to apply to traffic between any networks or network objects.
|
|
Caching
|
Forefront TMG provides caching to improve user experience and reduce bandwidth costs. With the centralized cache rule mechanism of Forefront TMG, you can configure how objects stored in the cache are retrieved and served from the cache.
|
|
Background Intelligent Transfer Service (BITS) caching
|
Forefront TMG provides the caching mechanism for data received through BITS. Any cache rule that you create can be enabled to cache BITS data.
|
|
HTTP compression
|
You can reduce file size by using algorithms to eliminate redundant data during transmission of HTTP packets.
|
|
Diffserv (Quality of Service)
|
Forefront TMG includes packet prioritization functionality (provided by the Diffserv Web filter), which scans the URL or domain and assigns a packet priority using Diffserv bits.
|
So sánh TMG với ISA Server 2006 và TMG MBE
| |
ISA 2006
|
TMG MBE
|
TMG
|
|
Firewall
|
√
|
√
|
√
|
|
VPN (site-to-site and remote access)
|
√
|
√
|
√
|
|
Web proxy
|
√
|
√
|
√
|
|
Caching
|
√
|
√
|
√
|
|
Arrays for load balancing and failover
|
√
|
|
√
|
|
Non-domain joined gateway
|
√
|
|
√
|
|
Windows Server 2008 64-bit support
|
|
√
|
√
|
|
Web anti-malware
|
|
√
|
√
|
|
HTTPS inspection
|
|
|
√
|
|
E-mail security
|
|
|
√
|
|
Network Inspection System
|
|
|
√
|
|
ISP redundancy
|
|
|
√
|
|
Centrally manage Standard and Enterprise Edition gateways together (requires Enterprise Edition gateway)
|
|
|
√
|
C- Chương trình đào tạo
1) Microsoft Threat Management Gateway 2010 Overview
a. Microsoft NIS Overview
b. NIS Signature Types
2) Exploring NIS Components
a. General Architecture
b. GAPA Language (GAPAL) and Compiler
c. Run Time Architecture
d. GAPA Inspection Engine
e. Supported Protocols
f. Signature and Engine Updates
g. Telemetry Service
h. NIS Encyclopedia
3) Deploying NIS
a. Planning NIS Deployment
b. Deciding What Network Traffic to Inspect
c. Performing Capacity Planning
4) Configuring NIS
a. Enabling NIS
b. Configuring Signature Updates
c. Verifying that NIS is Receiving Updates
d. Selecting an Older Signature Set
e. Granular Configuration
f. Using NIS Tasks
g. Configuring Exceptions
h. Configuring Protocol Anomalies Policy
i. Configuring Global Response Policy Setting
j. Configuring Signatures Overrides
k. Configuring Telemetry
5) Testing NIS Deployment
a. Testing with the HTTP test signature
b. Testing with the SMB test signature
6) Monitoring NIS
a. Monitoring NIS Signatures
b. Manual Flagging for Attention
c. Automatic Flagging for Attention
d. Using Automatic Flagging for Staging
e. Automatic Flagging of Signatures with Overridden Policy
f. Monitoring NIS Performance
7) Troubleshooting NIS
a. Signature Set Updates Failure
b. Potentially Incorrect Detections
c. Potentially Incorrect Protocol Anomaly Detection
d. Potentially Missing Detection
e. File Based Exploits
f. Signature Policy Configuration
g. Network Object Exception
h. Signature Set Version is not Up-to-date
i. User Defined Protocols
j. Detection Related NIS Alerts
k. Tools and Tips
l. Viewing History of Configuration Changes
m. Using Windows Event Viewer
n. Using Forefront TMG Logs
8) Understanding the Research and Response for NIS
a. Threat Identification
b. Threat Research
c. Signature Development
d. Signature Testing
e. Signature Release
f. Rapid Response
g. Concluding Throughts
|
