Presentation is loading. Please wait.

Presentation is loading. Please wait.

How To Protect Your Network Using ISA Server 邹方波 微软认证讲师 广州嘉为计算机网络教育中心.

Published byAbraham Hines Modified over 9 years ago

Similar presentations

Presentation on theme: "How To Protect Your Network Using ISA Server 邹方波 微软认证讲师 广州嘉为计算机网络教育中心."— Presentation transcript:

1 How To Protect Your Network Using ISA Server 邹方波 微软认证讲师 广州嘉为计算机网络教育中心

2 What We Will Cover The functionality of ISA Server 2000 Migrating to ISA Server 2000 How to configure ISA server for caching and proxying How to publish servers How to configure ISA to support Exchange 2000 Where to position ISA server in your environment

3 Session Prerequisites This session assumes that you have Knowledge of proxy server Knowledge of firewall software TCP/IP fundamentals This is a level 200 session

4 Agenda What is ISA Server 2000 Configuring caching Configuring the firewall Server publishing Applications filters Positioning ISA

5 What Is ISA Server 2000 Firewall and cache server ISA Server Editions ISA Server Standard Edition ISA Server Enterprise Edition

6 What Is ISA Server 2000 Comparing the Editions Standard EditionEnterprise Edition No array support Local policies only 4 CPU limit Limited Active Directory integration Unlimited hardware scalability Enterprise and array policies No CPU limit Full Active Directory integration

7 What Is ISA Server 2000 ISA requirements Processor 300 MHz or higher Pentium II compatible Operating System Microsoft Windows 2000 Server or Advanced Server with SP2 or higher Memory 256 MB of RAM Hard Disk 20 MB of available hard drive space An available NTFS partition 4-8 MB for each proxy client Other To implement the array and advanced configuration policies on the Enterprise edition you also need Windows Active Directory on the network

8 What Is ISA Server 2000 Migrating from Proxy 2.0 Proxy 2.0 on Windows NT ® 4.0 Stop Proxy services Upgrade to Windows ® 2000 Install Service Pack 2 Install ISA Server Proxy 2.0 on Windows 2000 Stop Proxy services Install Service Pack 2 Install ISA Server

9 What Is ISA Server 2000 What migrates? Settings that migrate Proxy server rules Network settings Monitoring configuration (alerts) Cache configuration Publishing Settings that do not migrate Old cache is deleted SOCKS rules

10 Agenda What is ISA Server 2000 Configuring caching Configuring the firewall Server publishing Applications filters Positioning ISA

11 Configuring Caching Business scenario ISA Clients Internet

12 Configuring Caching Allowing Internet access 4 simple steps Verify LAT Create a protocol access rule Turn on HTTP and FTP Caching* Define Proxy setting on all clients *enabled by default

13 Configuring Caching Cache expiration Frequently Cache is kept current, network performance may be degraded Normally Cache is somewhat current, network performance is considered Less frequently Cache is less current, network performance is not degraded Custom settings

14 Configuring Caching Active caching Enables ISA to fetch a new version of cached objects Frequently Cache is kept current, network performance is degraded Normally Network performance is considered when updating the cache Less Frequently Cache is less current, network performance is not degraded

15 Configuring Caching Advanced cache settings Allows control over what content is cached Size of objects to cache Dynamic content Maximum URL cached in memory Control what action to take with expired cache objects Return an error -or- Return expired object

16 Configuring Caching Adjusting cache size Properties of server Creates a.cdat file of equivalent size 4-8 MB for each client LONDON Properties Cache Drives LONDON OKCancelApply Set 100Maximum cache size (MB): Total disk space (MB):39064 Total maximum cache size (MB):100 DriveTypeDisk space…Free space…Cache Size… Specify the size of the cache

17 Demonstration 1 Configure Caching Enabling HTTP and FTP caching Examining cache configuration Allowing Internet access

18 Agenda What is ISA Server 2000 Configuring caching Configuring the firewall Server publishing Applications filters Positioning ISA

19 Configuring The Firewall Business scenario Internet ISA Clients ISA Clients

20 Configuring The Firewall The many sides of ISA Web proxy service Handles HTTP/HTTPS and FTP traffic Firewall service – Proxy Handles TCP and UDP protocols Firewall service – Routing All other protocols (ex., ICMP)

21 Configuring The Firewall Allowing network applications Protocol definitions Create a protocol rule Name the Rule Specify the Rule Action Select the Protocol(s) Select a Schedule Select a Client Type Start Finish

22 Demonstration 2 Protocol Rules Review protocol definitions Create a protocol rule Allow access to the MSN ® Messenger Service

23 Agenda What is ISA Server 2000 Configuring caching Configuring the firewall Server publishing Applications filters Positioning ISA

24 Server Publishing The many sides of ISA Web proxy service Handles HTTP/HTTPS and FTP traffic Firewall service – Proxy Handles TCP and UDP protocols Firewall service – Routing All other protocols (ex., ICMP)

25 Server Publishing Packet filtering Allows you to control which packets can pass through the firewall You can filter based on Source IP address and/or port Destination IP address and/or port IP options IP routing Routes packets from the internal network to the Internet Required for protocols other than TCP or UDP

