List of Figures - Dr. Tom Shinderamp;#039;s Configuring ISA Server 1002004 [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Dr. Tom Shinderamp;#039;s Configuring ISA Server 1002004 [Electronic resources] - نسخه متنی

Thomas W. Shinder; Debra Littlejohn Shinder

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Back Cover Dr. Tom Shinder's Configuring ISA Server 2004 Introduction Acknowledgments About the Authors Technical Editor A Note From the Publisher From Deb and Tom Shinder, Authors Chapter 1: Evolution of a Firewall: From Proxy 1.0 to ISA 2004 The Book: What it Covers and Who It's For It's in the Book: What We Cover This Book's For You: Our Target Audience Security: The New Star of the Show Security: What's Microsoft Got to Do with It? Security: A Policy-Based Approach Security: A Multilayered Approach Firewalls: The Guardians at the Gateway Firewalls: History and Philosophy Firewalls: Understanding the Architecture Firewalls: Features and Functionality Firewalls: Role and Placement on the Network ISA: From Proxy Server to Full-Featured Firewall ISA: A Glint in MS Proxy Server's Eye ISA: A Personal Philosophy Summary Chapter 2: Examining the ISA Server 2004 Feature Set The New GUI: More Than Just a Pretty Interface Examining the Graphical Interface Examining The Management Nodes Teaching Old Features New Tricks Enhanced and Improved Remote Management Enhanced and Improved Firewall Features Enhanced and Improved Virtual Private Networking and Remote Access Enhanced and Improved Web Cache and Web Proxy Enhanced and Improved Monitoring and Reporting Multi-Networking Support New Application Layer Filtering (ALF) Features VPN Quarantine Control Missing in Action: Gone but Not Forgotten Live Media Stream Splitting H.323 Gateway Bandwidth Control Active Caching Summary Solutions Fast Track New GUI: More Than Just a Pretty Face Teaching Old Features New Tricks New Features on the Block Missing in Action: Gone But Not Forgotten Frequently Asked Questions Chapter 3: Stalking the Competition: How ISA 2004 Stacks Up Firewall Comparative Issues The Cost of Firewall Operations Specifications and Features Comparing ISA 2004 to Other Firewall Products ISA Server 2004 Comparative Points Comparing ISA 2004 to Check Point Comparing ISA 2004 to Cisco PIX Comparing ISA 2004 to NetScreen Comparing ISA 2004 to SonicWall Comparing ISA 2004 to WatchGuard Comparing ISA 2004 to Symantec Enterprise Firewall Comparing ISA 2004 to Blue Coat SG Comparing ISA 2004 to Open Source Firewalls Summary Comparing Architecture Comparing Functionality Comparing Cost Solutions Fast Track Firewall Comparative Issues Comparing ISA 2004 to Other Firewall Products Frequently Asked Questions Chapter 4: ISA 2004 Network Concepts and Preparing the Network Infrastructure Our Approach to ISA Firewall Network Design and Defense Tactics Defense in Depth ISA Firewall Fallacies Software Firewalls are Inherently Weak You Can't Trust Any Service Running on the Windows Operating System to be Secure ISA Firewalls Make Good Proxy Servers, but I Need a 'Real Firewall' to Protect My Network ISA Firewalls Run on an Intel Hardware Platform, and Firewalls Should Have 'No Moving Parts' 'I Have a Firewall and an ISA Server' Why ISA Belongs in Front of Critical Assets A Better Network and Firewall Topology Tom and Deb Shinder's Configuring ISA 2004 Network Layout Creating the ISALOCAL Virtual Machine How ISA Firewall’s Define Networks and Network Relationships ISA 2004 Multinetworking The ISA Firewall’s Default Networks Creating New Networks Controlling Routing Behavior with Network Rules The ISA 2004 Network Objects ISA Firewall Network Templates Dynamic Address Assignment on the ISA Firewall’s External Interface Dial-up Connection Support for ISA firewalls, Including VPN Connections to the ISP “Network Behind a Network” Scenarios (Advanced ISA Firewall Configuration) Web Proxy Chaining as a Form of Network Routing Firewall Chaining as a Form of Network Routing Configuring the ISA Firewall as a DHCP Server Summary Solutions Fast Track Our Approach to the ISA Firewall Network Design and Defense Tactics Tom and Deb Shinder's Configuring ISA 2004 Network Layout How ISA Firewalls Define Networks and Network Relationships Frequently Asked Questions Chapter 5: ISA 2004 Client Types and Automating Client Provisioning Understanding ISA 2004 Client Types Understanding theISA 2004 SecureNAT Client Name Resolution for SecureNAT Clients Name Resolution and 'Looping Back' Through the ISA 2004 Firewall Understanding the ISA 2004 Firewall Client ISA 2004 Web Proxy Client ISA 2004 Multiple Client Type Configuration Deciding on an ISA 2004 Client Type Automating ISA 2004 Client Provisioning Configuring DHCP Servers to Support Web Proxy and Firewall Client Autodiscovery Configuring DNS Servers to Support Web Proxy and Firewall Client Autodiscovery Special Considerations for VPN Clients Automating Installation of the Firewall Client Configuring Firewall Client and Web Proxy Client Configuration in the ISA Management Console Group Policy Software Installation Silent Installation Script Systems Management Server (SMS) Summary Solutions Fast Track Understanding the ISA 2004 SecureNAT Client Understanding the ISA 2004 Web Proxy Client Understanding the ISA 2004 Firewall Client Frequently Asked Questions Chapter 6: Installing and Configuring the ISA Firewall Software Pre-installation Tasks and Considerations System Requirements Configuring the Routing Table DNS Server Placement Configuring the ISA Firewall's Network Interfaces Unattended Installation Installation via a Terminal Services Administration Mode Session Performing a Clean Installation on a Multihomed Machine Default Post-installation ISA Firewall