E-Book, Englisch, 672 Seiten, Web PDF
Shinder Dr. Tom Shinder's ISA Server 2006 Migration Guide
1. Auflage 2011
ISBN: 978-0-08-055551-5
Verlag: Elsevier Science & Techn.
Format: PDF
Kopierschutz: 1 - PDF Watermark
E-Book, Englisch, 672 Seiten, Web PDF
ISBN: 978-0-08-055551-5
Verlag: Elsevier Science & Techn.
Format: PDF
Kopierschutz: 1 - PDF Watermark
Dr. Tom Shinder's ISA Server 2006 Migration Guide provides a clear, concise, and thorough path to migrate from previous versions of ISA Server to ISA Server 2006. ISA Server 2006 is an incremental upgrade from ISA Server 2004, this book provides all of the tips and tricks to perform a successful migration, rather than rehash all of the features which were rolled out in ISA Server 2004. Also, learn to publish Exchange Server 2007 with ISA 2006 and to build a DMZ.
* Highlights key issues for migrating from previous versions of ISA Server to ISA Server 2006.
* Learn to Publish Exchange Server 2007 Using ISA Server 2006.
* Create a DMZ using ISA Server 2006.
* Dr. Tom Shinder's previous two books on configuring ISA Server have sold more than 50,000 units worldwide.
* Dr. Tom Shinder is a Microsoft Most Valuable Professional (MVP) for ISA Server and a member of the ISA Server beta testing team.
* This book will be the Featured Product on the Internet's most popular ISA Server site www.isaserver.org.
Autoren/Hrsg.
Weitere Infos & Material
1;Front Cover;1
2;Dr. Tom Shinder's ISA Server 2006 Migration Guide;2
3;Copyright Page;3
4;Lead Authors;4
5;Contributing Authors;6
6;Contents;8
7;Introduction;24
8;Chapter 1: Network Security Basics;35
8.1;Introduction;36
8.2;Security Overview;36
8.3;Defining Basic Security Concepts;36
8.3.1;Knowledge is Power;37
8.3.2;Think Like a Thief;37
8.3.2.1;The Intrusion Triangle;38
8.3.2.2;Removing Intrusion Opportunities;39
8.3.3;Security Terminology;39
8.4;Addressing Security Objectives;41
8.4.1;Controlling Physical Access;42
8.4.1.1;Physical Access Factors;42
8.4.1.1.1;Protecting the Servers;43
8.4.1.1.2;Keeping Workstations Secure;43
8.4.1.1.3;Protecting Network Devices;44
8.4.1.1.4;Securing the Cable;45
8.4.1.1.5;Safely Going Wireless;46
8.4.1.1.6;Have Laptop, Will Travel;47
8.4.1.1.7;The Paper Chase;48
8.4.1.1.8;Removable Storage Risks;48
8.4.1.2;Physical Security Summary;49
8.4.2;Preventing Accidental Compromise of Data;49
8.4.2.1;Know Your Users;50
8.4.2.2;Educate Your Users;50
8.4.2.3;Control Your Users;50
8.4.3;Preventing Intentional Internal Security Breaches;50
8.4.3.1;Hiring and Human Resource Policies;51
8.4.3.2;Detecting Internal Breaches;51
8.4.3.3;Preventing Intentional Internal Breaches;52
8.4.4;Preventing Unauthorized External Intrusions;52
8.4.4.1;External Intruders with Internal Access;53
8.4.4.2;Tactical Planning;53
8.5;Recognizing Network Security Threats;53
8.5.1;Understanding Intruder Motivations;54
8.5.1.1;Recreational Hackers;54
8.5.1.2;Profit-motivated Hackers;54
8.5.1.3;Vengeful Hackers;55
8.5.1.4;Hybrid Hackers;56
8.5.2;Classifying Specific Types of Attacks;56
8.5.2.1;Social engineering attacks;56
8.5.2.1.1;What is social engineering?;56
8.5.2.1.2;Protecting your network against social engineers;57
8.5.3;Denial of Service (DOS) Attacks;58
8.5.3.1;Distributed Denial of Service attacks;58
