Microsoft Certified Systems Engineer MCSE |
Planning a Monitoring and Reporting Strategy
Monitoring Real-Time InformationYou can monitor real-time information by configuring alerts that are raised when specific events occur. You can also collect real-time information about client connections, server performance, and connectivity on ISA Server. Consider the following when you create a monitoring and reporting strategy:1- Decide the events to which you must be alerted in real time ISA Server can raise alerts based on almost any event that occurs. In most cases, you do not need to be apprised in real time about every alert. For example, if ISA Server blocks a single spoofing attack,
Lire l'article |
Implementing Monitoring and Reporting
Planning a Monitoring and Reporting StrategyWhy You Should Implement MonitoringISA Server is a critical component in an organization?s network infrastructure. If ISA Server is deployed as an Internet-edge firewall, it operates as a firewall that secures the internal network. ISA Server may also be providing secure access to Internet resources for internal clients and access to specified internal resources for Internet clients. If ISA Server is not available, this functionality is disrupted. If ISA Server is being attacked from the Internet, the internal network may be at risk.There are many
Lire l'article |
Guidelines for Troubleshooting VPN Client Connections
Enabling VPN connectivity requires a complex interplay between several server components such as the ISA Server configuration and the RRAS configuration. In addition, you have several configuration options such as authentication methods and tunneling protocols. All these components and options must be configured correctly to allow users to connect to the ISA Server computer using a VPN.Use the following guidelines when troubleshooting VPN client connections:1- The most common problems with VPN connections are user authentication problems.Start by checking the user configuration. Does the user
Lire l'article |
Configuring Virtual Private Networks for Remote Clients and Networks
How to Configure VPN Address AssignmentWhen VPN clients connect to the VPN server, they must be assigned an IP address configurationthat enables them to access the resources on the internal network or other networks. ISA Server can be configured to assign the IP address configuration directly, or to use a Dynamic Host Configuration Protocol (DHCP) server to assign the addresses.When you use DHCP, VPN clients are assigned IP addresses that are part of the internal network subnet. The advantage of this addressing scheme is that you do not need to create special routing table entries to support t
Lire l'article |
Configuring Virtual Private Networking for Remote Clients
How to Configure VPN Client AccessBefore any users can access ISA Server using a VPN, you must enable VPN client access. When you enable this option, ISA Server enables VPN access using a default configuration that you can modify to meet your organization?s requirements.The VPN client access configuration is managed using the Configure VPN Client Access dialog box in ISA Server Management. To access this dialog box, open ISA Server Management and click Virtual Private Networks (VPN).Default VPN Client Access ConfigurationWhen you enable VPN client access, the following default settings are a
Lire l'article |
Guidelines for Planning a VPN Infrastructure
Implementing a VPN infrastructure must be planned carefully because you are deliberately exposing your internal network to the Internet. In many cases, VPN clients have complete access to the internal network, just as if the client computer were connected to the internal network behind the ISA Server computer. This means that your VPN implementation must be as secure as possible.Use the following guidelines when planning your ISA Server VPN implementation:1- For the highest level of security, implement a VPN solution that uses L2TP/IPSec,MS-CHAP v2, or EAP/TLS for user authentication and certi
Lire l'article |
Planning a Virtual Private Networking Infrastructure
How VPN Quarantine Control Is Used to Enforce Remote-Access Security PoliciesIn most cases, a VPN remote-access server can only validate the credentials of remoteaccess users and computers. If the remote-access users successfully authenticate, they can access all resources on the internal network. However, the remote-access client computer may not comply with corporate security policies. In this situation, you can use VPN quarantine control to prevent remote access to a private network until a client-side script validates the remote-access client configuration.VPN quarantine control allows you
Lire l'article |
Configuring Virtual Private Networks for Remote Clients and Networks
VPN Authentication Method OptionsThe authentication protocol is used to verify the identity of the remote-access client.ISA Server 2004 supports the following VPN authentication protocols:1- PAP Password Authentication Protocol (PAP) uses plaintext passwords and is the least secure authentication protocol. PAP is typically used if the remote-access client and remote-access server cannot negotiate a more secure form of authentication.2- SPAP The Shiva Password Authentication Protocol (SPAP) is a reversible encryption mechanism employed by Shiva. When a computer running Windows XP Professional c
Lire l'article |
Configuring Virtual Private Networks for Remote Clients and Networks
Benefits of Using VPNsThe primary benefits of using VPNs are as follows:1- Reduced costs Using the Internet as a connection medium saves long-distance phone expenses and requires less hardware than a dial-up networking solution. In the case of a site-to-site VPN, using the Internet as a WAN is also less expensive than using a dedicated WAN connection.2- Security Authentication prevents unauthorized users from connecting to the VPN servers. Strong encryption methods make it extremely difficult for an attacker to interpret the data sent across a VPN connection.3- Flexibility By using VPNs, the o
Lire l'article |
Configuring Virtual Private Networks for Remote Clients and Networks
Planning a Virtual Private Networking InfrastructureBefore you deploy a virtual private network solution using ISA Server 2004, you must plan the deployment so that you can take full advantage of the ISA Server VPN features. This lesson discusses the protocols and authentication methods available when using ISA Server 2004 to implement virtual private networking. Moreover, the chapter describes how VPN quarantine control works. The chapter then describes how you can use ISA Server 2004 to implement a VPN solution and provides guidelines for planning the deployment.What Is Virtual Private Netwo