Configuration The Post-installation System Policy Performing an Upgrade Installation Performing a Single NIC Installation (Unihomed ISA Firewall) Quick Start Configuration for ISA Firewalls Configuring the ISA Firewall's Network Interfaces Installing and Configuring a DNS Server on the ISA Server Firewall Installing and Configuring a DHCP Server on the ISA Server Firewall Installing and Configuring the ISA Server 2004 Software Configuring the Internal Network Computers Hardening the Base ISA Firewall Configuration and Operating System ISA Firewall Service Dependencies Service Requirements for Common Tasks Performed on the ISA Firewall Client Roles for the ISA Firewall Lockdown Mode Connection Limits DHCP Spoof Attack Prevention Summary Solutions Fast Track Pre-installation considerations Performing a clean installation Default Post-install System Policy and Firewall Configuration Frequently Asked Questions Chapter 7: Creating and Using ISA 2004 Firewall Access Policy Introduction ISA Firewall Access Rule Elements Protocols User Sets Content Types Schedules Network Objects The Rule Action Page The Protocols Page The Access Rule Sources Page The Access Rule Destinations Page The User Sets Page Access Rule Properties The Access Rule Context Menu Options Configuring RPC Policy Configuring FTP Policy Configuring HTTP Policy Ordering and Organizing Access Rules How to Block Logging for Selected Protocols Disabling Automatic Web Proxy Connections for SecureNAT Clients Using Scripts to Populate Domain Name Sets Using the Import Scripts Extending the SSL Tunnel Port Range for Web Access to Alternate SSL Ports Avoiding Looping Back through the ISA Firewall for Internal Resources Anonymous Requests Appear in Log File Even When Authentication is Enforced For Web (HTTP Connections) Blocking MSN Messenger using an Access Rule Allowing Outbound Access to MSN Messenger via Web Proxy Changes to ISA Firewall Policy Only Affects New Connections Configure the Routing Table on the Upstream Router Configure the Network Adaptors Install the ISA Server 2004 Firewall Software Install and Configure the IIS WWW and SMTP Services on the DMZ Server Create the DMZ Network Create the Network Rules Between the DMZ and External Network and for the DMZ and Internal Network Create Server Publishing Rule Allowing DNS from DMZ to Internal Create an Access Rule Allowing DNS from Internal to External Create an Access Rule Allowing DNS from Internal to External Create an Access Rule Allow HTTP from External to DMZ Create an Access Rule Allowing SMTP from External to DMZ Test the Access Rules from External to DMZ Test the DNS Rule from the DMZ to the Internal Network Change the Access Rule Allowing External to DMZ by Disabling the Web Proxy Filter Allowing Intradomain Communications through the ISA Firewall Solutions Fast Track Configuring Access Rules for Outbound Access through the ISA Firewall Using Scripts to Populate Domain Name Sets Creating and Configuring a Public Address Trihomed DMZ Network Frequently Asked Questions Chapter 8: Publishing Network Services with ISA 2004 Firewalls Overview of Web Publishing and Server Publishing Web Publishing Rules Server Publishing Rules The Select Rule Action Page The Define Website to Publish Page The Public Name Details Page The Select Web Listener Page and Creating an HTTP Web Listener The User Sets Page The Web Publishing Rule Properties Dialog Box Creating and Configuring SSL Web Publishing Rules SSL Bridging Importing Web Site Certificates into The ISA Firewall's Machine Certificate Store Requesting a User Certificate for the ISA Firewall to Present to SSL Web Sites Creating an SSL Web Publishing Rule Creating Server Publishing Rules The Server Publishing Rule Properties Dialog Box Server Publishing HTTP Sites Creating Mail Server Publishing Rules The Web Client Access: Outlook Web Access (OWA), Outlook Mobile Access, Exchange Server ActiveSync Option The Client Access: RPC, IMAP, POP3, SMTP Option Summary Solutions Fast Track Overview of Web Publishing and Server Publishing Creating and Configuring Non-SSL Web Publishing Rules Creating and Configuring SSL Web Publishing Rules Frequently Asked Questions Chapter 9: Creating Remote Access and Site-to-Site VPNs with ISA Firewalls Overview of ISA Firewall VPN Networking Firewall Policy Applied to VPN Client Connections Firewall Policy Applied to VPN Site-to-Site Connections VPN Quarantine User Mapping of VPN Clients SecureNAT Client Support for VPN Connections Site-to-Site VPN Using Tunnel Mode IPSec Publishing PPTP VPN Servers Pre-shared Key Support for IPSec VPN Connections Advanced Name Server Assignment for VPN Clients Monitoring of VPN Client Connections Creating a Remote Access PPTP VPN Server Enable the VPN Server Create an Access Rule Allowing VPN Clients Access to Allowed Resources Enable Dial-in Access Test the PPTP VPN Connection Issue Certificates to the ISA Firewall and VPN Clients Test the L2TP/IPSec VPN Connection Monitor VPN Clients Using a Pre-shared Key for VPN Client Remote Access Connections Creating a PPTP Site-to-Site VPN Create the Remote Site Network at the Main Office Create the Network Rule at the Main Office Create the Access Rules at the Main Office Create the VPN Gateway Dial-in Account at the Main Office Create the Remote Site Network at the Branch Office Create the Network Rule at the Branch Office Create the Access Rules at the Branch Office Create the VPN Gateway Dial-in Account at the Branch Office Activate the Site-to-Site Links Enable the System Policy Rule on the Main Office Firewall to Access the Enterprise CA Request and install a Web Site Certificate for the Main Office Firewall Configure the Main Office ISA Firewall to Use L2TP/IPSec for the