|
|
 |
|
|
|
MCSE Training Kit (Exam 70-227): Microsoft® Internet Security and Acceleration Server 2000
|
|
|
Author
|
|
Microsoft Corporation
|
|
|
Pages
|
656
|
|
Disk
|
1 Companion CD(s)
|
|
Level
|
All Levels
|
|
Published
|
05/30/2001
|
|
ISBN
|
9780735613478
|
|
Price
|
$59.99
To see this book's discounted price, select a reseller below.
|
|
|
|
|
|
|
|
|
Index
A
access control policies, 14, 19. See also policy elements
arrays, 133
configuration, 133
content rules, 39
creating, 131, 137–138
default settings, 71
destination sets, 154
enterprise, 133
external clients, 30, 38–39
Firewall service, 90, 133, 135
Integrated mode, 133
internal clients, 28–29, 38
Internet, 133
ISA Server Enterprise Edition, 3
log files, 15
modes, 53
protocols, 39
requests, 131–133
secondary connections, 90
site and content rules, 39, 166, 168, 174–176
standalone servers, 133
troubleshooting, 438–441
Web Proxy service, 99, 135–136
accounts. See user accounts
actions
alerts, 343–345
server publishing rules, 237–238
Web publishing rules, 246–247
active caching, 223
dial-on-demand connections, 105
enabling, 31–32
Active Directory, 54
arrays, 68
directory services, 2, 7, 332
integration, 14
permissions, 67
schemas, 67
adapters, 64–65
Add Destination wizard, 330
add-in services, 68
adding
array membership, 284
gatekeepers, 318
protocols to VPNs, 298–299
servers to arrays, 280
static routes, 431
addressing
client translation, 315–316
H.323 RAS, 313
LANs, 6
NetMeeting 3.0 client translation, 316
server publishing, 238–239
administration
COM object, 8
enterprise policy privileges, 268
integration, 38
remote installation, 48
tools, 69
Alert action failure event, 345
alerts. See also events
actions, 343–345
array membership, 283
conditions, 341
configuration, 348–349
creating, 340
default settings, 72
editing, 342–343
enabling, 340
events, 340, 342–343
log files, 15
modes, 53
port scan attacks, 193
preconfigured, 339–340
Windows 2000 Event Log, 8
aliases, 314–315, 318, 328
All Ports Scan Attack alert, 24, 193
allocation, ports, 122
allowing/denying
log files, 359
packet filters, 18, 179
site and content rules, 168, 174–176
Web site access, 166
AOL Instant Messenger, 157
Application content group, 168
Application Data Files content group, 168
Application Usage reports, 376
applications
filtering, 11, 19–22, 53
Firewall service, 88
protocol definitions, 155
SecureNAT service, 88
Web Proxy service, 88
Archie, 157
architecture, ISA Server, 10–11
arrays
alerts, 283
backups, 285–287
bandwidth, 9
caching, 283
configuration, 267, 281, 283
creating, 279–280
default settings, 266, 274–275, 282
domains, 280
enterprise policies, 41, 266–267, 271
extensions, 283
fault tolerance, 9, 287–288
installation, 50–51, 68, 281, 283
load balancing, 9
membership, 284
packet filtering, 270
policies, 40, 48, 133, 140–141, 283
protocol rules, 156
Proxy Server 2.0, 80–81
reports, 283
requirements, 280
restoring, 285–287
security, 301–302
site and content rules, 51, 167–168
standalone servers, 51–52, 281–282
storing, 283–284
assigning protocol rules, Windows 2000, 162–163
Asymmetric installation event, 345
attacks. See intrusions
Audio content group, 168
authentication, users
Basic, 7
digital certificates, 7
dual-hop SSL, 13
Firewall service, 88, 135
Integrated Windows, 437
Kerberos, 7
NT LAN Manager (NTLM), 7
protocol rules, 134, 161–162
SecureNAT service, 88, 134
site and content rules, 134
strong, 12
troubleshooting, 441
user accounts, 436–437
Web Proxy service, 88, 135–136
Authentication Header (AH), 299
