Post on 26-Mar-2015
transcript
Windows Small Business Server 2003
la sicurezza garantita e pre-configurata per i servizi Exchange, l'accesso remoto
e l'amministrazione della reteAlessandro Appiani
Microsoft Certified Partner
Agenda
Componenti tecnologici per la sicurezza Sicurezza perimetrale Sicurezza nelle comunicazioni di rete Sicurezza interna Policy, Auditing & Control
Le aree pre-configurate in Windows Small Business Server 2003 Network design & Architecture Infrastruttura Exchange Remote Access Active Directory Tools
Live Demo...
Componenti tecnologici per la sicurezza
Perimetrale Firewalling E-mail protection
Comunicazioni Encryption Secure Socket Layer Virtual Private Network Remote Access
Rete interna Active Directory / Security Realm Policy (User, Computer, ...) Auditing Content inspection (Antivirus)
Sicurezza perimetrale
Firewall
“Uno o più componenti/dispositivi che controllano l’accesso da una rete protetta verso/da Internet
e/o altre reti” *
*Zwicky, Cooper, Chapman – Building Internet Firewalls – O’Reilly 1995/2000
Filters and Network Access
Streaming Media
SMTP
DNS Intrusion Firewall
Access Policy
Allow HTTP
All Destinations
Internal/Protected NetworkInternal/Protected NetworkExternal/Unsecured NetworkExternal/Unsecured Network
Rules A
pplied
Streaming Media
SMTP
Firewall in Small Business Server
A Controlled Point of Access for All Traffic that Enters the Internal Network
A Controlled Point of Access for All Traffic that Leaves the Internal Network
Inside/Outside
Windows Server 2003ISA Server
Sicurezza nelle comunicazioni
Quali problemi abbiamo con una comunicazione di rete che usa connettività pubblica come Internet?
NetworkNetworkMonitoringMonitoringNetworkNetwork
MonitoringMonitoring
DataDataModificationModification
DataDataModificationModification
IdentityIdentitySpoofingSpoofingIdentityIdentity
SpoofingSpoofingMan-in-Man-in-
the-Middlethe-MiddleMan-in-Man-in-
the-Middlethe-Middle
Password-Password-basedbased
Password-Password-basedbased
Encrypts Data at the Application Layer SSL TLS
Encrypts Data at the Network Layer Tunneling Protocol IPSec
La soluzione: la cifratura dei dati trasmessi
Encrypted IP Packet
Cifratura del traffico
Application-Layer
Network-Layer: Virtual Private Network (VPN)
ApplicationApplicationApplicationApplication
SSL/TLSSSL/TLSSSL/TLSSSL/TLS
TCP/UDPTCP/UDPTCP/UDPTCP/UDP
IP/IPSecIP/IPSec
Link LayerLink LayerLink LayerLink Layer
Physical Physical LayerLayer
Physical Physical LayerLayer
ApplicationApplication
SSL/TLSSSL/TLS
Sicurezza interna e controllo
Active Directory!
Active Directory!
Active Directory!
Windows Small Business Server 2003
Componenti di sicurezza
setup & configuration
Scenario di connessione router
Internet
InternetRouter(ISP) SBS
rete pubblica(es: 193.205.245.24/29)
rete privata10.0.1.0/24
.2
xDSLFibra ottica
ISDN...
rete pubblica (con NAT)(es: 192.168.0.0/24)
azienda.local
To Do List
The Configure E-mail and Internet Connection Wizard
This wizard provides on-screen instructions to configure the following server settings:This wizard provides on-screen instructions to configure the following server settings:
Networking
Firewall
Secure Web publishing
Networking
Firewall
Secure Web publishing
Network Connections
Broadband connection types include:Broadband connection types include:
Direct broadband connection
Local router
Broadband connection that requires a user name and password
Direct broadband connection
Local router
Broadband connection that requires a user name and password
The Configure E-mail and Internet Connection Wizard supports multiple Internet connections that use a broadband device or a modem
Firewall Settings
To configure the firewall, you must meet one of the following criteria:To configure the firewall, you must meet one of the following criteria:
Use a dial-up connection to the InternetUse a direct broadband connection that requires a user name and password (es: modem adsl)Use a broadband connection to the Internet (es: router) Use an existing firewall device on your network that supports Universal Plug and Play
Use a dial-up connection to the InternetUse a direct broadband connection that requires a user name and password (es: modem adsl)Use a broadband connection to the Internet (es: router) Use an existing firewall device on your network that supports Universal Plug and Play
You can choose which Web site services that users can access, such as:You can choose which Web site services that users can access, such as:
Secure Web Site Settings
Outlook Web Access
Remote Web Workspace
Performance and Usage reports
Outlook Mobile Access
SharePoint site
Outlook Web Access
Remote Web Workspace
Performance and Usage reports
Outlook Mobile Access
SharePoint site
To send and receive Internet e-mail messages by using Exchange: To send and receive Internet e-mail messages by using Exchange:
E-mail Settings
Choose the appropriate delivery method Choose the appropriate retrieval method Choose the signal type Enter the registered Internet domain name Determine whether to remove e-mail
attachments from incoming e-mail
Windows Small Business Server Remote Access Wizard
This wizard provides on-screen instructions for configuring your server for:This wizard provides on-screen instructions for configuring your server for:
VPN connections
Dial-up connections
Both VPN and dial-up connections
VPN connections
Dial-up connections
Both VPN and dial-up connections
After clicking Finish, the wizard:After clicking Finish, the wizard:
Configures the server according to your selected settings
Creates the Client Connection Manager configuration file
Configures the remote access policy to allow members of the Mobile Users group to use remote access
Configures the server according to your selected settings
Creates the Client Connection Manager configuration file
Configures the remote access policy to allow members of the Mobile Users group to use remote access
Riferimenti e risorse
Risorse tecniche per Windows Small Business Server 2003http://www.microsoft.com/italy/windowsserver2003/sbs/techinfo/default.mspx
MOC Course 2395: Design, Deploy, and Manage a Network Solution for a Small and Medium Businesshttp://www.microsoft.com/traincert/syllabi/2395AFinal.asp
Exam 70-282: Design, Deploy, and Manage a Network Solution for a Small- and Medium-Sized Businesshttp://www.microsoft.com/learning/exams/70-282.asp