Forefront Threat Management Gateway 2010 Training

Forefront Threat Management Gateway 2010 Training - Course Outline

Lesson 1 - Getting Started with Forefront Threat Management Gateway 2010 Training

Welcome to Forefront Threat Management Gateway 2010 Training, I'm your instructor Scott Lowe, and today we are going to start our work with Globomantics and Forefront TMG.

• What We're Building
• About Your Instructor
• About the Course
• Before You Begin
• How to Use the Course

Lesson 2 - Lab Setup

For this course, Globomantics will operate at a single location with traditional internal and DMZ networks.

• Globomantics Corporate Network
• Headquarters Systems Information
• Physical Lab Configuration
• Lab Overview

Lesson 3 - The Course Scenario

Forefront Threat Management Gateway 2010 is Microsoft’s latest version of what used to be known as the Internet Security & Acceleration Server. With every passing month, Globomantics relies more heavily on the Internet even as the Internet continues to be a dangerous breeding ground for all manners of security risks. In order to continue growing into this territory, Globomantics has made the decision to implement Forefront TMG to protect the business from this growing threat. Globomantics’ CIO has tasked you with implementing TMG from the ground up. You will be working with me, a TMG consultant, to help you in this process.

• About Globomantics
• Current Protection Challenges
• Globomantics Cost Structure
• Immediate Needs
• Globomantics Office Locations
• TMG 2010 Project Plan

Lesson 4 - Introduction to Forefront Threat Management Gateway 2010

Forefront TMG 2010 has a lot of capability and can serve many needs in many different areas. In addition, as is the case with a lot of Microsoft software, there are multiple editions of the product from which to choose and there are even Microsoft products that, upon first glance, appear to perform the same function. In order to make sure you have a clear understanding of TMG’s place in the market, its features, various editions and updates, you will be presented with product information to help you make the best possible decisions from Globomantics.

• Scenario
• What is Forefront TMG?
• Licensing Forefront TMG
• Forefront 2010 Primary Features
• What's New in Forefront TMG 2010?
• What's New in Forefront TMG 2010 SP1?
• What's New in Forefront TMG SP1 Update 1?
• TMG Editions Comparison
• Forefront TMG vs. UAG
• The Globomantics Choice

Lesson 5 - Planning a Forefront TMG Deployment

The front end – the planning phase – of any project is the most important. Without good planning, the service runs on an unstable foundation. In this lesson, you will learn about the various planning activities that must be performed before moving on to simply installing the TMG software. With heavy reliance on the technology infrastructure, Globomantics cannot afford downtime that’s a result of poor planning. TMG requires some decisions to be made during the planning process as well; these decisions impact the overall security profile of the service. As such, you are under pressure from management to make sure that the right decisions are made in this critical stage.

• Scenario
• TMG Roles
• Software Requirements
• Hardware Requirements
• Deploying TMG to Virtual Machines
• TMG Network Topologies
• Workgroup vs. Domain Deployment
• DNS and TMG
• TMG Security Roles and Permissions
• The Globomantics Choice

Lesson 6 - Installing Forefront TMG

Planning is all well and good, but if it never amounts to anything, it wasn’t worth the effort. With planning out of the way, you will learn how to install Forefront TMG on a single server for Globomantics. This step includes the use of the TMG preparation tool which will automatically install all of the prerequisite software for you. As Globomantics wants a working TMG system in place quickly, this step is essential to getting underway.

• Scenario
• Lab Setup
• Lab Setup Notes
• Pre-installation Steps
• Installing Forefront TMG 2010
• TMG Post-installation State

Lesson 7 - Forefront TMG Post-Installation Configuration Tasks

TMG has a number of post implementation tasks that you will need to perform on behalf of Globomantics in order to get the now working system to a place where it’s actually functional. Once the wizard-based initial configuration steps are complete, you need to gain an understanding for how to manually manipulate some of the TMG network objects.