Site-to-Site Link Enable the System Policy Rule on the Branch Office Firewall to Access the Enterprise CA Request and Install a Web Site Certificate for the Branch Office Firewall Configure the Main Office ISA Firewall to Use L2TP/IPSec for the Site-to-Site Link Activate the L2TP/IPSec Site-to-Site VPN Connection Configuring Pre-shared Keys for Site-to-Site L2TP/IPSec VPN Links IPSec Tunnel Mode Site-to-Site VPNs with Downlevel VPN Gateways Using RADIUS for VPN Authentication and Remote Access Policy Configure the Internet Authentication Services (RADIUS) Server Create a VPN Clients Remote Access Policy Remote Access Permissions and Domain Functional Level Changing the User Account Dial-in Permissions Changing the Domain Functional Level Controlling Remote Access Permission via Remote Access Policy Enable the VPN Server on the ISA Firewall and Configure RADIUS Support Create an Access Rule Allowing VPN Clients Access to Approved Resources Make the Connection from a PPTP VPN Client Using EAP User Certificate Authentication for Remote Access VPNs Configuring the ISA Firewall Software to Support EAP Authentication Enabling User Mapping for EAP Authenticated Users Issuing a User Certificate to the Remote Access VPN Client Machine Supporting Outbound VPN Connections through the ISA Firewall Installing and Configuring the DHCP Server and DHCP Relay Agent on the ISA Firewall Creating a Site-to-Site VPN Between an ISA Server 2000 and ISA Firewall Run the Local VPN Wizard on the ISA Server 2000 firewall Change the Password for the Remote VPN User Account Change the Credentials the ISA Server 2000 Firewall uses for the Demand-dial Connection to the Main Office Change the ISA Server 2000 VPN Gateway's Demand-dial Interface Idle Properties Create a Static Address Pool for VPN Clients and Gateways Run the Remote Site Wizard on the Main Office ISA firewall Create a Network Rule that Defines the Route Relationship Between the Main and Branch Office Create Access Rules Allowing Traffic from the Main Office to the Branch Office Create the User Account for the Remote VPN Router Test the connection A Note on VPN Quarantine Summary Solutions Fast Track Overview of ISA Firewall VPN Networking Creating a Remote Access PPTP VPN Server Creating a Remote Access L2TP/IPSec Server Frequently Asked Questions Chapter 10: ISA 2004 Stateful Inspection and Application Layer Filtering Introduction Application Filters The SMTP Filter and Message Screener The DNS Filter The POP Intrusion Detection Filter The SOCKS V4 Filter The FTP Access Filter The H.323 Filter The MMS Filter The PNM Filter The PPTP Filter The RPC Filter The RTSP Filter Web Filters The HTTP Security Filter (HTTP Filter) The ISA Server Link Translator The Web Proxy Filter The SecurID Filter The OWA Forms-based Authentication Filter The RADIUS Authentication Filter IP Filtering and Intrusion Detection/Intrusion Prevention Common Attacks Detection and Prevention DNS Attacks Detection and Prevention IP Options and IP Fragment Filtering Summary Solutions Fast Track Application Layer Filters Web Filters Intrusion Detection and Prevention Frequently Asked Questions Chapter 11: Accelerating Web Performance with ISA 2004 Caching Capabilities Understanding Caching Concepts Web Caching Types Web Caching Architectures Web Caching Protocols Understanding ISA Server 2004's Web Caching Capabilities Using the Caching Feature Understanding Cache Rules Understanding the Content Download Feature Configuring ISA Server 2004 as a Caching Server Enabling and Configuring Caching How to Configure Caching Properties Creating Cache Rules Configuring Content Downloads Summary Fast Track Frequently Asked Questions Chapter 12: Using ISA Server 2004's Monitoring, Logging, and Reporting Tools Introduction Exploring the ISA Server 2004 Dashboard Dashboard Sections Configuring and Customizing the Dashboard Creating and Configuring ISA Server 2004 Alerts Alert-triggering Events Viewing the Predefined Alerts Creating a New Alert Modifying Alerts Viewing Triggered Alerts Monitoring ISA Server 2004 Connectivity, Sessions, and Services Configuring and Monitoring Connectivity Monitoring Sessions Monitoring Services Working with ISA Server 2004 Logs and Reports Understanding ISA Server 2004 Logs Generating, Viewing, and Publishing Reports with ISA Server 2004 Using ISA Server 2004's Performance Monitor Solutions Fast Track Exploring the ISA Server 2004 Dashboard Creating and Configuring ISA Server 2004 Alerts Monitoring ISA Server 2004 Sessions and Services Working with ISA Server 2004 Logs and Reports 1Using ISA Server 2004's Performance Monitor Frequently Asked Questions Appendix: Network Security Basics Introduction Security Overview Defining Basic Security Concepts Knowledge is Power Think Like a Thief Security Terminology Addressing Security Objectives Controlling Physical Access Preventing Accidental Compromise of Data Preventing Intentional Internal Security Breaches Preventing Unauthorized External Intrusions Recognizing Network Security Threats Understanding Intruder Motivations Classifying Specific Types of Attacks Designing a Comprehensive Security Plan Evaluating Security Needs Understanding Security Ratings Legal Considerations Designating Responsibility for Network Security Designing the Corporate Security Policy Educating Network Users on Security Issues Incorporating ISA Server in your Security Plan ISA Server Intrusion Detection Implementing a System Hardening Plan with ISA Summary Index Numbers Index A Index B Index C Index D Index E Index F Index G Index H Index I Index J Index K Index L Index M Index N Index O Index P Index Q Index R Index S Index T Index U Index V Index W Index Z List of Figures List of Tables List of Sidebars

