F5 and Microsoft Exchange Security Solutions



Similar documents
Post-TMG: Securely Delivering Microsoft Applications

Filling the Threat Management Gateway Void with F5

Security F5 SECURITY SOLUTION GUIDE

Application and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium

F5 PARTNERSHIP SOLUTION GUIDE. F5 and VMware. Virtualization solutions to tighten security, optimize performance and availability, and unify access

Technical Brief ActiveSync Configuration for WatchGuard SSL 100

Deploying F5 to Replace Microsoft TMG or ISA Server

Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet

F5 and VMware. Realize the Virtual Possibilities.

Deploying the BIG-IP System with Microsoft Lync Server 2010 and 2013 for Site Resiliency

Datacenter Transformation

Resonate Central Dispatch

F5 and Oracle Database Solution Guide. Solutions to optimize the network for database operations, replication, scalability, and security

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Protect Your Business and Customers from Online Fraud

Attack Vector Detail Report Atlassian

Jort Kollerie SonicWALL

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Integrating F5 Application Delivery Solutions with VMware View 4.5

GFI White Paper PCI-DSS compliance and GFI Software products

Achieving PCI-Compliance through Cyberoam

Deploying the BIG-IP System for Microsoft Application Virtualization

Secure iphone Access to Corporate Web Applications

Where every interaction matters.

Deliver More Applications for More Users

MANAGE SECURE ACCESS TO APPLICATIONS BASED ON USER IDENTITY. EMEA Webinar July 2013

Achieving PCI Compliance Using F5 Products

WEB APPLICATION FIREWALLS: DO WE NEED THEM?

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks

Oracle Database Firewall

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

05.0 Application Development

How To Protect A Web Application From Attack From A Trusted Environment

Intro to Firewalls. Summary

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

Global Partner Management Notice

Security Considerations for DirectAccess Deployments. Whitepaper

Protecting Your Organisation from Targeted Cyber Intrusion

Microsoft Exchange Client Access Servers

Application Firewall Overview. Published: February 2007 For the latest information, please see

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data

PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker

Microsoft Systems Architecture 2.0 (MSA 2.0) Security Review An analysis by Foundstone, Inc.

The F5 Intelligent DNS Scale Reference Architecture.

全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks

CONTENTS. Security Policy

Cisco Advanced Services for Network Security

Load Balancing Security Gateways WHITE PAPER

Imperva s Response to Information Supplement to PCI DSS Requirement Section 6.6

CONTENTS. PCI DSS Compliance Guide

Mingyu Web Application Firewall (DAS- WAF) All transparent deployment for Web application gateway

F5 and Secure Windows Azure Access

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

Web Application Report

Using MobileIron Sentry for Control and Visibility into ActiveSync Devices

F5 provides a secure, agile, and optimized platform for Microsoft Exchange Server 2007 deployments

How To Buy Nitro Security

Windows Least Privilege Management and Beyond

Cloud Security:Threats & Mitgations

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS

Deploying the BIG-IP System v11 with Microsoft Exchange 2010 and 2013 Client Access Servers

Sophos UTM Web Application Firewall for Microsoft Exchange connectivity

MIGRATIONWIZ SECURITY OVERVIEW

Deploying F5 with Microsoft Forefront Threat Management Gateway 2010

Achieve Unified Access Control and Scale Cost-Effectively

Deliver Secure and Accelerated Remote Access to Applications

Securing and Accelerating Databases In Minutes using GreenSQL

Healthcare Security and HIPAA Compliance with A10

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

March

PCI DSS Reporting WHITEPAPER

WhiteHat Security White Paper. Top 11 PCI DSS 3.0 Changes That Will Affect Your Application Security Program

Installation and configuration guide

FileCloud Security FAQ

Compliance Guide: PCI DSS

NSFOCUS Web Application Firewall

Installation and configuration guide

Availability Acceleration Access Virtualization - Consolidation

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

Importance of Web Application Firewall Technology for Protecting Web-based Resources

