Search This Blog

Wednesday, September 28, 2011

ISAserver.org - September 2011 Newsletter

-------------------------------------------------------
ISAserver.org Monthly Newsletter of September 2011
Sponsored by: Collective Software
<http://www.collectivesoftware.com/isaserver.newsletter.201109.lockoutguard>

-------------------------------------------------------

Welcome to the ISAserver.org newsletter by Debra Littlejohn Shinder, MVP. Each month we will bring you interesting and helpful information on ISA Server. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to dshinder@isaserver.org


1. The Future of Remote Access
--------------------------------------------------------------

The talk of cloud is heating up more than ever. You can see this in communications not only from Microsoft, but from all the major players in the IT industry. Heck, HP is even reportedly (maybe) getting out of the personal computer business, and you can bet it&#146;s at least partly because of the cloud. If the industry sees the cloud as having that much influence over how business computing is going to be done in the future, then maybe we need to pay attention so that we&#146;ll know how to plan our networks for that &#147;PC-less&#148; future.

All this got me thinking about the question of remote access. Remote access has been a critical service in the last decade or so that enables people to get work done from anywhere they happen to be. Remote access allows employees to access information that is located on the corporate intranet. Over the years, the better and more secure your remote access solution, the more competitive advantage your company had, because employees could work from home, on the road, or wherever else they were, and not let the corporate firewall get in the way of making the company money. The ISA and TMG firewalls were the models of great remote access solutions, and remote access scenarios were some of most popular deployments for these firewalls.

But with cloud, things are likely going to change on the remote access front. Most of the information employees want to get to (such as email, collaboration servers, CRM, database and other services) will be increasingly located somewhere &#147;out there&#148; in the public cloud. That means your users will no longer need to access intranet resources behind a firewall that&#146;s enabling remote access. So, does that mean you&#146;ll no longer need a TMG firewall?

Of course not! As a matter of fact, I think cloud computing is going to make secure gateways even more important. Because even intranet clients are going to need to access the public cloud in order to get the information they need, and thus venture outside the corporate network much more frequently, they&#146;re going to need the additional protection of an application layer inspection firewall. After all, you don&#146;t control the entire infrastructure of the public cloud, so it represents a potentially greater threat to your users, compared to when they accessed the same information on internal servers that you managed on your intranet. A secure application layer inspection firewall such as the TMG firewall is the ideal solution for protecting your intranet from exploits that might gain entry to your network from your public cloud assets.

On the other hand, whereas outbound access control and outbound access security will become even more important than before, we have to concede that it&#146;s likely that publishing scenarios, such as the popular Exchange and SharePoint publishing scenarios, may slowly fade away, since for many companies those services will be hosted in the public cloud. So what does that mean to TMG? Well, based on that probability, I expect that fewer investments will be made to the publishing features in the TMG firewalls of the future, and more work will be done with outbound access security, such as more comprehensive security controls and inspection for content access in the public cloud, and more robust data leakage protection.

What do you think? Will the remote access features in the TMG firewall slowly fall into the cloud? Let me know!


See you next month! - Deb.
dshinder@isaserver.org

=======================
Quote of the Month - "Intellectual growth should commence at birth and cease only at death." - Albert Einstein
=======================


2. ISA Server 2006 Migration Guide - Order Today!
--------------------------------------------------------------

Dr. Tom Shinder's best selling books on ISA Server 2000 and 2004 were the "ISA
Firewall Bibles" for thousands of ISA Firewall administrators. Dr. Tom and his
illustrious team of ISA Firewall experts now present to you , ISA Server 2006
Migration Guide
<http://www.amazon.com/exec/obidos/ASIN/1597491993/isaserver1-20/>. This book
leverages the over two years of experience Tom and his team of ISA Firewall
experts have had with ISA 2006, from beta to RTM and all the versions and builds
in between. They've logged literally 1000's of flight hours with ISA 2006 and
they have shared the Good, the Great, the Bad and the Ugly of ISA 2006 with
their no holds barred coverage of Microsoft's state of the art stateful packet
and application layer inspection firewall.

Order your copy of ISA Server 2006 Migration Guide
<http://www.amazon.com/exec/obidos/ASIN/1597491993/isaserver1-20/>. You'll be
glad you did.