توضیحات
افزودن یادداشت جدید




List of Figures

Chapter 1: Evolution of a Firewall: From Proxy 1.0 to ISA 2004

Figure 1.1: Three Layers of Filtering with OSI Networking

Figure 1.2: Distributed Caching Uses Multiple Servers at the Same Level of the Network.

Figure 1.3: Hierarchical Caching Uses Multiple Web Proxy Servers at Different Levels

Figure 1.4: Hybrid Caching Combines Distributed and Hierarchical Caching Methods

Figure 1.5: Ring 1 represents the Internet edge

Figure 1.6: The Backbone Edge

Figure 1.7: The Asset Network Edge

Figure 1.8: Host-based Security Ring

Chapter 2: Examining the ISA Server 2004 Feature Set

Figure 2.1: The ISA 2000 Interface - A Simple MMC

Figure 2.2: The ISA Server 2004 Management GUI - A Handy Three-part Tabbed Interface

Figure 2.3: The ISA Server 2003 Getting Started Guide - Installation Instructions and a Features Walk-through

Figure 2.4: Selecting the ISA Server Name - Left Pane Displays Getting Started Page

Figure 2.5: The Dashboard - A Big Picture View of All Monitoring Areas at One Glance

Figure 2.6: The Alerts Tab Notifies You of Significant Events That Occur on the ISA Server

Figure 2.7: Using the Sessions Tab -View Information About Who Has Connected Through the ISA Server Firewall

Figure 2.8: The Services Tab - Stop and Start ISA-related Services

Figure 2.9: The Reports Tab - Generate Reports from the Logs

Figure 2.10: The Connectivity Tab - Monitor Connectivity Status Between the ISA Server and a Specific Computer or URL

Figure 2.11: The Logging Tab - Filter and Query Data in the ISA Log Files

Figure 2.12: Firewall Policy - Configure Rules

Figure 2.13: New Access Wizard - Create New Access and Publishing Rules

Figure 2.14: Virtual Private Networks Node to Configure VPNs

Figure 2.15: The Networks Tab - Configure Networks, Network Sets, Network Rules and Web Chaining

Figure 2.16: The Cache Subnode - Configure or Disable Caching on your ISA Server

Figure 2.17: The Add-ins Node - Configure Application and Web Filters

Figure 2.18: The General subnode is used for general administrative and advanced security tasks

Figure 2.19: You can connect to multiple ISA Server firewalls simultaneously with the management console

Figure 2.20: Use Connect To Dialog Box to Add Remote ISA Server to Management Console

Figure 2.21: Use System Policy Editor to Configure Remote Management Computers

Figure 2.22: Add A Computer, Address Range or Subnet to List of Remote Management Computers

Figure 2.23: With Terminal Services or the RDC Client, the ISA Servers Desktop Appears in the Desktop Window

Figure 2.24: Third-Party Vendors Provide Web Interfaces for ISA-based Firewall Appliances

Figure 2.25: ISA Server 2004 Makes it Easy to Create New Protocol Definitions

Figure 2.26: ISA Server 2004 - Providing Great Flexibility in Defining Network Objects

Figure 2.27: Changing the Order in which Access and Publishing Rules are Processed

Figure 2.28: ISA 2004 Wizard for Publishing SSL Web Sites

Figure 2.29: Cache Rules in ISA 2000

Figure 2.30: Creating A Cache Rule in ISA Server 2004

Figure 2.31: ISA Server 2004 - You can Select Not to Cache SSL Content

Figure 2.32: Monitor Logs in Real Time with ISA Server 2004

Figure 2.33: The Sessions Feature - View All Active Connections Through the Firewall

Figure 2.34: Configure Filters to Limit Query Results

Figure 2.35: With ISA Server 2004, You Can Change the Time when the Log Summaries are Generated