Passing PCI Compliance How to Address the Application Security Mandates

304 - APM TECHNOLOGY SPECIALIST

Building A Secure Microsoft Exchange Continuity Appliance

Fight Malware, Malfeasance, and Malingering with F5

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

PRIVACY, SECURITY AND THE VOLLY SERVICE

White Paper Secure Reverse Proxy Server and Web Application Firewall

VMware vcloud Networking and Security Overview

Barracuda Web Site Firewall Ensures PCI DSS Compliance

Network Access Control ProCurve and Microsoft NAP Integration

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Transcription:

F5 PARTNERSHIP SOLUTION GUIDE F5 and Microsoft Exchange Security Solutions Deploying a service-oriented perimeter for Microsoft Exchange

WHAT'S INSIDE Pre-Authentication Mobile Device Security Web Application Security 3 5 7

Go Beyond Network Firewalls to Protect Microsoft Exchange Business need and user demand for access to email anytime, anywhere, and from any device has created challenges for IT departments to keep this business-critical application secure, fast, available, and compliant. Extending your security perimeter outward can improve security and availability for Microsoft Exchange email services published over the Internet (Outlook Web App, Exchange ActiveSync, Outlook Anywhere, and Exchange Web Services). F5 Application Delivery Controllers (ADCs) offer an ICSA Labs certified network and application firewall solution that creates a service-oriented perimeter for Exchange. With intelligent monitoring of traffic, pre-authentication, and access control for mobile devices, F5 helps you deploy highly available and secure email services. 2

Pre-Authentication Avert threats before they reach the data center interior THE CHALLENGES KEY BENEFITS Improve your security posture Ensure only authorized traffic reaches Exchange servers Reduce cost to operate and maintain security infrastructure Preventing invalid and potentially malicious traffic from entering your data center can be challenging. Traditional network firewalls are designed to perform a basic level of filtering based on port, but are not designed to inspect and enforce highly intelligent security policies using surrounding contextual knowledge about the user, the application service being requested, or the device being used. In fact, SSL encrypted application traffic needs to pass through the network firewall and on to another device near or on an internal data center network for termination usually a hardware load balancer or even a specific application server itself. The challenge lies in enforcing effective security measures before the traffic reaches the internal network when the information needed to make access decisions is encrypted. Relying on your servers to process the unnecessary and potentially malicious requests wastes valuable resources, slows performance, and leaves your business vulnerable to attacks, so the next choice is the hardware load balancer. 3

Before OWA OA EAS EWS Mobile Users Reverse Proxy Effective Security Perimeter on Internal Network Local Traffic Manager Client Access Hub Mailbox After Mobile Users Effective Security Perimeter on Network Edge Client Access OWA OA EAS EWS Access Policy Manager Local Traffic Manager Hub Mailbox THE SOLUTION F5 Access Policy Manager (APM) extends your security perimeter so that threats are eliminated before they reach your data center. APM is certified by ICSA Labs as a firewall device, but it is different from traditional network firewalls because it can intelligently inspect traffic for information about users, devices, and applications to increase security. For Microsoft email services, including Outlook Web App (OWA), Exchange ActiveSync (EAS), and Outlook Anywhere (OA), APM prevents invalid traffic from ever reaching Exchange Server through pre-authentication, authorization, and device access control. User credentials are cached by APM, which proxies connections to Windows Active Directory and the Exchange Client Access server (CAS) array. These connections are made up of a set of customized verifications. For example, user name and password are used to prove the authenticity of the user. This user account can then be used to determine whether permissions are granted to access a given corporate resource such as Microsoft Exchange. Pre-authentication ensures that only authenticated and authorized traffic reaches the internal network where Exchange Client Access servers are located. Since only necessary traffic enters that network, processing load on servers is reduced, which helps their performance. Using APM Visual Policy Editor, a workflow-like access path can be designed with forked logic and causal relationships to exactly represent corporate constraints for approved access and customized responses for validation failures. APM provides support for dozens of types of queries out of the box, such as collecting different types of logon information from users and performing queries into Microsoft Active Directory to verify specific information about users, security group memberships, and profile settings. 4