3. ISAserver.org Learning Zone Articles of Interest
--------------------------------------------------------------

* Test Lab Guide: Demonstrate Site to Site VPN with Threat Management Gateway 2010 (Part 2)
<http://www.isaserver.org/tutorials/Test-Lab-Guide-Demonstrate-Site-to-Site-VPN-Threat-Management-Gateway-2010-Part2.html>

* Intrusion Detection and Prevention in Forefront TMG (Part 2) - Network Inspection System
<http://www.isaserver.org/tutorials/Intrusion-Detection-Prevention-Forefront-TMG-Part2.html>

* ADVSoft ProxyInspector for ISA Server Voted ISAserver.org Readers&#146; Choice Award Winner - Reporting
<http://www.isaserver.org/news/ISAserver-Readers-Choice-Award-Reporting-ADVSoft-ProxyInspector-for-Microsoft-ISA-Server-Jul11.html>

* Test Lab Guide: Demonstrate Site to Site VPN with Threat Management Gateway 2010 (Part 1)
<http://www.isaserver.org/tutorials/Test-Lab-Guide-Demonstrate-Site-to-Site-VPN-Threat-Management-Gateway-2010-Part1.html>

* Intrusion Detection and Prevention in Forefront TMG (Part 1) - Behavioral Detection
<http://www.isaserver.org/tutorials/Intrusion-Detection-Prevention-Forefront-TMG-Part1.html>

* Test Lab Guide (Part 4) - Demonstrate TMG PPTP, L2TP/IPsec and SSTP Remote Access VPN Server (Cont.)
<http://www.isaserver.org/tutorials/Test-Lab-Guide-Part4.html>

* Overview of the Microsoft Reputation Service (MRS), Microsoft Malware Protection Center (MMPC) and other techniques
<http://www.isaserver.org/tutorials/Overview-Microsoft-Reputation-Service-MRS-Microsoft-Malware-Protection-Center-MMPC-other-techniques.html>

* Test Lab Guide (Part 3) - Demonstrate TMG PPTP, L2TP/IPsec and SSTP Remote Access VPN Server (Cont.)
<http://www.isaserver.org/tutorials/Test-Lab-Guide-Part3.html>


4. ISA/TMG/UAG Content of the Month
---------------------------------------------------------------

Lockdown mode! What&#146;s lockdown mode? The TMG firewall will go into lockdown mode when something goes wrong with the firewall. This is part of the TMG firewall&#146;s approach of &#147;failing closed&#148;, which is what good firewalls are supposed to do. In this article, Marc Grote explains the purpose of the TMG firewall&#146;s lockdown mode and how the new log queue works to make sure that you continue to know what&#146;s going on when the system goes into lockdown mode.

Check it out at
<http://www.isaserver.org/tutorials/Explaining-Microsoft-Forefront-TMG-Firewall-Lockdown-Mode.html>


5. Tip of the Month
--------------------------------------------------------------

Did you know that you can use your TMG firewall as a secure email gateway? That&#146;s right! You can install Forefront Security for Exchange on the TMG firewall and configure the TMG firewall as an inbound and outbound SMTP relay that whacks spam and cleans viruses out of your email. For the details on how to do this, check out this article on how to configure the TMG firewall as an email gateway http://technet.microsoft.com/en-us/library/dd441084.aspx


6. ISA/TMG/IAG/UAG Links of the Month
--------------------------------------------------------------

*Forefront Pricing and Licensing Guide*

Unfortunately, understanding software licensing and pricing isn&#146;t always as straightforward as it should be. It&#146;s easy to get lost in the myriad of details with no idea what it&#146;s going to cost you to deploy a new technology. This 50+ page guide attempts to answer all your questions about Forefront 2010 licensing, with updated licensing information and scenarios that include System Center solutions, VDI suites, and more.
<http://t.co/xgwEoWC>

*Unable to Update Forefront TMG 2010 NIS Signature when Using WSUS?*

Have you had this problem? You have a Forefront TMG 2010 computer configured to use an internal WSUS server to get updates, and the TMG server is able to get the Windows updates &#150; but for some reason it&#146;s not able to obtain the NIS signature. The problem is likely to be that you don&#146;t have WSUS configured to download TMG NIS updates. Okay, so how do you fix it? Check out Ed Price&#146;s article over on the TechNet Wiki and he&#146;ll tell (and show) you how:

<http://social.technet.microsoft.com/wiki/contents/articles/unable-to-update-forefront-tmg-2010-nis-signature-when-using-wsus.aspx>


*Ain&#146;t Nothing Regular About Regular Expressions*

Regular Expressions, RegEx, is a text-matching mechanism that&#146;s supported by Forefront UAG. If you&#146;re scratching your head and wondering, &#147;What&#146;s that and why should I care?&#148; you&#146;re missing out on something that can save you a great deal of time and effort. And in today&#146;s ultra-busy, always-overworked IT world, that&#146;s a pretty attractive proposition. Interested yet? Then get over to Ben Ari&#146;s UAG and IAG Blog and check out this post:
<http://blogs.technet.com/b/ben/archive/2011/09/07/ain-t-nuthin-regular-about-regular-expression.aspx>