Chapter 4: ISA 2004 Network Concepts and Preparing the Network Infrastructure

Figure 4.1: Ring 1: Internet Edge

Figure 4.2: Ring 2: The Backbone Edge

Figure 4.3: Ring 3 at the Asset Network Edge

Figure 4.4: Ring 4: Host-based Security

Figure 4.5: Backbone and Asset Network

Figure 4.6: DMZ Firewall Segment

Figure 4.7: Lab Network Details

Figure 4.8: VMware Workstation Window

Figure 4.9: Guest Operating System Page

Figure 4.10: Name the Virtual Machine Page

Figure 4.11: Memory for the Virtual Machine Page

Figure 4.12: Network Type Page

Figure 4.13: Specify Disk Capacity Page

Figure 4.14: Hardware Type Page

Figure 4.15: The Hardware Type page

Figure 4.16: Selecting an .iso image

Figure 4.17: Starting the Virtual Machine

Figure 4.18: Entering IP Addressing Information

Figure 4.19: Entering IP Addressing Information

Figure 4.20: Entering a WINS Server Address

Figure 4.21: Entering IP Addressing Information

Figure 4.22: ISA Firewall Multinetworking

Figure 4.23: Configuring a Web Proxy Listener on the Local Host Network

Figure 4.24: Defining the Internal Network Addresses

Figure 4.25: Adding Private Network Addresses

Figure 4.26: Adding Addresses via the Routing Table

Figure 4.27: Entering an Address Range

Figure 4.28: Entering Local Domains

Figure 4.29: Domain Extending Across Internal Networks

Figure 4.30: Configuring Domains for Web Proxy Direct Access

Figure 4.31: The Web Proxy tab

Figure 4.32: Defining the Network Type

Figure 4.33: Selecting a Network Adapter

Figure 4.34: The New Network Appears in the List of Networks

Figure 4.35: Defining a Route Relationship

Figure 4.36: Defining Network Sets

Figure 4.37: Creating a New Network Set

Figure 4.38: Creating a New Computer Object

Figure 4.39: Creating a New Address Range Network Object

Figure 4.40: Creating a new Subnet Network Object

Figure 4.41: Creating a New Network Set Network Object

Figure 4.42: Creating a new URL Set Network Object

Figure 4.43: Creating a New Domain Name Set Network Object

Figure 4.44: Viewing the New Domain Name Set

Figure 4.45: Defining the IP addresses

Figure 4.46: Selecting the Network Adapter

Figure 4.47: Route Relationships in a Network behind a Network

Figure 4.48: Network Diagram for Back Firewall Template

Figure 4.49: Network Diagram for Edge Firewall Template

Figure 4.50: Selecting a Firewall Policy

Figure 4.51: Defining the IP addresses

Figure 4.52: Network Monitor Trace of DHCP Conversation

Figure 4.53: Selecting the VPN protocol

Figure 4.54: Back-end Network within a Network

Figure 4.55: A SecureNAT Client Connecting to a Network within a Network

Figure 4.56: Firewall Client Paths through Local and non-Local Networks

Figure 4.57: Log Files Showing Firewall Client and SecureNAT Client Connections

Figure 4.58: Using an Alternate Default Gateway Address for On Subnet Hosts

Figure 4.59: WebProxyChaining.vsd

Figure 4.60: A Web-cached Array Configured for an Organization

Figure 4.61: Configuring the Request Action

Figure 4.62: Routing to the Upstream Web Proxy

Figure 4.63: Setting Credentials

Chapter 5: ISA 2004 Client Types and Automating Client Provisioning

Figure 5.1: SecureNAT Simple Network Scenario

Figure 5.2: SecureNAT Complex Network Scenario

Figure 5.3: FTP Standard Mode Client/Server Communications

Figure 5.4: SecureNAT Loop Back

Figure 5.5: A Split DNS Solves the SecureNAT Paradox

Figure 5.6: Firewall Name Resolution Sequence

Figure 5.7: Firewall Client Connections to the ISA 2004 Firewall are Independent of the Default Gateway Configurations on Interposed Routers

Figure 5.8: Installing the Firewall Client Installation Files

Figure 5.9: Firewall Client Icon

Figure 5.10: The Internal Network Properties Dialog Box

Figure 5.11: The Domains Tab

Figure 5.12: The Domain Properties Dialog Box

Figure 5.13: The Firewall Client Configuration Dialog box

Figure 5.14: The Detecting ISA Server Dialog Box

Figure 5.15: The Detecting ISA Server Dialog Box

Figure 5.16: Firewall Client Packet Traces

Figure 5.17: Firewall Client Configuration Files

Figure 5.18: The Define Firewall Client Settings link

Figure 5.19: The Firewall Client Settings Dialog Box

Figure 5.20: Apply Changes to Firewall Configuration

Figure 5.21: The Authentication Dialog Box

Figure 5.22: The Authentication Dialog Box.

Figure 5.23: The Add RADIUS Server Dialog Box.

Figure 5.24: The Connections to other Access Servers Properties Dialog Box

Figure 5.25: Advanced Settings

Figure 5.26: Locating the Authorize Command

Figure 5.27: Configuring the DHCP Scope IP Address Range

Figure 5.28: Configuring the Default Domain Name for DHCP Clients

Figure 5.29: Viewing the Scope Options

Figure 5.30: Selecting the Set Predefined Options Command

Figure 5.31: The Predefined Options and ValuesDialog Box

Figure 5.32: The Option Type Dialog Box

Figure 5.33: Predefined Options and Values Dialog Box

Figure 5.34: The Scope Options Dialog Box

Figure 5.35: Accessing the Internal Network Properties Dialog Box

Figure 5.36: Viewing the DHCPINFORM Request

Figure 5.37: Viewing the contents of the DHCPINFORM request

Figure 5.38: Viewing the WPAD DNS Query

Figure 5.39: Selecting the New Alias (CNAME) Command

Figure 5.40: The New Resource Record Dialog Box

Figure 5.41: New Resource Dialog Box

Figure 5.42: Viewing the DNS WPAD Alias

Figure 5.43: The Identification Changes Dialog Box

Figure 5.44: The DNS Suffix and NetBIOS Computer Name Dialog Box

Figure 5.45: Viewing Scope Options

Figure 5.46: DHCP client configuration

Figure 5.47: Accessing the Internal Network Properties Dialog Box

Figure 5.48: Viewing DNS wpad Query Requests

Figure 5.49: Viewing the Details of a DNS wpad Query Request

Figure 5.50: Internal Properties Dialog Box.

Figure 5.51: Web Browser Tab on the Internal Properties Dialog Box

Figure 5.52: The Add Server Dialog Box

Figure 5.53: Entering the Installer Path

Figure 5.54: Choosing the Assigned Option

Figure 5.55: Managed Software

Figure 5.56: Logging On

Chapter 6: Installing and Configuring the ISA Firewall Software

Figure 6.1: Network within a Network

Figure 6.2: The Miracle of the Split-DNS Infrastructure

Figure 6.3: The Advanced Settings Dialog Box

Figure 6.4: The Setup Type Page

Figure 6.5: The Custom Setup Page

Figure 6.6: The Internal Network Address Page

Figure 6.7: The Select Network Adapter Page

Figure 6.8: Warning Dialog Box Reminding You that the Routing Table must be Properly Configured

Figure 6.9: Internal Network Address Ranges

Figure 6.10: The Firewall Client Connection Settings Page

Figure 6.11: Warning Dialog Box regarding a Potential System Restart

Figure 6.12: The ISA Firewalls System Policy Editor

Figure 6.13: The Internal Network Definition on the Unihomed ISA Firewall

Figure 6.14: The Physical Relationships between the ISA Server 2004 Firewall and the Internal and External Networks.