• Globomantics Scenario
• Information Prior to Running Getting Started
• Using the Getting Started Wizard
• Running the Web Access Policy Wizard
• Enabling Minimum Access Needs
• Initial Globomantics Communications Diagram
• Client Testing
• Get a Look at the TMG Console
• Managing Networks and Routing

Lesson 8 - Configuring TMG Client Software

Over time, Globomantics intended to use more and more of Forefront TMG’s capabilities to continue to improve the company’s security posture. To gain the most benefit, client computers must be provided a TMG client. Although the client will be installed manually for this lesson, the Globomantics CIO wants you to get an idea for what kinds of deployment options are available. Further, once you have deployed clients, you will be expected to closely manage those clients.

• Scenario
• What Does the TMG Client Provide?
• Enabling Client Support in TMG
• Configuring Web Proxy Auto Discovery (WPAD)
• Installing the TMG Client
• TMG Client Installation Parameters

Lesson 9 - TMG Monitoring and Reporting

As a critical part of the infrastructure, TMG needs to be remain in operation as much as possible. This also means that the system needs to run well. Further, as network activity is taking place, you are responsible for keeping an eye on what’s happening and notifying management when something is amiss.

• Scenario
• The TMG Console Dashboard
• Configuring Alerts
• Real-Time Monitoring
• Windows Performance Monitor and TMG
• Performance Monitor Counters (from Microsoft)
• Using TMG Logs
• Running Reports
• Monitoring with Operations Manager

Lesson 10 - Forefront TMG Firewall Rules

Although firewall rules are linked in ways to TMG publishing, traditional firewall admins need to learn to map their skills to the TMG way. Globomantics has had a traditional firewall for many years, so this skill set is ingrained. This lesson will focus on translating those skills to TMG.

• Globomantics Scenario
• Managing TMG Networks
• Web Proxy Authentication Options
• Route vs. NAT
• Rule Types
• Rule Order and Operational Impact
• Firewall Policy Actions
• Rules Management
• TMG Log File Management

Lesson 11 - Configuring Intrusion Prevention

Globomantics has growing concern about the possibility for outside or unauthorized people making their way into key internal systems without anyone knowing. While the firewall is a great step in ensuring that there is a barrier between the outside and the inside networks, every hole poked in that barrier represents a risk. Further, a firewall only protects against obvious threats. There are plenty of threats inherent in everyday software that must be controlled. To mitigate the threats represented by these necessary firewall holes and software vulnerabilities, Globomantics will implement TMG’s Intrusion Prevention System, known as the Network Inspection System.

• Globomantics Scenario
• Network Inspection System (NIS) Explained
• How NIS is Updated
• Managing NIS Settings
• Creating Exceptions to NIS Policy
• Testing NIS
• Configuring Behavioral Intrusion Detection
• Behavioral Protection Notes

Lesson 12 - Configuring Malware Inspection

A few months ago, a well-meaning user at Globomantics downloaded a security program to optimize the speed of his computer. Unfortunately, the “security program” was actually a key-logging Trojan that placed Globomantics into vulnerable state very quickly. Luckily, the user happened to mention the software to you before much time passed so you were able to remove it before real damage was done. This incident, however, demonstrated the need for improved malware protection options at the company. Forefront TMG includes powerful malware protection capability and this is one of the primary features of interest for Globomantics.

• Globmantics Scenario
• What is Malware Inspection?
• How to Get Malware Inspection
• Malware Inspection License Considerations
• How Does Malware Protection Operate?
• Configuring Malware Inspection Policies
• Excluding Resources from Inspection Rules
• Updating Malware Definitions
• Optimizing the User Experience
• Content Delivery Options
• Microsoft Telemetry Service
• Configuring Malware Options in a Rule
• Globomantics Choices

Lesson 13 - Configuring HTTP

Peer to peer file sharing has become a problem at Globomantics. Between this and other inappropriate use of the Internet, productivity has been problematic and management is worried about security and liability issues that might arise. Management feels that HTTP Filtering is one way by which web use can be better controlled.