26 Server Publishing What is it? Make internal servers available to the Internet ISA IIS SMTP Perimeter Network Internet

27 Server Publishing The steps Steps required Enable packet filtering and IP routing Configure listeners Create a destination set Create a server publishing rule

28 Server Publishing Listeners Listen for incoming HTTP and SSL requests Without listeners ISA discards all incoming requests Authentication Certificates Integrated Digest Basic (clear text)

29 Server Publishing Destination sets Specifies external client endpoints Redirect sections of your Web site Internet africa.internal.nwtraders.msft europe.internal.nwtraders.msft Internal Network ISA Server www.nwtraders.msft/europe Europe Africa www.nwtraders.msft/africa

30 Server Publishing Server publishing rules Redirect to an internal server Redirect to different ports Redirect HTTP to HTTPS Processing occurs top to bottom

31 Demonstration 3 Server Publishing Enable listeners Create a destination set Publish a Web Server

32 Agenda What is ISA Server 2000 Configuring caching Configuring the firewall Server publishing Applications filters Positioning ISA

33 Application Filters The many different types DNS intrusion detection filter FTP access filter H.323 filter HTTP redirector filter POP intrusion detection filter RPC filter SMTP filter SOCKS V4 filter Streaming media filter

34 Application Filters HTTP redirector filter Advantages Forwards HTTP requests to the Web Proxy service Clients do not have to configure their Web browser Site and content rules apply to firewall and SecureNAT clients Disadvantages User authentication is lost

35 Application Filters HTTP redirector filter options Redirect to local Web Proxy service If unavailable redirect to requested Web server Send to requested Web server Reject HTTP requests from firewall and SecureNAT clients

36 Application Filters SMTP filter Internet ISA Exchange

37 Application Filters Features Block specific SMTP commands Block SMTP buffer overflow attacks Filter mail based on keywords Block attachments such as.cmd Limit attachment size Block mail from certain users/domains

38 Application Filters How the SMTP Filter Operates Internet ISA Exchange

39 Application Filters Configuring the SMTP filter Requirements Install Internet Information Server 5.0 with SMTP service Forward all mail to internal mail server Install the Message Screener Run SMTPCred.exe* Publish the SMTP Server Configure and Enable the filter *If the SMTP Server is not on the same machine as the ISA server

40 Demonstration 4 SMTP Filter Installing the Message Screener Configuring the Message Screener

41 Agenda What is ISA Server 2000 Configuring caching Configuring the firewall Server publishing Applications filters Positioning ISA

42 Positioning ISA Scenarios Small network Branch office Publishing services

43 Positioning ISA Small network Single location Operating in integrated mode firewall/proxy ISA Clients

44 Positioning ISA Branch office(s) Multiple locations ISA Servers in an array Access rules managed centrally Clients ISA Clients ISA Branch Office Corporate Office

45 Positioning ISA Publishing services Secures published servers Secures the internal network Clients Internal Network ISA FTP Perimeter Network Internet IIS

46 Positioning ISA Publishing services 2 Secures published servers Offers maximum protection for internal network Clients Internal Network ISA IIS FTP Perimeter Network Internet ISA

47 Session Summary Simplified proxy setup Powerful firewall with easy administration Extensible

48 For More Information Refer to the TechNet Web site at www.microsoft.com/technetwww.microsoft.com/technet See Microsoft ® official curriculum at www.microsoft.com/train_cert www.microsoft.com/train_cert Course #2159 Deploying and Managing Microsoft Internet Security and Acceleration Server 2000

49 For More Information Microsoft’s ISA Server homepage http://www.microsoft.com/isa http://www.microsoft.com/isa ISA Server.org http://www.isaserver.org http://www.isaserver.org

50 Training Training resources for IT professionals Deploying and Managing Microsoft Internet Security and Acceleration Server Course # 2159 Available: Now To locate a training provider for this course, please access mcspreferral.microsoft.com/default.asp Microsoft Certified Technical Education Centers (CTECs) are Microsoft’s premier partners for training services

Download ppt "How To Protect Your Network Using ISA Server 邹方波 微软认证讲师 广州嘉为计算机网络教育中心."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview

Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview
Module 7: Configuring Access to Internal Resources.

Module 7: Configuring Access to Internal Resources.
Module 1: Overview of Microsoft ISA Server

Module 1: Overview of Microsoft ISA Server
Module 7: Configuring Access to Internal Resources.

Module 7: Configuring Access to Internal Resources.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Working with Proxy Servers and Application-Level Firewalls Chapter 5.

Working with Proxy Servers and Application-Level Firewalls Chapter 5.
Web Server Administration TEC 236 Securing the Web Environment.

Web Server Administration TEC 236 Securing the Web Environment.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Module 4: Configuring Caching. Overview Cache Overview Configuring Cache Policy Configuring Cache Settings Configuring Scheduled Content Downloads.

Module 4: Configuring Caching. Overview Cache Overview Configuring Cache Policy Configuring Cache Settings Configuring Scheduled Content Downloads.
Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.

Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.

Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Chapter 7: Working with Proxy Servers & Application-Level Firewalls

Chapter 7: Working with Proxy Servers & Application-Level Firewalls
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Similar presentations

Ads by Google