Figure 6.15: The Advanced Settings Dialog Box

Figure 6.16: The Forwarders Tab

Figure 6.17: The Reverse Lookup Zone Name Page

Figure 6.18: The Zone File Page

Figure 6.19: The Forwarders Tab

Figure 6.20: Disabling Recursion

Figure 6.21: The Networking Services Dialog Box

Figure 6.22: The Custom Setup Page

Figure 6.23: The Select Network Adapter Page

Figure 6.24: The Add Protocols Dialog Box

Figure 6.25: The Protocols Page

Figure 6.26: Selecting the Computer Command

Figure 6.27: Selecting the New Computer Object

Figure 6.28: The Resulting Firewall Policy

Figure 6.29: The Internet Protocol (TCP/IP) Properties Dialog Box

Figure 6.30: DNS Queries in Network Monitor Trace

Figure 6.31: DNS Domains Cached by the Caching-only DNS Server on the ISA Firewall

Figure 6.32: The Connection Limits Dialog Box

Figure 6.33: Registry Key for DHCP Attack Prevention

Figure 6.34: Network Monitor Capture of a DHCP Offer Packet

Figure 6.35: An Invalid DHCP Offer Alert

Figure 6.36: The Renew DHCP Addresses Warning

Chapter 7: Creating and Using ISA 2004 Firewall Access Policy

Figure 7.1: the Rule Action page

Figure 7.2: The Protocols page

Figure 7.3: the Add Protocols dialog box

Figure 7.4: the Add Network Entities dialog box

Figure 7.5: The User Sets page

Figure 7.6: The Action tab

Figure 7.7: The Protocols tab

Figure 7.8: the Source Ports dialog box

Figure 7.9: The From tab

Figure 7.10: The To Tab

Figure 7.11: The Users tab

Figure 7.12: The Schedule tab

Figure 7.13: The Content Types tab

Figure 7.14: The Configure RPC Protocol Policy Dialog Box

Figure 7.15: The Configures FTP Protocol Policy Dialog Box

Figure 7.16: The New URL Set Rule Element dialog box

Figure 7.17: The URL Sets list

Figure 7.18: The New Domain Set Policy Element dialog box

Figure 7.19: the Domain Name Sets list

Figure 7.20: Saving the information

Figure 7.21: Finishing the procedure

Figure 7.22: URL Set entries

Figure 7.23: Domain Name Set Properties

Figure 7.24: Help information for the isa_tpr.js script

Figure 7.25: Running the isa_tpr.js script to add a port to the SSL tunnel port range

Figure 7.26: Using Steven Soekrasnos .NET Tunnel Port Range extension application

Figure 7.27: A 407 response is returned to the Web proxy client

Figure 7.28: Firewall Policy to block MSN Messenger

Figure 7.29: The Signature dialog box

Figure 7.30: Log file entries showing the HTTP Security Filter blocking the MSN Messenger connection

Figure 7.31: The sample public address DMZ segment

Figure 7.32: Public access network allows for NAT hiding

Figure 7.33: New Network Wizard

Figure 7.34: The Select Network Adapters dialog box

Figure 7.35: the New Server Publishing Rule Wizard

Figure 7.36: Selecting IP addresses that will listen for requests

Figure 7.37: The New Computer Rule Element

Figure 7.38: The New Access Rule Wizard

Figure 7.39: The Firewall Policy

Figure 7.40: Commands supported by the SMTP server

Figure 7.41: Results of nslookup command

Figure 7.42: Log monitor entries

Figure 7.43: Basic network configuration for trihomed DMZ

Figure 7.44: Configuring the Network Relationship

Figure 7.45: Creating a new Protocol Definitions

Figure 7.46: Configure the Primary Connection for the Protocol Definition

Figure 7.47: Firewall Policy

Figure 7.48: Log file entries showing communications between member server and domain controller

Chapter 8: Publishing Network Services with ISA 2004 Firewalls

Figure 8.1: The Select Rule Action Page

Figure 8.2: The Define Website to Publish Page

Figure 8.3: HTTP Headers Seen on the External Interface of the ISA Firewall

Figure 8.4: HTTP Headers Seen on the Published Web Server when Original Host Header is not Forwarded

Figure 8.5: HTTP Headers Seen on the Published Web Server when Forwarding the Original Host Header

Figure 8.6: The Public Name Details Page

Figure 8.7: The IP Addresses Page

Figure 8.8: The External Network Listener IP Selection Dialog Box

Figure 8.9: The Port Specification Page

Figure 8.10: The Preferences Tab

Figure 8.11: The Authentication Dialog Box

Figure 8.12: Tthe Advanced Settings Dialog Box

Figure 8.13: The User Sets Page

Figure 8.14: The General Tab.

Figure 8.15: The Action Tab

Figure 8.16: The From Tab

Figure 8.17: The To Tab

Figure 8.18: The Traffic Tab

Figure 8.19: The Listener Tab

Figure 8.20: The Public Name Tab

Figure 8.21: The Paths Tab

Figure 8.22: The Path Mapping Dialog Box

Figure 8.23: Redirecting to the Web Root Using a Path

Figure 8.24: Mapping the OWA Web Site Root to the Exchange Folder

Figure 8.25: The Bridging Tab

Figure 8.26: The Users Tab

Figure 8.27: The Schedule Tab

Figure 8.28: The Link Translation Tab

Figure 8.29: SSL-to-SSL bridging

Figure 8.30: The Publishing Mode Page

Figure 8.31: The Select Rule Action Page

Figure 8.32: The Bridging Mode Page

Figure 8.33: The Define Website to Publish Page

Figure 8.34: The Public Name Details Page

Figure 8.35: The Select Web Listener Page

Figure 8.36: The IP Addresses Page

Figure 8.37: The External Network Listener IP Selection Page

Figure 8.38: The Port Specification Page

Figure 8.39: The Select Certificate Dialog Box

Figure 8.40: The Certificate Appears on the Port Specification Page

Figure 8.41: The Select Web Listener Page

Figure 8.42: The Select Protocol Page

Figure 8.43: The General Tab

Figure 8.44: The Action Tab

Figure 8.45: The Traffic Tab

Figure 8.46: The From Tab

Figure 8.47: The To Tab

Figure 8.48: The Networks Tab

Figure 8.49: The Schedule Tab

Figure 8.50: The New/Edit Protocol Connection dialog box

Figure 8.51: The new HTTP Server Protocol Definition

Figure 8.52: The Select Access Type Page

Figure 8.53: The Select Services Page

Figure 8.54: The Specify the Web Mail Server page

Figure 8.55: The Public Name Details Page

Figure 8.56: The Select Services Page

Figure 8.57: Firewall Policy after Running the Mail Server Publishing Wizard

Figure 8.58: The Configure Exchange RPC Policy Dialog Box

Chapter 9: Creating Remote Access and Site-to-Site VPNs with ISA Firewalls

Figure 9.1: The Enable VPN Client Access link

Figure 9.2: The General Tab

Figure 9.3: The Groups Tab

Figure 9.4: The Protocols Tab

Figure 9.5: The User Mapping tab

Figure 9.6: Select and Configure Access Networks Options

Figure 9.7: The Address Assignment Tab

Figure 9.8: A Network Warning Dialog Box.