7. Blog Posts
--------------------------------------------------------------

* Wrong Network Configuration? What&#146;s the impact on TMG?
<http://blogs.isaserver.org/shinder/2011/08/31/wrong-network-configuration-whats-the-impact-on-tmg/>

* What do you do when you find many instances of denied request to the Web Proxy Filter?
<http://blogs.isaserver.org/shinder/2011/08/31/what-do-you-do-when-you-find-many-instances-of-denied-request-to-the-web-proxy-filter/>

* Publishing RDS Web with RSA
<http://blogs.isaserver.org/shinder/2011/08/29/publishing-rds-web-with-rsa/>

* Publishing File Access and DFS with UAG
<http://blogs.isaserver.org/shinder/2011/08/29/publishing-file-access-and-dfs-with-uag/>

* TMG Firewall Page Get Updated
<http://blogs.isaserver.org/shinder/2011/08/29/tmg-firewall-page-get-updated/>

* Forefront UAG Page Gets a Makeover
<http://blogs.isaserver.org/shinder/2011/08/29/forefront-uag-page-gets-a-makeover/>

* Unable to view OAB and OOF via Outlook Anywhere published through TMG/ISA
<http://blogs.isaserver.org/shinder/2011/08/29/unable-to-view-oab-and-oof-via-outlook-anywhere-published-through-tmgisa/>

* Microsoft Security Newsletter features From End to Edge and Beyond Security Talk Show
<http://blogs.isaserver.org/shinder/2011/08/29/microsoft-security-newsletter-features-from-end-to-edge-and-beyond-security-talk-show/>

* Slow Performance accessing CRM IFD published with ISA/TMG
<http://blogs.isaserver.org/shinder/2011/08/29/slow-performance-accessing-crm-ifd-published-with-isatmg/>

* From End to Edge and Beyond&#150;Security Talk with Tom Shinder and Yuri Diogenes&#150;Episode 5: DirectAccess for anywhere access in the new cloud world
<http://blogs.isaserver.org/shinder/2011/08/18/from-end-to-edge-and-beyondsecurity-talk-with-tom-shinder-and-yuri-diogenesepisode-5-directaccess-for-anywhere-access-in-the-new-cloud-world/>


8. Ask Sgt Deb
--------------------------------------------------------------

* QUESTION:

Hi Deb,

I have searched the Internet for this answer and nothing pops up. We have an old ISA 2000 firewall that we&#146;re migrating to ISA 2006 on a new server. Most users access the firewall through applications directly, but there are some apps that don&#146;t have native web proxy support that have the ISA Firewall Client installed. We need to determine which users/machines are using the client software. Are there entries in the firewall or web logs that identify when the ISA client was used vs. a direct connection?

Thanks,
Chris


ANSWER:

Hey Chris!

I&#146;ve got good news for you. The TMG firewall does keep track of machines that use the Firewall client. While it doesn&#146;t have a log field that that says &#147;hey Chris! I&#146;m using the Firewall client&#148;, the machines that are running the Firewall client send information to the TMG firewall that would otherwise be unavailable to the TMG firewall. You can find this unique information in the Client Agent field in the TMG firewall&#146;s logs. The previous versions of the TMG firewall (all versions of ISA) also log this field. If you look in the log viewer, you&#146;ll see this:

<IMAGE: http://www.isaserver.org/img/ISA-MWN-September-11-1.jpg>

Note that you&#146;ll need to add this field if you want to see it in the log viewer. If you are using text logging, you can import that text into Excel and filter out the entries that do not have the Firewall client installed. Then you can look at the names of the machines that are sending application name information to the firewall &#150; and that will be your list of machines that have the Firewall client installed.

Also, if you&#146;re upgrading, I would highly recommend that you move to TMG instead of ISA 2006. TMG 2010 is the current version of the firewall and includes a number of significant improvements over ISA 2006.

Do you have any questions or ideas for content? Email me on dshinder@isaserver.org.


TechGenix Sites
--------------------------------------------------------------

MSExchange.org <http://www.msexchange.org/>
WindowSecurity.com <http://www.windowsecurity.com/>
WindowsNetworking.com <http://www.windowsnetworking.com/>
VirtualizationAdmin.com <http://www.virtualizationadmin.com/>

--
Visit the Subscription Management <http://www.techgenix.com/newsletter/>
section to unsubscribe.
ISAserver.org is in no way affiliated with Microsoft Corp.
http://www.techgenix.com/advert/index.htm for sponsorship
information or contact us at advertising@isaserver.org
Copyright c ISAserver.org 2011. All rights reserved.

No comments: