|
|
 |
|
|
|
Microsoft® Internet Security and Acceleration (ISA) Server 2000 Administrator's Pocket Consultant
|
|
|
Author |
|
Jason Ballard and Bud Ratliff
|
|
|
Pages |
336
|
|
Disk |
N/A
|
|
Level |
Beg/Int
|
|
Published |
06/18/2003
|
|
ISBN |
9780735614420
|
|
ISBN-10 |
0-7356-1442-3
|
|
Price(USD) |
$29.99
To see this book's discounted price, select a reseller below.
|
|
|
|
|
|
|
|
|
Index
A
access control filters
inbound, 147, 166-69
outbound, 141-44
access policies, 120-28, 128-40. See also policy elements
application filters, 140-44
bandwidth rules, 128-31
defined, 119
IP packet filters, 126-28
outgoing Web requests, 135-40
processing outgoing requests, 119-20
protocol rules, 123-25
routing rules, 131-35
site and content rules, 120-23
Web filters, 144
Access Policy folder, 14-15
Actions tab, alert configuration, 91-92
Active Caching, 5, 37
Active Directory directory service, 201-9
arrays, 202-7
domain integration, 207-9
Group Policy-based firewall client installation, 53-54
ISA Server integration with, 5-6, 27-28
Proxy Server upgrade, 74
stand-alone vs. array members, 201-2
Active Directory Schema console, 29
Active Directory Users and Computers, 53
add-ons, 18
Add/Remove Programs
Feature Pack 1 uninstall, 41
H.323 Gatekeeper installation, 243
Internet Connection Wizard, 68
ISA Server uninstall, 42
removing ISA Server from SBS, 71
Address Mapping page. See also server publishing rules.
Citrix server publishing rule, 193
DNS server publishing rule, 195-96
HTTPS server publishing rule, 177-78
RDP publishing rule, 192
SQL server publishing rule, 190
administration, ISA Server, 3-20
add-ons, 18
caching mode, 4-5
command-line utilities, 18
firewall mode, 3-4
ISA community, 18
ISA Management Console, 12-17
MMCs commonly used, 17
product editions. see product editions
remotely, 19-20
wizards, 17
administrative requirements
arrays, 203
enterprise policies, 211, 213-18
firewall clients, 54
logging to database, 98
Proxy Server upgrade, 74
Advanced Calling Option, NetMeeting, 248-49
Advanced tab, cache configuration, 37-38
Advanced view, ISA Management Console
aborting sessions, 86-87
overview of, 13
resetting alerts, 93
viewing alerts, 92
alerts, 88-93
capturing with Windows 2000 event log, 90
configuring, 91-92
creating, 88-91
e-mail messages, 89-90
intrusion detection with, 275, 279
resetting, 93
running programs with, 90
stopping Proxy 2.0 Server, 77
viewing, 92
allow rules. See access policies
ALTADDR command, 194
antivirus software, 271
application filters
disabling protocol definitions, 110
inbound access control, 147, 166-69
outbound access control, 141-44
Application Usage reports, 95
Array Membership tab, 38-39
array policies. See also enterprise policies
allowing, 218
back up and restore, 220-21
configuring, 219
enterprise policies, 212, 219-20
overview of, 211
policy elements and, 105
arrays
creating and configuring, 202-7
installing Feature Pack 1 on, 41
membership, 27-30
reports on, 94
resolving requests within, 138, 152
stand-alone vs., 201-2
upgrading Proxy Server 2.0, 74, 77-78
The Art of Deception (Mitnick and Simon), 270
attacks
firewalls and, 4
intrusion detection and, 272-75
preventing, 271
types of, 270, 272
authentication
basic, 132
HTTP Redirector filter, 142
incoming listener, 151
Integrated Windows, 132
outgoing listener, 136-37
outgoing Web requests, 137-38
publishing OWA server and, 187
RSA SecurID, 285-86
authentication, Web publishing
incoming, 151, 152
installation modes, 147
prerequisites for, 149
Automatic Discovery, 33-35
autorun, 22
B
BackOffice word, 67
back-to-back perimeter network. See perimeter networks, back-to-back
Backup Enterprise Configuration dialog box, 215
Backup Route tab, Web proxy clients, 50
backups
array configuration, 220-21
array members, 205
enterprise configuration, 215
Proxy Server 2.0, 73, 75
bandwidth priorities
associated rules, 104
