Windows Small Business Server 2003

la sicurezza garantita e pre-configurata per i servizi Exchange, l'accesso remoto

e l'amministrazione della reteAlessandro Appiani

Microsoft Certified Partner

Agenda

Componenti tecnologici per la sicurezza Sicurezza perimetrale Sicurezza nelle comunicazioni di rete Sicurezza interna Policy, Auditing & Control

Le aree pre-configurate in Windows Small Business Server 2003 Network design & Architecture Infrastruttura Exchange Remote Access Active Directory Tools

Live Demo...

Componenti tecnologici per la sicurezza

Perimetrale Firewalling E-mail protection

Comunicazioni Encryption Secure Socket Layer Virtual Private Network Remote Access

Rete interna Active Directory / Security Realm Policy (User, Computer, ...) Auditing Content inspection (Antivirus)

Sicurezza perimetrale

Firewall

“Uno o più componenti/dispositivi che controllano l’accesso da una rete protetta verso/da Internet

e/o altre reti” *

*Zwicky, Cooper, Chapman – Building Internet Firewalls – O’Reilly 1995/2000

Filters and Network Access

Streaming Media

SMTP

DNS Intrusion Firewall

Access Policy

Allow HTTP

All Destinations

Internal/Protected NetworkInternal/Protected NetworkExternal/Unsecured NetworkExternal/Unsecured Network

Rules A

pplied

Streaming Media

SMTP

Firewall in Small Business Server

A Controlled Point of Access for All Traffic that Enters the Internal Network

A Controlled Point of Access for All Traffic that Leaves the Internal Network

Inside/Outside

Windows Server 2003ISA Server

Sicurezza nelle comunicazioni

Quali problemi abbiamo con una comunicazione di rete che usa connettività pubblica come Internet?

NetworkNetworkMonitoringMonitoringNetworkNetwork

MonitoringMonitoring

DataDataModificationModification

DataDataModificationModification

IdentityIdentitySpoofingSpoofingIdentityIdentity

SpoofingSpoofingMan-in-Man-in-

the-Middlethe-MiddleMan-in-Man-in-

the-Middlethe-Middle

Password-Password-basedbased

Password-Password-basedbased

Encrypts Data at the Application Layer SSL TLS

Encrypts Data at the Network Layer Tunneling Protocol IPSec

La soluzione: la cifratura dei dati trasmessi

Encrypted IP Packet

Cifratura del traffico

Application-Layer

Network-Layer: Virtual Private Network (VPN)

ApplicationApplicationApplicationApplication

SSL/TLSSSL/TLSSSL/TLSSSL/TLS

TCP/UDPTCP/UDPTCP/UDPTCP/UDP

IP/IPSecIP/IPSec

Link LayerLink LayerLink LayerLink Layer

Physical Physical LayerLayer

Physical Physical LayerLayer

ApplicationApplication

SSL/TLSSSL/TLS

Sicurezza interna e controllo

Active Directory!

Active Directory!

Active Directory!

Windows Small Business Server 2003

Componenti di sicurezza

setup & configuration

Scenario di connessione router

Internet

InternetRouter(ISP) SBS

rete pubblica(es: 193.205.245.24/29)

rete privata10.0.1.0/24

.2

xDSLFibra ottica

ISDN...

rete pubblica (con NAT)(es: 192.168.0.0/24)

azienda.local

To Do List

The Configure E-mail and Internet Connection Wizard

This wizard provides on-screen instructions to configure the following server settings:This wizard provides on-screen instructions to configure the following server settings:

Networking

Firewall

Secure Web publishing

E-mail

Networking

Firewall

Secure Web publishing

E-mail

Network Connections

Broadband connection types include:Broadband connection types include:

Direct broadband connection

Local router

Broadband connection that requires a user name and password

Direct broadband connection

Local router

Broadband connection that requires a user name and password

The Configure E-mail and Internet Connection Wizard supports multiple Internet connections that use a broadband device or a modem

Firewall Settings

To configure the firewall, you must meet one of the following criteria:To configure the firewall, you must meet one of the following criteria:

Use a dial-up connection to the InternetUse a direct broadband connection that requires a user name and password (es: modem adsl)Use a broadband connection to the Internet (es: router) Use an existing firewall device on your network that supports Universal Plug and Play

Use a dial-up connection to the InternetUse a direct broadband connection that requires a user name and password (es: modem adsl)Use a broadband connection to the Internet (es: router) Use an existing firewall device on your network that supports Universal Plug and Play

You can choose which Web site services that users can access, such as:You can choose which Web site services that users can access, such as:

Secure Web Site Settings

Outlook Web Access

Remote Web Workspace

Performance and Usage reports

Outlook Mobile Access

SharePoint site

Outlook Web Access

Remote Web Workspace

Performance and Usage reports

Outlook Mobile Access

SharePoint site

To send and receive Internet e-mail messages by using Exchange: To send and receive Internet e-mail messages by using Exchange:

E-mail Settings

Choose the appropriate delivery method Choose the appropriate retrieval method Choose the signal type Enter the registered Internet domain name Determine whether to remove e-mail

attachments from incoming e-mail

Windows Small Business Server Remote Access Wizard

This wizard provides on-screen instructions for configuring your server for:This wizard provides on-screen instructions for configuring your server for:

VPN connections

Dial-up connections

Both VPN and dial-up connections

VPN connections

Dial-up connections

Both VPN and dial-up connections

After clicking Finish, the wizard:After clicking Finish, the wizard:

Configures the server according to your selected settings

Creates the Client Connection Manager configuration file

Configures the remote access policy to allow members of the Mobile Users group to use remote access

Configures the server according to your selected settings

Creates the Client Connection Manager configuration file

Configures the remote access policy to allow members of the Mobile Users group to use remote access

Riferimenti e risorse

Risorse tecniche per Windows Small Business Server 2003http://www.microsoft.com/italy/windowsserver2003/sbs/techinfo/default.mspx

MOC Course 2395: Design, Deploy, and Manage a Network Solution for a Small and Medium Businesshttp://www.microsoft.com/traincert/syllabi/2395AFinal.asp

Exam 70-282: Design, Deploy, and Manage a Network Solution for a Small- and Medium-Sized Businesshttp://www.microsoft.com/learning/exams/70-282.asp