A viable alternative to TMG / UAG Web Application security, acceleration and authentication with DenyAll s DA-WAF



Similar documents
Post-TMG: Securely Delivering Microsoft Applications

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

NEXT GENERATION APPLICATION SECURITY

Building Your Complete Remote Access Infrastructure on Windows Server 2012

Use FortiWeb to Publish Applications

NEXT GENERATION APPLICATION SECURITY

How To Use Netscaler As An Afs Proxy

ADVANCED TWO-FACTOR AUTHENTICATION VIA YOUR MOBILE PHONE

Introduction to the EIS Guide

Lync SHIELD Product Suite

Get Success in Passing Your Certification Exam at first attempt!

Interwise Connect. Working with Reverse Proxy Version 7.x

Deploying F5 to Replace Microsoft TMG or ISA Server

icrosoft TMG Replacement with NetScaler

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper

Introducing the Next Generation Web Application Firewall

DenyAll 2014 Newsletter

KEMP LoadMaster. Enabling Hybrid Cloud Solutions in Microsoft Azure

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

WHITEPAPER. 13 Questions You Must Ask When Integrating Office 365 With Active Directory

OVERVIEW. DIGIPASS Authentication for Office 365

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

PortWise Access Management Suite

SharePoint 2013 Infrastructure Planning

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief

GET MORE OUT OF YOUR MICROSOFT APPLICATION INVESTMENTS. Jeppe Koefoed, F5 Networks

PortWise Access Management Suite

e-gateway SOLUTION OVERVIEW Financials HCM ERP e-gateway Web Applications Mobile Devices SharePoint Portal

Secure, Mobile Access to Corporate , Applications, and Intranet Resources

Core Feature Comparison between. XML / SOA Gateways. and. Web Application Firewalls. Jason Macy jmacy@forumsys.com CTO, Forum Systems

SAP Certified Technology Professional - Security with SAP NetWeaver 7.0. Title : Version : Demo. The safer, easier way to help you pass any IT exams.

Microsoft SharePoint 2013 with Citrix NetScaler

Extranet Access Management Web Access Control for New Business Services

Introduction to Mobile Access Gateway Installation

SharePoint 2013 Logical Architecture

Hybrid for SharePoint Server Search Reference Architecture

WatchGuard SSL 2.0 New Features

OpenText Secure MFT Network and Firewall Requirements

Move over, TMG! Replacing TMG with Sophos UTM

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES

NetScaler: A comprehensive replacement for Microsoft Forefront Threat Management Gateway

NCSU SSO. Case Study

Owner of the content within this article is Written by Marc Grote

FileCloud Security FAQ

Family Datasheet AEP Series A

SECURE YOUR DATA EXCHANGE WITH SAFE-T BOX

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

Agenda. How to configure

Vodafone Total Managed Mobility

Web Services Security with SOAP Security Proxies

Citrix NetScaler and Microsoft SharePoint 2013 Hybrid Deployment Guide

FIREWALL. Features SECURITY OF INFORMATION TECHNOLOGIES

Load Balancing for Microsoft Office Communication Server 2007 Release 2

Owner of the content within this article is Written by Marc Grote

MANAGE SECURE ACCESS TO APPLICATIONS BASED ON USER IDENTITY. EMEA Webinar July 2013

Guide to Deploying Microsoft Exchange 2013 with Citrix NetScaler

API-Security Gateway Dirk Krafzig

Securing Citrix with SSL VPN Technology

Reverse Proxy for Trusted Web Environments > White Paper

An Oracle White Paper Dec Oracle Access Management Security Token Service

CNS Implementing NetScaler 11.0 For App and Desktop Solutions

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Owner of the content within this article is Written by Marc Grote

Microsoft TMG Replacement. How FORTINET integrated secuity platforms Help Protect the Perimeter in a Microsoft Infrastructure Environment

Introduction to the Mobile Access Gateway

Avoid the Hidden Costs of AD FS with Okta

SAP SECURITY AND AUTHORIZATIONS - RISK MANAGEMENT AND COMPLIANCE WITH LEGAL REGULATIONS IN THE SAP ENVIRONMENT

RSA SecurID Ready Implementation Guide

A Guide to New Features in Propalms OneGate 4.0

Securely Managing and Exposing Web Services & Applications

Security Considerations for DirectAccess Deployments. Whitepaper

Application Note. Intelligent Application Gateway with SA server using AD password and OTP

Implementing Microsoft Office Communications Server 2007 With Coyote Point Systems Equalizer Load Balancing

SSL VPN A look at UCD through the tunnel

nexus Hybrid Access Gateway

End-to-end Processing with TIBCO Managed File Transfer (MFT) Improving Performance and Security during Internet File Transfer

DualShield. for. Microsoft TMG. Implementation Guide. (Version 5.2) Copyright 2011 Deepnet Security Limited

Achieving PCI Compliance Using F5 Products

Integrating Web Messaging into the Enterprise Middleware Layer

Hosting topology SMS PASSCODE 2015

Using Entrust certificates with VPN

Michael Noel. Colin Spence. SharePoint UNLEASHED. 800 East 96th Street, Indianapolis, Indiana USA