Figure 9.9: The Name Resolution Dialog Box

Figure 9.10: The Authentication Tab

Figure 9.11: Virtual Private Networks Properties

Figure 9.12: The Add Network Entities Dialog Box

Figure 9.13: VPN Client Policy

Figure 9.14: The account dial-in tab

Figure 9.15: Controlling permission via Remote Access Policy

Figure 9.16: The Groups Tab

Figure 9.17: Details of PPTP connection

Figure 9.18: L2TP/IPSec Connection Details

Figure 9.19: The Monitor VPN Clients Link

Figure 9.20: The ISA Firewall Dashboard

Figure 9.21: Log File Entries for the VPN Client Connection

Figure 9.22: The Authentication Tab

Figure 9.23: Enter a pre-shared key on the L2TP/IPSec client

Figure 9.24: Viewing IPSec Information in the IPSec MMC

Figure 9.25: Selecting the VPN Protocol

Figure 9.26: Setting Dial-in Credentials

Figure 9.27: Configuring the IP Address Range for the Remote Site Network

Figure 9.28: The Network Relationship Page

Figure 9.29: The Protocols page

Figure 9.30: The Resulting Firewall Policy

Figure 9.31: Demand Dial Interface Configuration on Local and Remote Sites

Figure 9.32: Configure Dial-in Credentials

Figure 9.33: The New Network Rule

Figure 9.34: The Resulting Firewall Policy

Figure 9.35: Restarting the Routing and Remote Access Service

Figure 9.36: The Dial-in Tab

Figure 9.37: Configuring System Policy

Figure 9.38: The Show/Hide System Policy Rules Button

Figure 9.39: The Advanced Certificate Request Page

Figure 9.40: The Store Certificate in the Local Computer Certificate Store Option

Figure 9.41: The Certificate Path Tab

Figure 9.42: Configuring System Policy

Figure 9.43: Adding the Application Name column

Figure 9.44: Viewing the L2TP/IPSec

Figure 9.45: Configuring the Shared Secret

Figure 9.46: The Authentication Method Page

Figure 9.47: The Smart Card or other Certificate Properties Dialog Box

Figure 9.48: The Policy Encrypted Level

Figure 9.49: Changing the Dial-in Permissions

Figure 9.50: The Raise Domain Functional Level

Figure 9.51: Controlling Access via Remote Access Policy

Figure 9.52: Remote Access Policy Properties

Figure 9.53: Enabling the VPN Protocols

Figure 9.54

Figure 9.55: The Add RADIUS Server Dialog Box

Figure 9.56: RADIUS Server Dialog Box

Figure 9.57: The resulting firewall policy

Figure 9.58: Event Viewer Entry

Figure 9.59: Log-On Request Details

Figure 9.60: Log File Entries for VPN RADIUS Authentication

Figure 9.61: VPN Session Appears in Sessions Section

Figure 9.62: RADIUS Messages in Network Monitor Trace

Figure 9.63: Setting EAP Authentication

Figure 9.64: Warning about User Mapping and EAP

Figure 9.65: Enabling User Mapping for EAP Authentication

Figure 9.66: The Security Tab

Figure 9.67: Enabling EAP Authentication

Figure 9.68: The Smart Card or other Certificate Properties Dialog Box

Figure 9.69: Selecting the User Certificate for EAP User Authentication

Figure 9.70

Figure 9.71: The ISA Virtual Private Network (VPN) Identification page

Figure 9.72: The Two-way Communication Page

Figure 9.73: The Options tab on the Demand-dial Interfaces Properties Dialog Box.

Figure 9.74: The Remote Authentication Page

Figure 9.75: The Network Relationship Page

Figure 9.76: The Resulting Firewall Policy

Figure 9.77: Log File Entries from Ping and SMTP Connections

Figure 9.78: Warning Regarding VPN Quarantine and VPN Client Access

Figure 9.79: The Quarantine Tab on the Quarantined VPN Client Properties Page

Chapter 10: ISA 2004 Stateful Inspection and Application Layer Filtering

Figure 10.1: The Custom Setup Dialog Box

Figure 10.2: The System Policy Editor

Figure 10.3: The Message Screener Credentials Dialog Box

Figure 10.4: The SMTP Filter

Figure 10.5: The SMTP Filter Properties Dialog Box

Figure 10.6: The User / Domains Tab

Figure 10.7: The Mail Attachment Rule Dialog Box

Figure 10.8: The Mail Attachment Rule Dialog Box

Figure 10.9: The SMTP Commands Tab

Figure 10.10: The Log Tab

Figure 10.11: The Options Dialog Box

Figure 10.12: The DNS Attacks Tab

Figure 10.13: The SOCKS V4 Filter Properties Dialog Box

Figure 10.14: The Call Control Tab

Figure 10.15: The Networks Tab

Figure 10.16: The General Tab

Figure 10.17: The Methods Tab

Figure 10.18: The Methods Dialog Box

Figure 10.19: The Extensions Tab

Figure 10.20: The Extensions Dialog Box

Figure 10.21: The Headers Tab

Figure 10.22: The Header Dialog Box

Figure 10.23: The Server Header Option

Figure 10.24: The Via Header

Figure 10.25: The Signatures Tab

Figure 10.26: Example Signatures

Figure 10.27: Log File Entries Showing the HTTP Security Filter Blocking a Connection