defined, 15
overview of, 117-18
bandwidth rules
Bandwidth Rules folder, 15
configuring, 128-31
creating, 129
basic authentication, 132
batch files, 54-55
bidirectional affinity, 230
C
CA (Certificate Authority), 177
Cache Array Routing Protocol. See CARP
Cache Configuration, ISA Management Console, 16, 39-40
cache configuration properties, 36-38
cache mode, 35-40
comparing with other modes, 24-25
installation requirements, 7-8
installing ISA Server on SBS, 60-61
intra-array address, 38-39
link translation, 160
load factor, 38
overview of, 4-5
properties, 36-38
schedule content downloads, 39-40
size, 36
Web publishing and, 147
call routing rules, 245-48
e-mail address rule, 247
IP address rule, 248
phone number rule, 248
CARP (Cache Array Routing Protocol)
configuring, 223-26
defined, 223
Web proxy client configuration, 50
Certificate Authority (CA), 177
certificates, Web server, 177
checklist, security, 278-79
Chkwsp32 command, 18
Citrix server, 192-94
client address sets
associated rules, 104
Exchange server publishing, 183, 186
overview of, 109-10
server publishing and, 162
Web publishing and, 149
Client Configuration, ISA Management Console, 17, 49
Client Type address, 122
clients, 45-58
Citrix, 194
firewall clients, 51-57
network infrastructure dependencies, 57-58
overview of, 45
publishing Exchange server, 183
remote connections with VPN, 234-37
SecureNAT clients, 46-48
server publishing prerequisites, 162
session types, 86
Web proxy clients, 48-51
cluster parameters, configuring, 227-28
command-line utilities, 18, 85
Computers folder, ISA Management Console, 14
configuration, ISA Server, 30-40
Automatic Discovery, 33-35
cache, 35-40
Local Address Table, 31-32
Local Domain Table, 32-33
overview of, 30
connectoids, VPN client, 236-37
content groups
associated rules, 104
defined, 15
overview of, 112-14
Control Panel, firewall client configuration, 55-56
Credentials tab, reports, 94
D
databases, ODBC, 98-100
dedicated servers, 271, 282
demilitarized zone (DMZ). See perimeter networks
denial of service (DoS) attacks, 270
deny rules. See access policy
Deploy Software dialog box, firewall client, 53-54
description field, Bandwidth Rules, 129
destination name
e-mail address rules, 247
IP address rules, 248
phone number rules, 246
destination sets
defining, 104
overview of, 107-8
publishing Web servers, 149, 174-75
DHCP (Dynamic Host Configuration Protocol), 58, 69
dial-up connections, 69
dial-up entries
associated rules, 104
defined, 16
overview of, 114-17
dictionary, link translation, 160-61
Direct Access tab, 50-51
distributed caching, 5-6
DMZ (demilitarized zone). See perimeter networks
DNS (Domain Name System)
client dependencies, 57-58
dynamic services for SBS, 69
intrusion alerts, 89
LAT and, 32
publishing DNS server, 194-97
publishing Exchange server, 183, 185
publishing OWA server, 187
publishing servers, 162, 172
publishing Web servers, 149
Round Robin, 230
securing network interface adapters, 280-81
SRV records, 241-42
WPAD entry in, 35
DNS Intrusion Detection filter
configuring, 273-74
defined, 141
filtering incoming messages, 166-67
DNS Query packet filters, 196-97
DNS Query Server protocol definition, 195
DNS Zone Transfer Server, 195
documentation, updating, 271
Domain Administrators group, 211
domain integration, 207-9
Domain Name System. See DoS (denial of service) attacks, 270
downloads, scheduled, 5
dynamic DNS, 69
Dynamic Host Configuration Protocol (DHCP), 58, 69
dynamic packet filtering, 164, 165
E
Edit Alias window, 52-53
e-mail
address rules, 247
alerts, 89-90
Enable/Disable icon, 91
End User License Agreement (EULA), 23
Enterprise Administrators group, 74, 211, 213-18
Enterprise Initialization dialog box, 28-29
Enterprise Initialization Tool, 27-28
enterprise policies
array policies and, 28-29, 212
arrays, 212-13, 217-20
back up and restore, 215-16
configuring, 212-13
