Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Esmaeil Sarabadani
Systems and Security Consultant
e or m be uld o tc I
Ev e no ur g ran dpa r
ent s ar eu sing it
now .
Private Cloud
Public Cloud
Whatever
Public Cloud
Security Concerns
Where is my data located? Isolation of customers data from one another Denial of Service (DoS) attacks Exploitation of software vulnerabilities Authentication, Authorization or Auditing of access to cloud services
Public Cloud
Security Concerns
Public Cloud
Data Isolation
h alt He y h alt He y h alt He
No Access
d cke Ha
Host VM
Guest VM
Guest VM
Guest VM
Public Cloud
Network Security
Differentiating between the legitimate and illegitimate traffic is quite challenging.
Hackers
Hypervisors
Private Cloud
Security Concerns
Isolation of VMs from one another You are the only one responsible for the security of the cloud Attacks from inside the cloud Huge attacks from the internet. Such as DoS or DDoS Authentication, Authorization or Auditing of access to cloud services
Forefront
Threat Management Gateway 2010
Network Inspection System Web Anti-malware HTTPS Inspection Builds on ISA Server 2006 Active Directory Integration Custom Reports Can be virtualized
Demo
An Overview on TMG
Virtualization of TMG
Data transmission between the private and public clouds.
Internet
Private Cloud
Host VM
Guest VM
Guest VM
Guest TMG VM
Hypervisor The edge gateway and FW The only Guest connected to the Internet At least two virtual NIC
Host VM
Guest VM
Guest VM
TMG
Private Cloud
Hypervisor
Hypervisor
Hypervisor
Demo
Virtualization of TMG
Virtualization of TMG
Best Practices
Always disconnect the Host VM from the Internet All the traffic to the Internet must pass through the VM with TMG If there are multiple hypervisors (Physical Servers), the traffic between the VMs in different physical servers should be filtered using TMG. The virtual Switch connecting the VMs in every physical server must be Private.
Inspects the traffic for exploits of vulnerabilities With the minimum number of false positives Has a repository to store signatures for different types of attacks and can update the repository Able to create inspection exception for some parts of the network
Demo
TMG Network Inspection System
HTTPS Inspection
It acts as a man-in-the-middle between the two SSL connection parties It can inspect inside SSL-Encrypted traffic It looks for possible malware or exploits inside an SSL connection
Demo
TMG HTTPS Inspection
Demo
TMG Firewall Features
Private Cloud
Demo
TMG Secure Remote Access
void contact() {
e-mail Address: e.sarabadani@gmail.com My Blog: http://esihere.wordpress.com/ Twitter: http://www.twitter.com/esmaeils