autodiscovery protocol, 8
automatic configuration, SecureNAT, 91
automatic dial-out connections, 107, 122
automatic discovery
DHCP Server, 114–115
DNS Server, 114
Firewall service, 115, 118
Internet Explorer 5.0, 116
publishing, 112–113, 117
testing, 118–119
troubleshooting, 116–117
Web Proxy service, 116
WPAD, 118
automating cache content updates, 226–227
B
back-to-back perimeter networks, 61–62
BackOffice Server 4.0, 80
backups
arrays, 285–287
enterprise policies, 271–272
bandwidth, 402
arrays, 9
dedicated network connections, 387–389
dial-up connections, 386–387
filtering rules, 22
frame relay networks, 387
inbound, 389
management, 14
objects, 400
outbound, 389
policy elements, 140, 142
priorities, 389–392
QoS, 8
rules, 143–144, 391–395
Basic authentication, 7, 437
binding ports, 122
Block packet filters, 18, 179, 360
bridging, 247
broad application support, 22
buffers, overflow, 25
C
c-agent field, 366
c-ip field, 366
c-username field, 366
Cache Array Routing Protocol. See CARP
Cache mode, 52–53, 69
installation, 4
packet filtering, 71
publishing, 234
caching
active, 31–32, 105, 223
arrays, 283
configuration, 69, 203
content files, 216–217
default settings, 72
distributed, 13
downloads, 226–231
drives, 214–216
dynamic content, 31, 211–213, 229
events, 345
expiration policies, 218
filtering, 210–211
Firewall service, 368–370
forward, 5, 49–50, 202
FTP, 202, 220–221
hierarchy, 33–34
HTTP, 31, 202, 219–220
installation, 50
location, 215–216
modes, 53
negative, 224
non-dynamic content, 211–213
objects, 28–29, 208–210, 217–218, 222
performance, 398–399, 401, 403–406
Proxy Server 2.0, 82
publishing, 211
RAM, 218, 225, 399
requests, 202
response headers, 218
reverse, 5, 30, 50, 202
routing rules, 203–208
scheduling, 31–32
site and content rules, 211
size, 215–216
troubleshooting, 425, 442
updating, 31, 226–227
URLs, 406
Web Proxy service, 13, 97
call routing rules, 322–323, 333–334
CARP (Cache Array Routing Protocol), 33–34, 210
configuration, 290–291
content download, 292
deterministic request resolution path, 32–33
enabling, 291
intra-array communication, 291–292
load balancing, 292
performance, 32
requests, 290
certificates, 7
chained caching, 33–34, 82
Chargen, 157
check boxes, 360
circuit-level filtering, 18–19
clearing check boxes, 360
Client/server communication failure event, 346
clients. See also Firewall service; SecureNAT service; Web Proxy service
access control, 89
address sets, 140, 144–145, 238–239
agents, 366
certificate authentication, 437
comparing, 89–90
configuration, 72
connections, 120–122
external, 30, 38
firewalls, 10
H.323 Gatekeeper, 313, 315–316
internal, 28–29, 38
NetMeeting 3.0, 316
rules, 134
SecureNAT, 10
sessions, 161
VPNs, 298
Web publishing, 244–245
Web Proxy, 8, 10
closing
dial-up connections, 108
ports, 178
CNAME record, 118
COM (Component Object Model), 8
comparing
arrays with standalone servers, 52
clients, 89–90
complex networks, 91
Component load failure event, 346
Component Object Model (COM), 8
Compressed Files content group, 168
compression, log files, 355
computers. See local networks; remote networks
conditions, alerts, 341
conference calls
inbound calls, 333–334
inter-enterprise, 311–312
intra-enterprise, 310–311
outbound calls, 334–335
PSTN, 312–313
routing, 322–326
configuration
alerts, 343–349
arrays, 267, 281, 283
bandwidth, 389–393
caching, 69
drives, 214–216
location, 215–216
objects, 217–218
properties, 203
size, 215–216
CARP, 290–291
clients, 72
default gateways, 64–65
dial-on-demand connections, 106–107