creating, 214
defaults, 218
deleting, 216
overview of, 211
packet filtering and, 165
permissions for, 216
policy elements and, 105
protocol rules, 124
remote connections, 217
site and content rules, 121
upgrading, 28-29
enterprise technologies, 223-50
Cache Array Routing Protocol, 223-26
H.323 Gatekeeper. see H.323 Gatekeeper
Network Load Balancing, 226-30
Virtual Private Networks. see VPNs
EULA (End User License Agreement), 23
Event Viewer, 88, 92
events
analyzing, 88
logging, 90
monitoring, 87-88
Events tab, alert configuration, 91-92
Excel Workbook (.xls) file, 96
Exchange 2000 server, 182-87
disabling socket pooling, 173
ISA Server and, 183-85
Outlook clients and, 185-87
OWA server and, 187-89
publishing, 182-83
Extensions, ISA Management Console, 16
F
fax server, 70
File And Print Sharing, 278
files
extensions, 113
logging to, 98
system attacks on, 270
File Transfer Protocol. See FTP (File Transfer Protocol) server
filters
application. see application filters
DNS Intrusion Detection. see DNS Intrusion Detection filter
enabling H.323, 244
firewall benefits of ISA Server, 4
IP packet. see IP packet filters
POP Intrusion Detection. see POP Intrusion Detection filter
security checklist, 279
URLScan 2.5, 282-85
Web. see Web filters
firewall chaining, 134-35
Firewall Client Options dialog box, 55
firewall clients, 51-57
Automatic Discovery for, 34
configuration, 55-57
functionality of, 45
Group Policy-based installations, 53-54
IIS Web-based installations, 52-53
overview of, 51
Proxy Server 2.0 vs. ISA Server, 80
session type, 86
silent installations, 54-55
UNC-based installations, 51-52
as Web proxy clients, 57
firewall mode, 4, 24-25
Firewall Service
defined, 83
logging transactions, 96-100
monitoring, 83-85
starting, 90-91
stopping, 90
FTP Access Application Filter, enabling, 182
FTP access filter, 141-42
FTP (File Transfer Protocol) server, 178-82
disabling socket pooling, 173
ISA server and, 180-82
packet filtering and, 179-80
publishing in trihomed perimeter network, 265-66
FTP tab, cache configuration properties, 37
full installations, 243
G
gatekeepers. See H.323 Gatekeeper
gateways, H.323, 241
gateway-to-gateway VPNs, 231-34
General tab
alert configuration, 91
cache configuration, 37
reports, 94
Getting Started Wizard, 17
GPO (Group Policy Object), 53-54
H
H.323 filter, 141, 167-68
H.323 Gatekeeper, 241-49
adding to ISA Server, 244
call routing rules, 245-48
configuring, 244-45
defined, 83, 223
enabling, 244
installing, 243
monitoring, 84-85
NetMeeting clients and, 248-49
overview of, 241
prerequisites, 241-43
Service Management Console installation, 243-44
Hack Proofing Your Network: Internet Tradecraft (Syngress Media Inc.), 270
Hacking Exposed Windows 2000 (Scambray and McClure), 270
hardware requirements
ISA Server, 7-8, 21-22
ISA Server 2000 Enterprise Edition, 12
SBS 2000, 9
help, ISA Server
events, 87-88
link translation, 158
Urlscan.ini file, 285
hierarchical caching, 5-6
host parameters, 228
hotfixes, 26, 69
.htm (Web page) file, 96
HTTP (Hypertext Transfer Protocol) requests, 119, 282
HTTP Redirector filter
configuring, 47-48, 142-43
defined, 141
firewall clients accessing Web cache, 51
HTTPS (Hypertext Transfer Protocol Secure) requests
content groups and, 113
processing incoming, 153
publishing, 176-78
I
ICA protocol, Citrix, 193
ICSA (International Computer Security Association) Labs certification, 4
ICW (Internet Connection Wizard)
configuring ISA Server on SBS, 63-67
failure to start, 68
troubleshooting ISA Server on SBS, 68-70
Identification page, ISA VPN, 232
IIS (Internet Information Services)
firewall clients, 52-53
Proxy Server 2.0 upgrade, 78, 79, 81
publishing and, 172-74, 176, 181
SBS troubleshooting and, 71
IMAP4 clients, 184-85
information leakage attacks, 270
Install New Modem Wizard, 115
installation, ISA Server, 21-30
array membership, 26-30