• Globomantics Scenario
• HTTP Filter Purpose
• HTTP Filtering Common Scenarios
• HTTP Policy Settings
• Configuring HTTP Compression
• An Overview of HTTP DiffServ

Lesson 14 - Implementing HTTPS Inspection

SSL can be a killer when it comes to protecting networks. Traditional inspection systems don’t have the ability to break through SSL-encrypted traffic to inspect packet contents to ensure that nothing nefarious is going on. With encrypted traffic, it’s easy to bypass network security mechanisms. In order to make it harder for SSL-laden network traffic to be used for inappropriate purposes, Globomantics has asked you to implement HTTPS inspection, which will allow TMG to peer into encrypted traffic in order to better determine the payload type, which could include viruses and other malicious content.

• Globomantics Scenario
• HTTPS Inspection Overview
• Enabling HTTPS Inspection
• Managing the HTTPS Inspection Certificate
• Generating a TMG HTTPSi Certificate
• Excluding Sites from HTTPS Inspection
• Managing Certificate Validation
• Managing User Notification
• Configure HTTPS Inspection for Globomantics

Lesson 15 - Configuring TMG URL Filtering

Layered security is always the best approach. Globomantics understands this basic security concept and realizes that, even if there is some service overlap, the organization is better protected. In addition to other tools, Globomantics wants to deploy TMG’s URL Filtering service. URL Filtering allows the company to control end-user access to specific web sites, protecting the organization by denying access to known malicious sites and to sites displaying inappropriate, based on predefined URL categories.

• Globomantics Scenario
• Linking TMG to Corporate Policy and Compliance
• URL Filtering License Consideration
• How URL Filtering Works
• Managing Existing URL Filters
• Managing URL Filtering Settings
• Enabling SafeSearch Integration

Lesson 16 - Using TMG as a Web Cache/Proxy

In this lesson, we take a look at all the ways TMG can be used to cache Globlomantics' internet traffic to help elevate the load on the network during peak hours.

• Globomantics Scenario
• Managing Web Proxy Settings
• Why Cache Internet Traffic?
• TMG Caching Types
• Configuring Global Cache Settings
• Global Caching Considerations
• Cache Rule Properties
• Globomantics Caching Needs

Lesson 17 - Publishing Servers

Globomantics has a number of services that need to be accessed by remote users. Because this is such as integral TMG service, a baseline understanding for application publishing is in order.

• Globomantics Scenario
• Understanding Server Publishing
• Overview of Server Publishing
• Publishing and Network Configuration
• Server Publishing Components
• Applications Filters and Publishing Notes
• Publish an FTP Server
• Publishing a Server

Lesson 18 - Publishing Web Sites

Globomantics runs a number of web sites, including an internal employee intranet that works with simple HTTP and a more secure internal site that runs HTTPS. You will publish these two sites so that they are available from the Internet.

• Globomantics Scenario
• Creating a Web Publishing Rule
• Authentication Delegation
• Other Web Publishing Details
• Web Server Farm Considerations
• Publish the Globomantics Public Intranet

Lesson 19 - Publishing Exchange

Globomantics requires a number of connectivity methods to the internal Exchange 2010 server. Employees use mobile devices, web browsers and laptops with the full Outlook 2010 client on a regular basis. With many of these employees working from outside the firewall, you have been tasked with creating publishing rules in TMG to support these use cases.

• Globomantics Scenario
• Assumptions
• Generate and Satisfy Certificate Request
• Modify Published Directory Properties
• Creating a Rule and Listener to Publish OWA

Lesson 20 - Implementing a VPN Service

Globomantics requires general VPN-based remote access for many of the company’s remote employees and contractors. You will use TMG to provide this capability for the company.

• Globomantics Scenario
• Understanding VPNs
• Understanding VPN Types
• VPN Considerations
• Enabling and Configuring TMG's VPN Capability
• Configure VPN Client Properties
• Globomantics VPN Needs
• Implementing a VPN Service

Lesson 21 - Next Steps

Now that we have completed the course, what are some of the next steps? Here we look what some of your options in furthering your Forefront TMG and firewall knowledge.