8.5.3.2;DNS DOS attack;59
8.5.3.3;SYN attack/LAND attack;59
8.5.3.4;Ping of Death;61
8.5.3.5;Teardrop;61
8.5.3.6;Ping Flood (ICMP flood);61
8.5.3.7;SMURF attack;62
8.5.3.8;UDP bomb or UDP flood;63
8.5.3.9;UDP Snork attack;63
8.5.3.10;WinNuke (Windows out-of-band attack);63
8.5.3.11;Mail bomb attack;63
8.5.4;Scanning and Spoofing;64
8.5.4.1;Port scan;64
8.5.4.2;IP half scan attack;66
8.5.4.3;IP Spoofing;66
8.5.5;Source Routing attack;66
8.5.6;Other protocol exploits;67
8.5.7;System and software exploits;67
8.5.8;Trojans, viruses and worms;68
8.5.8.1;Trojans;68
8.5.8.2;Viruses;68
8.5.8.3;Worms;69
8.6;Designing a Comprehensive Security Plan;69
8.6.1;Evaluating Security Needs;70
8.6.1.1;Assessing the type of business;70
8.6.1.2;Assessing the type of data;71
8.6.1.3;Assessing the network connections;71
8.6.1.4;Assessing management philosophy;72
8.6.1.4.1;Understanding management models;72
8.6.2;Understanding Security Ratings;72
8.6.3;Legal Considerations;73
8.6.4;Designating Responsibility for Network Security;73
8.6.4.1;Responsibility for Developing the Security Plan and Policies;73
8.6.4.2;Responsibility for Implementing and Enforcing the Security Plan and Policies;74
8.6.5;Designing the Corporate Security Policy;74
8.6.5.1;Developing an Effective Password Policy;75
8.6.5.1.1;Password Length and Complexity;75
8.6.5.1.2;Who creates the password?;76
8.6.5.1.3;Password Change Policy;76
8.6.5.1.4;Summary of Best Password Practices;77
8.6.6;Educating Network Users on Security Issues;77
8.7;Summary;79
9;Chapter 2: ISA Server 2006 Client Types and Automating Client Provisioning;81
9.1;Introduction;82
9.2;Understanding ISA Server 2006 Client Types;82
9.2.1;Understanding the ISA Server 2006 SecureNAT Client;84
9.2.1.1;SecureNAT Client Limitations;86
9.2.1.2;SecureNAT Client Advantages;90
9.2.1.3;Name Resolution for SecureNAT Clients;92
9.2.1.3.1;Name Resolution and "Looping Back" Through the ISA Server 2006 Firewall;92
9.2.2;Understanding the ISA Server 2006 Firewall Client;96
9.2.2.1;Allows Strong User/Group-Based Authentication for All Winsock Applications Using TCP and UDP Protocols;97
9.2.2.2;Allows User and Application Information to be Recorded in the ISA Server 2006 Firewall's Log Files;98
9.2.2.3;Provides Enhanced Support for Network Applications, Including Complex Protocols That Require Secondary Connections;98
9.2.2.4;Provides "Proxy" DNS Support for Firewall Client Machines;98
9.2.2.5;The Network Routing Infrastructure Is Transparent to the Firewall Client;99
9.2.2.6;How the Firewall Client Works;101
9.2.2.7;Installing the Firewall Client Share;103
9.2.2.8;Installing the Firewall Client;104
9.2.2.9;Firewall Client Configuration;105
9.2.2.9.1;Centralized Configuration Options at the ISA Server 2006 Firewall Computer;106
9.2.2.9.2;Enabling Support for Legacy Firewall Client/Winsock Proxy Clients;109
9.2.2.10;Client Side Firewall Client Settings;110
9.2.2.11;Firewall Client Configuration Files;112
9.2.2.11.1;.ini Files;113
9.2.2.11.2;Advanced Firewall Client Settings;114
9.2.2.12;Firewall Client Configuration at the ISA Server 2006 Firewall;116
9.2.3;ISA Server 2006 Web Proxy Client;118
9.2.3.1;Improved Performance for the Firewall Client and SecureNAT Client Configuration for Web Access;119