Feature Pack 1, 40-41
overview of, 21-25
Service Pack 1, 26
uninstall feature, 42
Windows Server 2003 and, 26
installation modes, publishing, 147
integrated mode
configuration in, 30
installation in, 24-25
publishing in, 147
Integrated Services Digital Network (ISDN) adapter, 22
Integrated Windows authentication, 132
interface configuration, security, 278, 279-80
internal addresses, 61-62
International Computer Security Association (ICSA) Labs certification, 4
Internet Connection Wizard. See ICW Internet Explorer, 49
Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX), 73
intra-array address, 38-39
Intra-Array Communication dialog box, 38-39
intrusion detection, 271-75
alerts and actions, 275
configuring, 272-75
overview of, 271
IP (Internet Protocol) Address Rule, creating 248
IP addresses. See also perimeter networks
LAT configuration, 30
Network Load Balancing configuration, 230
rule creation, 248
security, 278
IP Half Scan attack, 272-73
IP packet filters
array policies, 219
configuring, 128
creating, 126-27
deleting, 127
DNS Query, 196-97
enabling, 164-65
FTP services and, 179-80
incoming requests, 148
IP routing and, 166
logging transactions, 96-100
outgoing requests, 119
publishing services in perimeter networks, 263-67
SBS and, 65-67
security checklist, 278
trihomed perimeter network and, 255-56
IP routing, 166, 245
IPSec NAT Transversal, 241
IPX/SPX (Internetwork Packet Exchange/Sequenced Packet Exchange), 73
ISA Management Console
launching, 13
monitoring services, 84-85
monitoring sessions, 85-87
nodes, 14-17
remote administration, 19
views, 13-14
ISA Server Control service, 83, 84-85
ISA Server Feature Pack 1, 40-41
ISA Server Service Pack 1
installation, 7, 26
installation on Windows Server 2003, 25
uninstall of Feature Pack 1, 41
uninstall of ISA Server, 42
ISA Server 2000
administering, administration, ISA Server
as caching server, 4-5
clients. see clients
configuring. see configuration, ISA Server
defined, 3
as firewall server, 4
installing. see installation, ISA Server
monitoring. see monitoring
reporting. see reports
upgrade from Proxy Server 2.0. see Proxy Server 2.0
ISA Server 2000 CD
Enterprise Initialization Tool, 27-28
Installation Guide, 22
ISA Server 2000 Enterprise Edition
arrays and, 211
CARP support, 223
comparing product editions, 5-6
DNS configuration, 58
enterprise policies and, 211
overview of, 11-12
stand-alone vs. array members, 201-2
ISA Server 2000 Standard Edition
comparing product editions, 5-6
DNS configuration, 58
overview of, 10-11
stand-alone, 201-2
ISA Virtual Private Network Configuration Wizard, 231
ISDN (Integrated Services Digital Network) adapter, 22
K
Keywords tab, SMTP filter, 168-69
L
L2TP protocol packets, 234-36, 239-40
LAND attacks, 272-73
LAT (Local Address Table)
back-to-back perimeter networks, 257-58
DNS configuration, 57
intra-array communication, 225
ISA server installation and, 25
ISA server installation on SBS, 61-62
newly installed ISA Server, 31-32
public address back-to-back perimeter networks, 260-63
publishing, 172
trihomed perimeter network, 255-56
LDAP (Lightweight Directory Access Protocol), 27-28
LDT (Local Domain Table)
DNS configuration, 57
newly installed ISA Server, 32-33
Web proxy client, 50
licensing
ISA Server 2000 Enterprise Edition, 12
ISA Server 2000 Standard Edition, 11
Small Business Server 2000, 9
Lightweight Directory Access Protocol (LDAP), 27-28
link translation, 158-61
caching, 160
dictionary, 160-61
Link Translator filter, 158-59
Link Translation tab, Web publishing rule, 159, 160, 160-61
Link Translator filter, 144
Live Stream Splitting, 144
load factor, 38, 225
Local Address Table. See LAT
Local Domain Table. See LDT
Local ISA VPN Wizard, 231-33
log files
components, 96-97
configuring, 97-100
logging user activity, 70
security checklist, 279
Log Summaries tab, 94
logon scripts, 54-55