Mobile Device Security Provide secure access to email from mobile devices THE CHALLENGES KEY BENEFITS Seamlessly support access to corporate resources from various types of mobile devices Implement advanced multi-factor authentication The consumerization of IT and bring-your-own-device (BYOD) work policies have created a huge increase in access to corporate email from mobile devices. In today s world, email must be accessible to known trusted devices as well as an ever increasing assortment of unknown and untrusted devices. According to a 2011 CIO.com report, network security breaches, possible loss of customer enterprise data, potential theft of intellectual property, and difficulty meeting compliance requirements are among the top concerns IT departments have about employees using personal devices for work. 5

Before OWA OA EAS EWS Mobile Users Reverse Proxy Effective Security Perimeter on Internal Network Local Traffic Manager Client Access Hub Mailbox After Mobile Users Effective Security Perimeter on Network Edge Client Access OWA OA EAS EWS Access Policy Manager Local Traffic Manager Hub Mailbox THE SOLUTION F5 Access Policy Manager (APM) provides a strategic point of control in the data center, supporting a variety of approaches for granting or denying email access to mobile devices. Building on its user authentication and authorization capabilities, APM also supports the use of user and device security certificates, Exchange ActiveSync User Policy settings, and other information stored in Active Directory, as well as device information provided in the packet flow, such as device type and device ID, to enforce multi-factor validation. In Exchange Server, the Client Access server (CAS) role functions as the access point for all client traffic, including mobile devices that use the Exchange ActiveSync (EAS) protocol to access mailbox information over HTTPS. Using APM, traffic management decisions can be made and enforced at the network perimeter on a group and or individual basis while still allowing for the use of built-in Exchange security functionality such as ActiveSync policies and remote device wipe. APM enables customers to enforce a customized security policy for Exchange access by mobile devices using a flexible set of pre-defined actions that represent their organizations requirements for access approval even from devices employees bring from home. 6

Web Application Security Simplify compliance and protect sensitive data THE CHALLENGES KEY BENEFITS Implement cost-effective PCI compliance and reporting Provide continual protection and built-in remediation Reduce OpEx by using the ADC platform Network-level attacks are highly visible and disruptive, but application-level attacks are what threaten the core of a business. According to Gartner, 95 percent of security investments are focused on the network while 75 percent of attacks happen at the application level. These attacks can leave sensitive data such as employee records, confidential information, intellectual property, and financial records vulnerable to theft. In addition, resolving application-level breaches can be time-consuming and expensive. According to a WhiteHat security report, the top 10 application attacks are cross-site scripting, information leakage, content spoofing, insufficient authorization, SQL injects, predictable resource location, session fixation, crosssite request forgery, insufficient authentication, and HTTP response splitting. The average time reported to resolve these vulnerabilities is 77 days. During those weeks or months, a business must take down the application or risk its security being compromised. The prevalence of application-layer attacks against critical business applications makes securing those applications and verifying compliance with security and privacy regulations of paramount importance. Even those organizations that employ dedicated staff to review compliance and the security posture of applications prefer deploying solutions that automatically and continually provide compliance and reporting over manual human activity to achieve the same results. 7

THE SOLUTION F5 Application Security Manager (ASM) offers advanced, built-in security protection and remote auditing to help you comply with industry security standards, including PCI DSS, HIPAA, Basel II, and SOX. The system can be deployed in Learning mode and then switched to Enforcement, where it provides continual protection. The deployment, configuration, and operation of ASM delivers compliance in a cost-effective way without requiring multiple appliances, application changes, or rewrites. Detailed PCI reporting determines if PCI DSS compliance is being met, and it guides you through the necessary steps to become compliant. 8

LEARN MORE To learn more about F5 solutions for Microsoft, please visit www.f5.com/microsoft. Tech tips, discussion forums, free samples, and more can be found on DevCentral, F5 s global technical community, by visiting devcentral.f5.com/microsoft. F5 Networks, Inc. 401 Elliott Avenue West, Seattle, WA 98119 888-882-4447 www.f5.com 2012 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, and IT agility. Your way., are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, express or implied, claimed by F5. CS21-00006 0912

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information