dial-up connections, 65, 91–92, 103–105
DSN, 358, 359
enterprise policies, 56–57, 268–271, 275–276
Firewall service, 123–125
FTP, 156, 221
Gopher, 156
H.323 Gatekeeper, 124–125, 318–319
HTTP, 157
installation, 64
intrusion detection, 196–197
IP packet filters, 178, 180–182
ISDN adapters, 65
LATs, 66, 70–71
log files, 355
Mail Server Security wizard, 257
Microsoft Exchange Server, 258
modems, 65
Mspclnt.ini file, 94
Outlook Express, 261–262
performance, 397–399
policy element schedules, 141–142
access, 141–142
client address sets, 144–145
content groups, 147–148
destination sets, 142–143, 150
protocol definitions, 145–146
schedules, 149
protocol rules, 152–153
reports, 374, 377–381
S-HTTP, 157
SecureNAT, 89, 91
server publishing, 234
SMTP service, 259–260
standalone servers, 286
Web Proxy service, 98–99, 101, 123–125
wizards, 14
WPAD, 113–114
WSPAD, 113–114
Wspcfg.ini file, 94–95
Configuration error event, 346
connections. See also dial-up connections
clients, 120–122
dial-on-demand, 105–107
inspecting, 11
installation requirements, 49
ISPs, 53
network adapters, 64
secondary, 90
troubleshooting, 426
VPNs, 295, 296
content groups
access control, 39
files, 169–174, 216–217
filtering, 257
installation, 168–174
policy elements, 140, 147–148
server publishing, 40
counters
Bandwidth Control, 402
cache, 401, 403–406
Firewall service, 401, 407–409
H.323 filter, 420
packet filtering, 401, 409–410
performance, 399–400
remote administration, 401
SOCKS filter, 420
Web Proxy service, 410–419
creating. See also configuration
alerts, 340
arrays, 279–280
bandwidth rules, 394–395
dial-up connections, 109–110
enterprise policies, 267, 272–274
extensions, 9
IP packet filters, 179–182
Mail Server Security wizard rules, 260
policies, 131–138, 149
reports, 382–383
routing rules, 204–205
scripts, 9
server publishing rules, 236–237
Web publishing rules, 245
WPAD alias, 118
cs-bytes field, 363
cs-mime type field, 364
cs-protocol field, 363
cs-referred field, 362
cs-transport field, 364
cs-uri field, 364
D
data source name (DSN), 358–359
databases
location, 382
log files, 356–359
reports, 381–382
date field, 361
dedicated network connections, 136–137, 387–389
Default Bandwidth Priority, 389
default gateways
configuration, 64–65
SecureNAT, 91
default settings
access control, 71
alerts, 72
bandwidth rules, 394
caching, 72
clients, 72
enterprise policies, 71, 268
arrays, 266, 274–275, 282
editing, 270–271
overriding, 268
LATs, 70–71
log files, 350, 353
packet filtering, 71
publishing, 72
routing, 72, 204, 208
Web publishing rules, 248
deinstallation, ICS, 55
destination endpoints, 313
destination sets
computer names, 18
bandwidth rules, 143
H.323 Gatekeeper, 330–332
policy element, 140–143, 150
protocol rules, 154
routing rules, 143, 204–207
site and content rules, 143, 154, 166–167
Web publishing rules, 143, 244–245, 252
wildcards, 142
detection, intrusions, 195–197
DNS, 25
filtering, 21
integration, 24–25
POP, 25
deterministic request resolution path, 32–33
DHCP Server, 64–65, 113–115
dial-on-demand connections, 90, 105–107, 346
dial-up connections, 11, 107, 120–121. See also connections
bandwidth, 386–387
closing, 108
configuration, 65, 103–105
creating, 109–110
Firewall service, 108–109
NNTP, 103
policy elements, 140
POP3, 103
requests, 110
SecureNAT, 91–92, 122
troubleshooting, 122–123, 426
digital certificates authentication, 7, 437
Digital Subscriber Line (DSL), 53
direct connections, 64
direction, protocol definitions, 145–146
Discard protocol, 157