Loopback Adapter, 261-62
M
Mail Server Security Wizard, 162
MBSA (Microsoft Baseline Security Analyzer), 271
MCUs (multipoint control units), H.323, 241
Message Screener
filtering incoming messages, 168-69
installing, 25
Microsoft
Excel Workbook, 96
Firewall. see Firewall Service
H.323 Gatekeeper. see H.323 gatekeeper
ISA Server 2000. see ISA Server 2000
ISA Server Control, 83
ISA Server setup program, 22
Loopback Adapter, 261-62
newsgroups, 71
Operations Manager 2000, 88
Outlook, 185-87
Proxy Server 2.0. see Proxy Server 2.0
Trustworthy Computing program, 269-71
Web Proxy. see Web Proxy service
Web site information. see Web site information
Microsoft Baseline Security Analyzer (MBSA), 271
Microsoft Windows. See Windows versions
Microsoft Windows Media (MMS), 143
MIME types, 113
MMCs, 14-17
MMS (Microsoft Windows Media), 143
modems, 22, 115
monitoring, 83-93
alerts, 88-93
defined, 83
events, 87-88
ISA Management Console, 14
ISA Server services, 83-84
sessions, 85-87
Monitoring Configuration, ISA Management Console
creating reports, 94
defined, 16
generating reports, 93-94
viewing alerts, 92
Msp2wizi.exe, 76
multipoint control units (MCUs), H.323, 241
multiserver management, 5-6
N
NAT (Network Address Translation), 68
net stop service command, 77
NetBIOS Over TCP/IP, 278
NetMeeting, 20, 248
Excel Workbook, internal client, 248
external client, 249
Netst command prompt, 18
Netstat utility, 81
network adapters
interface configuration, 279-81
ISA Server installation, 21
ISA Server on SBS, 65
LAT configuration, 32
Network Load Balancing, 230
Network Address Translation (NAT), 68
Network and Dial-Up Connections
creating, 114-16
interface adapters, 280
Network Load Balancing, 227
SecureNat clients, 46
VPN clients, 236-37
Network Configuration, ISA Management Console, 16
Network Connection Wizard, 115
Network Load Balancing, 226-30
configuring, 227-30
defined, 223
DNS Round Robin vs., 230
installing, 227-29
overview of, 226
prerequisites, 227
server publishing and, 230
Network News Transport Protocol (NNTP) server, 174
New Alert Wizard, 89-91
New Bandwidth Rule Wizard, 15
New Connection Wizard, 115-16
newsgroups, Microsoft, 71
NNTP (Network News Transport Protocol) server, 174
nodes, ISA Management Console, 14-17
Notepad, 276
O
operating systems, 6-7, 61
Operations Manager 2000, 88
Outbound Web Requests Listener, 80
Outlook, 185-87
OWA server, 187-89, 282-85
OWA Web Publishing Wizard, 189
P
pass-through, VPN, 237-41
passwords, enforcing, 278
PASV (passive) mode, 180, 266
PCAnywhere, 20
performance
ISA Server Web-caching, 5
optimizing server, 140
perimeter networks
overview of, 253
trihomed, 254-56
perimeter networks, back-to-back, 256-63
configuring, 259-63
defined, 253
FTP, 266
ISA Server, 257-58
limitations of, 263
overview of, 256-57
publishing services in, 263-67
Web server, 264
Period tab, reports, 94
permissions
array, 207
fax server, 70
H.323 Gatekeeper, 245
phone number rules, 245-46
Ping command prompt, 18
Ping Of Death attack, 272-73
PNM (Progressive Networks protocol), 143
Point-to-Point Protocol over Ethernet (PPPoE), 65
policies
access. see access policy
array. see array policies
enterprise. see enterprise policies
policy elements. see policy elements
Policies tab, arrays, 219-20
policy elements, 103-18
bandwidth priorities, 117-18
client address sets, 109-10
content groups, 112-14
destination sets, 107-8
dial-up entries, 114-17
Enterprise policies and, 105
ISA Management Console, 15-16
overview of, 103-5
protocol definitions, 110-12
schedules, 105-6
types of, 103
POP Intrusion Detection filter
defined, 141
enabling, 275
incoming messages and, 168
POP3 clients, 184-85
Port 80, 35
Port Rules tab, Network Load Balancing, 228-29
ports
incoming Web requests, 152-53
Network Load Balancing, 228-29
open, 81
outgoing Web requests, 80, 138-39
port scan attacks, 181, 271, 272-73
publishing Web site, 176