Lire l'article |
Configuring ISA Server to Secure Web Client Connections
Exchange Server 2003 Wireless Device SupportExchange Server 2003 allows users of wireless and small devices, such as mobile phones, personal digital assistants (PDAs), or smart phones (hybrid devices that combine the functionality of mobile phones and PDAs), access to Exchange data. Exchange ActiveSync and Outlook Mobile Access (OMA) are two of the mobile service components that are built into Exchange Server 2003.Exchange ActiveSync is a service provided in Exchange Server 2003 that allows users to synchronize their Exchange information (inbox, subfolders, calendar, contacts, and tasks) with
Lire l'article |
Configuring ISA Server to Secure Web Client Connections
Providing user access to e-mail from anywhere has become an important service for many organizations. Many of these organizations have chosen to use Web-based clients to give remote users access to their Exchange Server mailboxes. One of the most popular ways to provide access to e-mail on Exchange Server computers for users outside the internal network is to deploy an Outlook Web Access (OWA) server that is accessible from the Internet. With OWA, users can access their mailboxes on an Exchange server from any computer with an Internet connection and a Web browser. In addition, Exchange Server
Lire l'article |
Configuring ISA Server to Secure SMTP Traffic
How to Configure the SMTP Application FilterTo make an Exchange Server computer accessible to other SMTP servers on the Internet,you must configure a publishing rule that publishes the Exchange Server computer using the SMTP port. When you configure a rule that uses SMTP, the SMTP application filter is enabled for that rule automatically. The SMTP application filter accepts the traffic, inspects it, and forwards it to internal SMTP servers only if the SMTP filter allows it.What Is SMTP Command Filtering?SMTP servers use a set of commands (also called verbs) to initiate an SMTP connection betwe
Lire l'article |
Configuring ISA Server to Secure SMTP Traffic
How to Configure ISA Server to Secure SMTP TrafficISA Server provides three components for securing SMTP traffic. The first is the Mail Server Wizard, which can be used to publish the SMTP server to the Internet. The second component is the SMTP Message Screener, which can help reduce the amount of unwanted e-mail entering the organization. The third component is the SMTP application filter, which can be used to block buffer-overflow attacks or SMTP command based attacks on Exchange Server.Mail Server WizardYou can use the Mail Server Wizard to make Exchange Server computers available to Inter
Lire l'article |
Integrating ISA Server 2004 and Exchange Server
Configuring ISA Server to Secure SMTP Traffic :One way that ISA Server can secure Exchange Server is by providing enhanced options for filtering all SMTP messages sent from the Internet to the computers running Exchange Server. This lesson explains how to publish SMTP servers and how to configure SMTP filtering.Known SMTP Security IssuesVirtually all e-mail sent on the Internet is sent using SMTP. To receive e-mail from the Internet, your organization must have an SMTP server that is accessible to other SMTP servers. However, SMTP has some security weaknesses, both at a protocol level and in t
Lire l'article |
Configuring Intrusion Detection and IP Preferences
Intrusion-Detection Configuration OptionsTo protect your network, you will also need to know how to configure your ISA Server for intrusion detection. Intrusion detection identifies when an attack is attempted against your network and performs a set of configured actions, or alerts, in case of an attack. To detect potential attacks, ISA Server compares network traffic and log entries to well-known attacks. When ISA Server detects suspicious activities, it triggers an alert. You can configure the actions that ISA Server will perform in the event of an alert. These actions include connection ter
Lire l'article |
Implementing Perimeter Networks and Network Templates
What Are Network Templates?ISA Server 2004 can be deployed in any of the perimeter network configurations. To simplify the deployment, ISA Server 2004 includes several network templates that you can use to configure ISA Server based on one of the perimeter network scenarios. A network template is stored in an Extensible Markup Language (XML) file that includes the following:1- Networks and network sets2- Network rules that describe the relationships between networks and network sets3- Access rule elements4- Access rulesTo apply a network template, run the Network Template Wizard. When you run
Lire l'article |
Implementing Perimeter Networks and Network Templates
What Are Perimeter Networks?A perimeter network is a network that is separated from an internal network and the Internet. Perimeter networks allow external users to gain access to specific servers that are located on the perimeter network while preventing direct access to the internal network.Perimeter networks have the following characteristics:1- Protected by one or more firewalls Perimeter networks are separated from the Internet by one or more firewalls or routers. The perimeter network is usually also separated from the internal network by a firewall. The firewall protects the servers in
Lire l'article |
Lesson 2: Configuring Multiple Networking on ISA Server
How to Configure Network RulesWhen you enable networks or network objects on ISA Server, you can configure network rules that define how network packets will be passed between networks or between computers. Network rules determine whether there is a relationship between two network entities and what type of relationship is defined. Network relationships can be configured as follows:1- Route When you specify this type of connection, client requests from the source network are directly routed to the destination network. The source client address is included in the request. A route relationship
Lire l'article |
Lesson 2: Configuring Multiple Networking on ISA Server
ISA Server Support for Multiple NetworksISA Server 2004 uses networks to define blocks of IP addresses that may be directly attached to the ISA Server computer or IP addresses that may be remote networks. ISA Server uses these networks as components when you create access rules. ISA Server supports an unlimited number of networks.What Is Multinetworking?Multinetworking means that you can configure multiple networks on ISA Server, and then configure network and access rules that inspect and filter all network traffic between all networks. Multinetworking enables flexible options for network con
Lire l'article |