disk allocation, 49
distributed caching. See CARP
DMZ (perimeter networks), 60–62
DNS (Domain Name System), 92, 97
arrays, 280
automatic discovery, 114
destination, 332
hostname overflow, 25
intrusion detection, 21, 25, 346
IP addresses, 25
queries, 157, 189
registration, 53–54
round robin distribution, 288
wildcards, 142
WPAD, 113–114, 118
WSPAD, 113–114
zone transfers, 25, 157
Documents content group, 168
Domain Admins, 274
Domain Name System. See DNS
downloads
cache content, 226–231
CARP, 292
content schedules, 303
dynamic content, 229
Time To Live (TTL), 228–229
URLs, 31, 227
drives, cache, 214–216
DSL (Digital Subscriber Line), 53
DSN (data source name), 358–359
dual-hop SSL authentication, 13
duplication, proxy servers, 32
dynamic content, caching, 31, 211–213, 229
dynamic filtering, 19
dynamic host configuration protocol (DHCP), 64–65, 113–115
E
E-mail
address aliases, 328
H.323 Gatekeeper rules, 327–330
sending, 343–344, 348–349
SMTP, 345
E1/T1 networks, 387
E164 phone number addressing, 313, 323
E3/T3 networks, 387
Echo protocol, 157
editing
actions, rules, 238
alerts, 341–345
content files, 217
enterprise policies, 270–271
log files, 350
protocol rules, 153
RAM caching, 225
routing rules, 205–206
Email-ID type addressing, 313
enabling/disabling
active caching, 31–32, 223–224
alerts, 340
automatic discovery, 118
caching, 425
CARP, 291
check boxes, 360
dial-up connections, 108–109
intrusion detection, 195–197
IP fragment filtering, 184
IPSec, 299
NNTP, 188
option filtering, 184
packet filtering, 10, 180
POP3 mail service, 185–186
Proxy Server 2.0 services, 79
service log files, 352
SMTP mail, 187
SMTP service, 259
Web content, 190–191
Web requests, 189
Encapsulating Security Payload (ESP), 299
encryption, 23
endpoints, 313–314
Enterprise Admins
initialization, 279
policies, 267, 270
Enterprise Edition, 3–4
Active Directory Storage, 7
arrays, 9
policy elements, 140
enterprise policies, 41
arrays, 266–267, 274–275, 282
backups, 271–272
configuration, 268–271, 275–276
creating, 267, 272–274
default settings, 71, 268–271
firewalls, 4
initialization, 67, 73–74, 279
installation, 48, 67
modes, 53
networks, 56–57
policy elements, 133, 150–151
privileges, 268
protocol rules, 156, 267
Proxy Server 2.0, 81
publishing, 270
restoring, 271–272
site and content rules, 167–168, 267
tiered management, 7
VPNs, 56, 302–303
Enumerated Port Scan attack, 24, 193
error messages, 346–348
Event logging failure event, 346
events
Alert action failure, 345
Asymmetric installation, 345
Cache, 345
Client/server communication failure, 346
Component load failure, 346
Configuration error, 346
Dial on demand failure, 346
DNS Intrusion, 346
error messages, 348–349
Event logging failure, 346
Failed to retrieve object, 346
Intra-array credentials, 346
Intrusion detected, 346
Invalid ODBC log credentials, 346
IP packet dropped, 346
IP Protocol violation, 346
IP Spoofing, 346
location, 342
Log failure event, 346
log files, 343–344
messages, 347–348
Network configuration changed, 346
OS component conflict, 346
thresholds, 342–343
viewing, 340, 425–426
Exchange Server. See Microsoft Exchange Server
executing
alerts, 343–345
programs, 343–344
expiration policies
caching, 218
FTP, 218
HTTP, 218, 220
objects, 221–222
extensions
arrays, 283
content group files, 169–174
creating, 9
protocols, 15
SDK, 15
external networks
access control, 38
clients, 30
dial-out connections, 107
Exchange Server, 258
name resolution, 92
Ping utility, 65
publishing, 54
troubleshooting, 440
F