remote client connections, 234-37
PPPoE (Point-to-Point Protocol over Ethernet), 65
PPTP protocol packets, 234-36, 237-38
private address back-to-back perimeter networks, 259-60, 263
product editions
basic hardware and server requirements, 7-8
comparing features, 5-6
ISA Server 2000 Enterprise Edition, 11-12
ISA Server 2000 Standard Edition, 10-11
operating system compatibility, 6-7
Small Business Server 2000, 8-9
Progressive Networks protocol (PNM), 143
properties
alerts, 91-92
cache, 36-38
destination sets, 107
Events tab, 92
firewall clients, 56-57
H.323 Gatekeeper, 244
IIS Web-based installation, 52
incoming listeners, 150-52
logs, 97-99
outgoing Web requests, 135-40
protocol rules, 125
reporting job, 93-94
routing rules, 133-34
SecureNAT installation, 46-48
site and content rules, 121
Web proxy clients, 49
Web publishing rules, 155
Web sites, 176
protocol rules
access to H.323 protocol, 242-43
configuring, 125
creating, 124
deleting, 125
outgoing request order, 119
publishing Exchange, 186-87
security checklist, 279
protocols
associated rules, 104
Citrix ICA, 193
defined, 15
DNS server, 195
Exchange server, 184
HTTPS sites, 177
overview of, 110-12
prerequisites, 162
RDP, 191-92
SQL server, 190
Proxy Alert Notification Service, 77
Proxy Server 2.0, 73-82
backups, 75
ISA Server upgrade, 76-79
ISA Server vs., 80-81
prerequisites, 73-74
removing from array, 77-78
stopping services, 77
uninstalling, 75
Windows NT 4, 74-76
Proxy Server Administration service, 77
public address back-to-back perimeter networks, 260-63
public IP addresses, 254-56
published servers, 81
publishing, 147-97. See also server publishing rules; Web publishing
application filters, 166-69
back-to-back perimeter networks, 258
Citrix server, 192-94
defined, 147
DNS server, 194-97
Exchange 2000 server, 182-87
FTP server, 178-82
HTTPS server publishing rule, 177-78
installation modes, 147
OWA server, 187-89
perimeter network services, 263-67
prerequisites, 171-74
processing incoming requests, 148
Publishing folder, 15
Remote Desktop, 191-92
requirements, 8
routing and IP packet filters, 164-66
rules, 219
secured Web sites (HTTPS), 176-78
server, 161
SQL server, 189-91
Terminal Server, 191-92
Web server, 174-76
Q
Query Analyzer, 99
R
RAM
forward caching, 7
high-performance Web caching, 5
publishing, 8
Windows Server platform and, 6
RDP (Remote Desktop Protocol) definition, 191-92
Real Time Streaming Protocol (RTSP), 143
remote administration, 19-20
Remote Desktop, 191-92
Remote ISA VPN Wizard, 231, 233-34
reports, 93-100
defined, 83
generating, 93-94
logging alerts, 90
logging transactions, 96-100
saving, 96
types of, 95
viewing, 95
Resolve Requests Within Array Before Routing check box, 138
restores
array configuration, 205-6, 220-21
enterprise configuration, 215-16
Rmisa.exe tool, 42, 71
Round Robin, DNS, 230
ROUTE ADD command, 22, 172, 183
Route Add command prompt, 18
Router Scope option, 46-47
routing, 166, 172
Routing and Remote Access Service. See RRAS
routing rules, 131-35
configuring, 133-34
creating, 131-33
deleting, 133
firewall chaining, 134-35
incoming requests, 148
outgoing requests, 120
RPC filter
defined, 141
filtering incoming messages, 168
publishing Exchange, 185-87
RPC Publishing Wizard, 185-87
RRAS (Routing and Remote Access Service)
gateway-to-gateway VPNs, 234
remote client connections, 235-38
troubleshooting, 68
RSA SecurID, 285-86
RTSP (Real Time Streaming Protocol), 143
S
saving, reports, 96
SBS (Small Business Server) 2000, 59-72
common procedures, 68-71
configuring, 63-67
features of, 5-6, 8-9
installing, 60-63
limitations of, 59-60
overview of, 59
removing, 71
resources for, 71
troubleshooting, 68-71
scalability
comparing product editions, 5-6
ISA Server 2000 Enterprise Edition, 11-12
ISA Server 2000 Standard Edition, 10
Small Business Server 2000, 8
Schedule tab, reports, 94
Scheduled Content Download