EMC Security for Microsoft Exchange Solution: Data Loss Prevention and Secure Access Management

Filling the Threat Management Gateway Void with F5

F5 BIG-IP: Configuring v11 Access Policy Manager APM

Microsoft Office365 with Active Directory Federated Services (ADFS) Authenticating Users Using SecurAccess Server by SecurEnvoy

Application Note. Citrix Presentation Server through a Citrix Web Interface with OTP only

Price-to-Performance Comparison of Load Balancers

ADMINISTRATIVE POLICY # (2014) Remote Access. Policy Number: ADMINISTRATIVE POLICY # (2014) Remote Access

IT Architecture Review. ISACA Conference Fall 2003

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Application Note. Active Directory Federation Services deployment guide

SAP WEB DISPATCHER Helps you to make decisions on Web Dispatcher implementation

How To Configure Forefront Threat Management Gateway (Forefront) For An Server

Security Appliances. for a wide field of application. Comprehensive threat management, secure Internet access, and secure remote access.

ProtectID. for Financial Services

Vidder PrecisionAccess

Transcription:

A viable alternative to TMG / UAG Web Application security, acceleration and authentication with DenyAll s DA-WAF Whitepaper 08/17/2015

Summary 1. Introductio... 3 1.1 What is TMG / UAG?... 3 2. How can DenyAll DA-WAF Help... 4 2.1 Based on reverse proxy technology... 4 2.2 Security... 5 2.2.1 Workflows... 5 2.3 Pre-Authentication and Single Sign On (SSO)... 5 2.4 Load Balancing... 6 2.5 End-to-end Application Security... 6 3. Conclusion... 6

1. Introductio 1.1 What is TMG / UAG? Microsoft recently announced to retire all their Forefront products including the Threat Management Gateway (TMG) and of the Unified Access Gateway (UAG). TMG is a Windows-based software combining routing, firewall, antivirus, revers-proxy and SSL-VPN features. The Unified Acces Gateway (UAG) provides access to internal Application via a Portal Page for Example. In many cases TMG is deployed as a reverse proxy and provides access to internal web assets like company websites, collaboration services such as SharePoint, or webmail such as Outlook Web Access. Besides simple reverse proxy functions, few application security features are available in TMG. TMG Replacement v1 08/17/2015 3/7

2. How can DenyAll DA-WAF Help A reverse proxy provides a central point of administration access to multiple applications. Without such an approach, access must be configured and managed separately for each internal resource, such as Exchange or SharePoint. DenyAll s proven web application firewall (WAF) solution is built on top of reverse proxy technology and can provide all of TMG s reverse proxy functions and more. It adds a lot of application security and acceleration features, offering a strategic point of control for deploying corporate applications across an organization. 2.1 Based on reverse proxy technology All requests are terminated at the WAF level. SSL encryption is performed there and can, if needed, be forwarded towards backends in order to encrypt all traffic inside the network. TMG Replacement v1 08/17/2015 4/7

2.2 Security A lot of innovation has taken place in web application security since the early days, due to the very evolution of web application development languages and protocols and the fact that attackers have switched their attention to the application layer. Most WAF vendors only provide black and white listing functions, while DenyAll has invested a lot in. alternative and complementary techniques 2.2.1 Workflows The workflow introduces a complete different way of configuring web application security. Instead of starting at a technical topic, as everyone does, the workflow configures a logical way through the application flow. The configuration is as easy as moving some bricks, decision bricks and flow arrows at the right position into a workflow Using this easy to understand module even web security in experienced administrators are able to configure a web application firewall with high security standard. 2.3 Pre-Authentication and Single Sign On (SSO) In order to move all administration from the application towards the application gateway or reverse proxy, it is mandatory to also move the authentication in,front of the application. DenyAll s WAM Module offers a wide range of authentication mechanisms (X506, LDAP, Radius, PostgreSQL /MySQL, Kerberos (intranet), OTP / SMS, Elcard, HTTP Basic, HTTP From) to pre-authenticate clients. In order to replace a TMG / UAG the built in SSO solution using SAML 2.0 tokens is best practice to provide seamless access to other corporate applications. TMG Replacement v1 08/17/2015 5/7

2.4 Load Balancing Microsoft s TMG was able to provide Load Balancing features. DenyAll s DA-WAF is also able to provide this functionality. Best-of-breed technology is integrated in a convenient graphical user interface that also enables non-security experts to implement load balancing mechanisms. 2.5 End-to-end Application Security While a reverse proxy is normally deployed inside the internal network (or DMZ), DenyAll Connect can also extend the security to connecting endpoints. Its Client Shield technology can be seamlessly integrated inside the clients response and provides browser security without the need for administrative rights. 3. Conclusion DenyAll s DA-WAF fills the gap left by Microsoft s Solutions and is a compelling alternative to the TMG / UAG that delivers a reverse proxy architecture, modern security engines, high availability and scalability. DA-WAF offers all mandatory features to grant secure access to internal application TMG Replacement v1 08/17/2015 6/7

Headquarter 6 avenue de la Cristallerie 92310 Sèvres - FRANCE Tel : +33 (0)1 46 20 96 00 Fax : +33 (0)1 46 20 96 02 Email : info@denyall.com www.denyall.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information