Failed to retrieve object event, 346
fault tolerance
arrays, 9, 287–288
chaining, 33
Firewall service, 288
ISA Server Enterprise Edition, 3
SecureNAT service, 288–289
fields
check boxes, 360
Firewall services, 360–367
log files, 360–361
packet filtering, 370–371
Web Proxy services, 360–367
File Transfer Protocol. See FTP
files, content groups, 169–174
filtering. See also IP packet filters; packet filtering
applications, 11, 19–22
bandwidth rules, 22
caching, 210–211
circuit-level (protocol), 18–19
dynamic, 19
FTP access, 20
H.323 Gatekeeper, 20–21
HTTP Redirector, 20
intrusion detection, 24–25
packets, 17–18
ports, 19
protocols, 19, 22
RPC, 20
sessions, 18
SMTP, 20
SOCKS, 20
streaming media, 21
Web, 8
Finger protocol, 158
Firewall mode, 52–53, 69
access control, 133
packet filtering, 71
publishing, 234
Firewall service
access control, 89–90
applications, 88
authentication, 12–13, 88, 135
automatic discovery, 112–115, 118
cache, 368–370
chaining, 133
clients, 10
connections, 90, 106, 108–109
fault tolerance, 288
fields, 360–367
installation, 4, 48–49, 88, 92–93, 101–102
internal networks, 121
instrusion detection, 12
LATs, 71
log files, 350, 356, 366
media, 12
Mspclnt.ini file, 94
name resolution, 97
object source, 367
operating systems, 88, 93
performance counters, 401, 407–409
protocols, 88, 152
requests, 92
restarting, 110, 123–125
result code, 367–368
roaming computers, 90
secure server publishing, 12
security, 4–5
transparency, 12
troubleshooting, 121
VPN, 12
Web cache integration, 5
Winsock applications, 94–97
Wspcfg.ini file, 94–95
502 error message, 440
forward caching, 5, 28–29, 49–50, 202
403 error message, 442
FQDN (fully qualified domain name), 53
fragment filtering, 183–184
frame relay networks, 387
FTP (File Transfer Protocol), 8, 158
Access Filter, 20
caching, 202
clients, 156
expiration policies, 218
objects, 220–221
server connections, 242–243
fully qualified domain name (FQDN), 53
G
gatekeepers, 309, 318
gateway, 309, 331
Getting Started wizard, 137–138
GMT (Greenwich Mean Time), 353
Gopher, 156, 158
graphical reports. See reports
graphical taskpads, 14
Greenwich Mean Time (GMT), 353
groups, 2, 145
H
H.323 Gatekeeper, 20–21, 158
addressing, 313
clients, 313, 315–319
conference calls, 310–312, 322–326
destinations, 330–332
E-mail address rules, 327–330
endpoints, 313–314
filters, 400
gateways, 309
inbound calls, 333–334
installation, 317
IP address rules, 326–327
MCUs, 309
outbound calls, 334–335
performance counters, 420
phone number rules, 323–326
PSTN, 312–313
restarting, 124–125
snap-in, 310
standards, 309
hardware, 4, 48–49
hierarchy, caching, 13, 33–34
high ports, 25
hostnames, overflow, 25
HTML Documents content group, 168
HTTP (Hypertext Transfer Protocol), 8, 147
caching, 31, 202
configuration, 157
expiration policies, 218, 220
HTTPS, 158
objects, 10, 219–220
Redirector Filter, 20
response headers, 218
I
I/O (input/output) failures, 403
IANA (Internet Assigned Numbers Authority), 70
ICA (Intelligent Console Architecture), 158
ICANN (Internet Corporation for Assigned Names and Numbers), 53
ICMP (Internet Control Message Protocol), 24
ICQ protocol, 158
ICS (Internet Connection Sharing), 55
Ident protocol, 158
IETF (Internet Engineering Task Force), 6
IIS (Internet Information Services), 58
IKE protocol, 158
Images content group, 168
IMAP4 (Internet Messaging Access Protocol 4), 158, 258
inbound bandwidth, 389
incoming mail. See mail; POP3 mail
inheritance, enterprise policies, 274–275
initialization, enterprise, 67, 73–74, 279