CARP and, 226
configuring jobs, 39-40
defined, 83
monitoring, 83-85
overview of, 5
starting, 90-91
stopping, 90
schedules
associated rules, 104
defined, 15
overview of, 105-6
scope field, Bandwidth Rules, 129
scope options, SecureNat, 46-47
screened subnets. See perimeter networks
scripted attacks, 270
SecureNAT clients
Citrix server and, 193
configuring, 47-48
DNS requirements, 57-58
firewall chaining, 134-35
functionality of, 45
installing, 46-47
Network Load Balancing and, 229
published servers and, 81
session types, 86
as Web proxy clients, 57-58
SecurID, 285-86
security, 269-88
attacks and, 270
checklist, 278-79
disabling services, 281-82
enterprise administration, 216
firewalls and, 4
intrusion detection, 271-75
network interface adapters, 279-81
permissions, 216
references on, 286
running ISA Server on a dedicated server, 282
Security Configuration Wizard, 275-76
Security reports, 95
templates, 276-78
Trustworthy Computing program, 269-71
URLScan 2.5, 282-85
Web authentication with RSA SecurID, 285-86
Security Configuration Wizard, 275-76, 276-78
Security Mail Publishing Wizard, 184-85
server publishing
Citrix server, 192-94
configuring, 161-64
DNS server, 194-97
Exchange server, 182-87
FTP server, 178-82
HTTPS server, 177-78
installation modes for, 147
Network Load Balancing and, 230
OWA server, 187-89
RDP, 191-92
SQL server, 189-91
SSL tunneling and, 158
Terminal Server, 191-92
Web server, 174-76
server publishing rules
back-to-back perimeter networks, 258
Citrix, 193-4
DNS server publishing rule, 196
configuring, 162-63
defined, 15
HTTPS server publishing rule, 178
DNS, 195-96
OWA server publishing rule, 188-89
publishing Exchange, 186
RDP, 192
SQL server, 190-91
Server Publishing Wizard, 17
service packs, 7, 26
service records (SRV), DNS, creating, 241-42
services
disabling unneeded, 271, 278, 281-82
monitoring, 83-85
providing ISA Server functions, 83
starting, 90-91
stopping, 90
sessions
aborting, 86-87
defined, 85
determining type of, 86
monitoring, 85-86
site and content rules
order for outgoing requests, 119
overview of, 121-23
publishing Exchange, 185
security checklist for, 278
size, cache, 36
Small Business Server 2000 Setup Wizard, 60-63
Small Business Server ICW (Internet Connection Wizard), 63-67, 68
SMTP (Simple Mail Transfer Protocol) clients, 184-85
SMTP filter, 141, 168-69
SMTP (Simple Mail Transfer Protocol) server
disabling socket pooling, 173-74
publishing in trihomed perimeter network, 267
sending e-mail alert messages, 89
social engineering attacks, 270
socket pooling, 172-74, 180
SOCKS V4 filter, 141, 143
software requirements
ISA Server 2000 Enterprise Edition, 12
ISA Server installation, 21-22
Small Business Server 2000, 9
SQL Server, 98-99, 189-91
SRV (service records), DNS, 241-42
SSL (Secure Sockets Layer)
bridging, 157
certificates, 147, 153
port, 139
publishing sites, 176-78
tunneling, 158
stand-alone ISA Servers
characteristics of, 201-2
configuring. see ISA Server, configuring
installing, 21-26
multidomain configuration/trust relationships, 208-9
Standard/Enterprise Editions installed as, 6
uninstalling, 42
static packet filtering, 164, 255-56
streaming media filters, 141, 143-44
Summary reports, 95-96
System DSN, 99-100
T
Task Bar, 55
Taskpad view, ISA Management Console
aborting sessions, 86-87
overview of, 13
resetting alerts, 93
viewing alerts, 92
TCP port, 138
TCP/IP (Transmission Control Protocol/Internet Protocol), 21
technical attacks, 270-71
Telnet command prompt, 18
templates, security, 275-78
Terminal Services, 19, 191-92
terminals, H.323, 241
terminology, upgrading Proxy Server, 74
tiered policy, 5-6
Tracer command prompt, 18
Traffic & Utilization reports, 95
Transmission Control Protocol/Internet Protocol (TCP/IP), 21
trihomed ISA Server perimeter network
configuring, 255-56
defined, 253
interface configuration, 254-55