Figure 10.28: Successful Import Dialog Box

Figure 10.29: Successful Import Dialog Box

Figure 10.30: The Display Filter Dialog Box

Figure 10.31: The Expression Dialog Box

Figure 10.32: The Network Monitor Display Window

Figure 10.33: The Signature Dialog Box

Figure 10.34: Network Monitor Display Showing Kazaa Request Headers

Figure 10.35: Add/Edit Dictionary Text Box

Figure 10.36: Link Translation Tab in Web Publishing Rule Properties

Figure 10.37: The HTTP Properties Dialog Box

Figure 10.38: The HTTP Properties Dialog Box and RSA SecurID Tab

Figure 10.39: The Manage Domain Configuration Dialog Box

Figure 10.40: The OWA Forms-Based Authentication Dialog Box

Figure 10.41: The Common Attacks Tab

Figure 10.42: TCP Uses a Three-Way Handshake to Establish a Connection between Client and Server

Figure 10.43: The DNS Attacks Tab

Figure 10.44: The IP Options Tab

Figure 10.45: The IP Fragments Tab

Figure 10.46: The IP Fragment Filter Warning Dialog Box

Chapter 11: Accelerating Web Performance with ISA 2004 Caching Capabilities

Figure 11.1: How Distributed Caching Works

Figure 11.2: How Hierarchical Caching Works

Figure 11.3: A Hybrid Caching Architecture

Figure 11.4: Setting Maximum Cache Size

Figure 11.5: Configuring Which Content to Cache

Figure 11.6: Creating a New Cache Rule with the Wizard

Figure 11.7: Selecting Destinations to which the Cache Rule will Apply

Figure 11.8: Configuring When to Store Content in Cache

Figure 11.9: Limiting the Size of Objects to be Cached and Caching SSL Responses

Figure 11.10: Enabling HTTP Caching and Setting TTL Configuration

Figure 11.11: Enabling FTP Caching and Setting the TTL Configuration

Figure 11.12: Modifying an Existing Cache Rule

Figure 11.13: Configuring Exceptions to the Destination Network Entities

Figure 11.14: Successfully exporting cache rules to an XML file

Figure 11.15: Selecting an Import File

Figure 11.16: Making Configuration Changes Automatically

Figure 11.17: Enabling Web Proxy Clients

Figure 11.18: Enabling the System Policy Configuration Group

Figure 11.19: Starting or Stopping the Job Scheduler Service from the ISA Console

Figure 11.20: Starting or Stopping the Job Scheduler Service from the Computer Management Console

Figure 11.21: Specifying Content Download Details

Figure 11.22: Configuring Content Caching

Figure 11.23: The New Job Appears in the Content Download Jobs List

Figure 11.24: Modifying the Job Schedule

Chapter 12: Using ISA Server 2004s Monitoring, Logging, and Reporting Tools

Figure 12.1: The Dashboard on an ISA Server 2004 Standard Edition Computer

Figure 12.2: Rolling up Dashboard sections

Figure 12.3: Default Connectivity Status Prior to Creating Connectivity Verifiers

Figure 12.4: Connectivity Status Shown After Creation of Connectivity Verifier

Figure 12.5: The Services Section of the ISA Server 2004 Dashboard

Figure 12.6: The Reports Section of the ISA Server 2004 Dashboard

Figure 12.7: Event Viewer Logs Show the Firewall Service Events Displayed on the Dashboard

Figure 12.8: The Sessions section of the ISA Server 2004 Dashboard (Standard Edition)

Figure 12.9: The System Performance Section of the ISA Server 2004 Dashboard

Figure 12.10: ISA Server Performance Monitor with Default Counters

Figure 12.11: The Alerts Properties Dialog Box

Figure 12.12: The New Alert Configuration Wizard

Figure 12.13: Selecting Events and Conditions to Trigger an Alert

Figure 12.14: Assigning a Category and Selecting a Severity Level for your New Alert

Figure 12.15: Defining Actions to be Performed when the Alert is Triggered

Figure 12.16: Sending E-Mail Notification Messages

Figure 12.17: Running a Program when an Alert is Triggered

Figure 12.18: Stopping or Starting a Service when an Alert is Triggered

Figure 12.19: Completing the New Alert Wizard

Figure 12.20: New Alerts Show Up in the Alerts Definitions Window

Figure 12.21: Modifying an Alert to Specify Time Thresholds

Figure 12.22: Viewing Alerts that have been Triggered

Figure 12.23: Event Viewer Application Log Entry Showing Information Displayed in Alerts Windows

Figure 12.24: Entering Connectivity Verification Details

Figure 12.25: Enabling a Rule to allow HTTP/HTTPS Requests

Figure 12.26: The New Connectivity Verifier

Figure 12.27: Modifying Properties of a Connectivity Verifier

Figure 12.28: Monitoring Connectivity from the Dashboard

Figure 12.29: Connectivity Problems Displayed on Dashboard

Figure 12.30: The Connectivity Tab Shows Which Server Has a Problem

Figure 12.31: Viewing Current Sessions

Figure 12.32: Setting Filter Criteria

Figure 12.33: Specifying Multiple Filtering Criteria

Figure 12.34: Result of Filtering

Figure 12.35: Stopping and Starting Services

Figure 12.36: Configuring Logging Separately

Figure 12.37: Configuring Log Storage Format

Figure 12.38: Configuring MSDE Database Logging

Figure 12.39: The Log Viewer with Default Filter

Figure 12.40: Editing a Log Filter

Figure 12.41: Saving Log Viewer Data by Copying to the Clipboard

Figure 12.42: The Reports Display

Figure 12.43: Configuring Report Content

Figure 12.44: Configuring Report Publishing

Figure 12.45: Generating the Report Upon Completion of the Wizard

Figure 12.46: Creating Report Jobs

Figure 12.47: Scheduling the Report Job

Figure 12.48: Editing the Report Job Properties

Figure 12.49: Configuring the Log Summary

Figure 12.50: Viewing Reports

/ 145