input/output (I/O) failures, 403
installation
Active Directory, 54
add-in services, 68
administration tools, 69
arrays, 50–51, 68, 281, 283
caching, 4, 49–50, 69
connection requirements, 49
content groups, 168–174
disk allocation, 49
enterprise, 67, 73–74
Firewall service, 4, 48–49, 88, 92–93, 101–102
H.323 Gatekeeper, 317
hardware requirements, 48–49
integrated mode, 4
ISA Server, 4, 68, 69–77
ISPs, 53
LATs, 70–71
memory, 49
modes, 52, 69
networks, 47, 64
operating systems, 48
protocol definitions, 157–160
publishing, 50
RAM, 49
remote administration, 48
schemas, 67
SecureNAT service, 88
Setup screen, 66–67
standalone servers, 279–281
Web Proxy service, 88
Windows NT 4.0, 54
Integrated mode, 4, 52, 69
access control, 133
packet filtering, 71
server publishing, 234
Web publishing, 234
Integrated Services Digital Network (ISDN), 48, 65
Integrated Windows, 437
integration
Active Directory, 14
administration, 38
firewall and Web cache server, 5
intrusion detection, 24–25
vendor support, 15
VPNs, 7, 12, 22–23, 294–295
Intelligent Console Architecture (ICA), 158
inter-enterprise conference calls, 311–312
Interactive Mail Access Protocol (IMAP), 158, 258
internal networks
clients, 28–29, 38
Firewall, 121
LATs, 70
memory, 49
name resolution, 92
Ping utility, 65
protocol rules, 133
publishing, 54, 90, 240–242
SecureNAT, 90
site and content rules, 133
Internet
access control, 133
connections, 108–109
firewalls, 5
IANA, 70
ICS, 55
ICMP, 24
ICANN, 53
IIS, 58
IKE, 158
ILS, 331
IMAP4, 158, 258
IRC, 158
ISAPI, 8
ISPs, 53
RFC, 6
Internet Explorer 5.0
automatic discovery, 116
Web Proxy service, 99, 101
intra-array communication, 291–292, 346
intra-enterprise conference calls, 310, 311
Intrusion Detected event, 346, 348–349
intrusions12,
detection, 21, 24–25, 195–197
IP half scan attacks, 192–194
land attacks, 192–194
ping of death attacks, 192–194
port scan attacks, 24, 192–193
troubleshooting, 427–428
UDP bomb attacks, 192, 195
Windows out-of-band attacks, 192
Invalid dial-on-demand credentials event, 346
Invalid ODBC log credentials event, 346
IP addresses
H.323 Gatekeeper, 326–327
LATs, 70
length overflow, 25
network adapters, 65
private, 70
rules, 134
SecureNAT, 121
server publishing, 26
IP half scan attack, 24, 192, 194
IP packet filters, 17–18, 178
allow filters, 179
block filters, 179
creating, 179–182
dropped event, 346
Exchange Server, 258
fragment filtering, 183–184
local computers, 182
log files, 183–185
NNTP, 188
option filtering, 183–184
parameters, 179–180
POP3 mail service, 185–186
ports, 178
protocols, 180–181
publishing, 239–240
remote computers, 182
servers, 181
SMTP mail, 187
Web content, 190–191
Web requests, 189
IP Protocol violation event, 346
IP Spoofing event, 346
IPSec, 299
IPX protocol, 80
IRC (Internet Relay Chat), 158
ISA Management, 7, 8, 37–41
client sessions, 161
remote adminstration, 48
Web Proxy service, 97
ISA Server
Enterprise Edition, 3, 4, 7–9, 40–41, 140
Exchange Server, 258
Firewall service, 400
installation, 4, 72–77
objects, 400
packet filters, 400
procedures, 68–70
log files, 352, 354
Reports tool, 424–425
Security Configuration wizard, 136–137
Standard Edition, 4
starting/stopping, 345
Web Proxy service, 400
Web publishing server, 249–250
Windows 2000, 68
ISA Services, 68
ISA Virtual Private Network Configuration wizard, 296, 298
ISAPI (Internet server application programming interface), 8
ISDN (Integrated Services Digital Network), 48, 65
ISPs (Internet Service Providers), 53
Next
Last Updated: Friday, July 6, 2001 |