limitations, 256, 263
overview of, 254
publishing services in, 263-67
Trojan Horses (scripted attacks), 270
troubleshooting, ISA Server on SBS, 68-71
trust relationships, 207-9
Trustworthy Computing program, 269-71
U
UDP Bomb attack, 272-73
UNC (Universal NamingConvention), 51-52
Uniform Resource Locator (URL), 50
uninstallation
ISA Server, 42
ISA Server Feature Pack 1, 41
Universal Naming Convention (UNC), 51-52
upgrades
from Proxy Server 2.0. see Proxy Server 2.0
Small Business Server, 59
Windows NT 4.0, 207-8
Winsock clients to firewall clients, 80
URL (Uniform Resource Locator), 50
URLScan 2.5, 282-85
configuring Urlscan.ini file, 284
disabling URLScan Web filter, 284
installing, 283
overview of, 282
Urlscan.ini file, 284-85
User Manager, 110
users, logging activity, 70
V
views
alert, 92
events, 87-88
ISA Management Console, 13-14
reports, 95
sessions, 85-87
Virtual Network Computing (VNC), 20
viruses (scripted attacks), 270, 271
VNC (Virtual Network Computing), 20
VPN Client Wizard, 234-36
VPNs (Virtual Private Networks), 231-41
client connectoids, 236-37
defined, 223
gateway-to-gateway, 231-34
ISA Server as, 231
pass-through, 237-41
remote clients, 234-37
W
Web filters
authentication with RSA SecuID, 285-86
inbound access with, 158-61
overview of, 144
Web page (.htm) file, 96
Web proxy clients
Automatic Discovery for, 34
configuring, 49-51
DNS requirements, 57-58
firewall/SecureNAT clients configured as, 57
functionality of, 45
installation, 49
overview of, 48-51
session types, 86
Web proxy rules, 131
Web Proxy Service
defined, 83
logging transactions, 96-100
monitoring, 83-85
starting, 90-91
stopping, 90
Web publishing, 148-61
accessing secured sites, 157-58
disabling socket pooling, 173
incoming Web requests, 149-53
installation modes, 147
overview of, 148
prerequisites, 149
SSL bridging and, 157-58
Web filters, 158-61
Web server, 174-76
Web publishing rules
back-to-back perimeter networks, 258
configuring, 155-56
creating, 154-55
defined, 15, 147
deleting, 155
disabling, 156
enabling, 156
link translation and, 159-61
OWA server, 188
processing order, 148, 156-67
Web sites behind ISA server, 175
Web sites on ISA server, 176
Web Publishing Wizard, 17
Web requests, incoming
CARP, 224-25
DNS server, 195
HTTPS site, 177
overview of, 149-53
publishing servers and, 162
SQL server, 189
Web requests, outgoing
CARP, 224
configuring, 135-40
Web servers
overview of, 174-76
in trihomed perimeter network, 264
Web site information
add-ons, 18
antivirus software, 271
event analysis, 88
Feature Pack 1, 283
firewall clients, 51, 54
hotfixes, 26
ISA community support, 18
ISA Server reports, 100
Loopback Adapter, 262
newsgroups, 71
PPPoE configuration, 65
Proxy Server 2.0, 76, 81
remote administration, 19
reporting, 100
RSA SecurID, 286
SBS, 9, 59, 69, 71
security, 269, 271
service packs, 26
supernetting, 255
upgrading Windows NT4, 75
Urlscan.ini file configuration, 285
Web Usage reports, 95
Weekends schedule, access policy, 105
Windows NT 4.0, 74-76, 207-8
Windows Server 2003
domain configuration/trust relationships, 208-9
ISA Server installation, 26
memory/processor support, 6-7
network dial-up connections, 115-16
Network Load Balancing and, 230
socket pooling, disabling, 173
Windows 2000
domain configuration/trust relationships, 208-9
ISA Server installation, 22
logging alerts to Event Log, 90
network dial-up connections, 114-15
Network Load Balancing, 230
socket pooling, disabling, 173-74
upgrading Proxy Server, 73, 74-76
WinNuke (Windows Out-Of-Band) attack, 272-73
WINS, 280-81
Winsock clients, 80-81
Winsock Proxy Service, 77
wizards. See also specific wizard names
ISA Server, 17
ISA Server VPN, 231
publishing, 147
Work Hours schedule, access policy, 105
World Wide Web Publishing service, 77
worms (scripted attacks), 270
WPAD (Web Proxy Autodiscovery Protocol), 33-35, 50
Last Updated: June 19, 2003
|