9.2.3.2;Ability to Use the Autoconfiguration Script to Bypass Sites Using Direct Access;119
9.2.3.3;Allows You to Provide Web Access (HTTP/HTTPS/FTP Download) without Enabling Users Access to Other Protocols;119
9.2.3.4;Allows You to Enforce User/Group-based Access Controls Over Web Access;120
9.2.3.5;Allows you to Limit the Number of Outbound Web Proxy Client Connections;126
9.2.3.6;Supports Web Proxy Chaining, Which Can Further Speed Up Internet Access;127
9.2.4;ISA Server 2006 Multiple Client Type Configuration;127
9.2.5;Deciding on an ISA Server 2006 Client Type;129
9.3;Automating ISA Server 2006 Client Provisioning;130
9.3.1;Configuring DHCP Servers to Support Web Proxy and Firewall Client Autodiscovery;131
9.3.1.1;Install the DHCP Server;132
9.3.1.2;Create the DHCP scope;132
9.3.1.3;Create the DHCP 252 Scope Option and Add It to the Scope;135
9.3.1.4;Configure the Client as a DHCP Client;138
9.3.1.5;Configure the Client Browser to Use DCHP for Autodiscovery;139
9.3.1.6;Configure the ISA Server 2006 Firewall to Publish Autodiscovery Information;139
9.3.1.7;Making the Connection;140
9.3.2;Configuring DNS Servers to Support Web Proxy and Firewall Client Autodiscovery;142
9.3.2.1;Creating the wpad Entry in DNS;142
9.3.2.2;Configure the Client to Use the Fully-Qualified wpad Alias;145
9.3.2.3;Configure the client browser to use autodiscovery;148
9.3.2.4;Configure the ISA Server 2006 Firewall to Publish Autodiscovery Information;148
9.3.2.5;Making the Connection Using DNS for Autodiscovery;149
9.4;Automating Installation of the Firewall Client;150
9.4.1;Configuring Firewall Client and Web Proxy Client Configuration in the ISA Management Console;151
9.4.2;Group Policy Software Installation;155
9.4.3;Silent Installation Script;158
9.4.4;Systems Management Server (SMS);159
9.5;One More Time;159
10;Chapter 3: Installing and Configuring the ISA Firewall Software;161
10.1;Pre-installation Tasks and Considerations;162
10.1.1;System Requirements;162
10.1.2;Configuring the Routing Table;164
10.1.3;DNS Server Placement;166
10.1.4;Configuring the ISA Firewall's Network Interfaces;168
10.1.5;Installation via a Terminal Services Administration Mode Session;172
10.2;Performing a Clean Installation on a Multihomed Machine;172
10.3;Default Post-installation ISA Firewall Configuration;179
10.4;The Post-installation System Policy;180
10.5;Performing a Single NIC Installation (Unihomed ISA Firewall);191
10.6;Quick Start Configuration for ISA Firewalls;193
10.6.1;Configuring the ISA Firewall's Network Interfaces;195
10.6.1.1;IP Address and DNS Server Assignment;195
10.6.1.1.1;Configuring the Internal Network Interface;196
10.6.1.1.2;Configuring the External Network Interface;197
10.6.1.2;Network Interface Order;197
10.6.2;Installing and Configuring a DNS Server on the ISA Server Firewall;198
10.6.2.1;Installing the DNS Service;198
10.6.2.1.1;Installing the DNS Server Service on Windows Server 2003;198
10.6.2.2;Configuring the DNS Service on the ISA Firewall;199
10.6.2.2.1;Configuring the DNS Service in Windows Server 2003;199
10.6.2.3;Configuring the DNS Service on the Internal Network DNS Server;202
10.6.3;Installing and Configuring a DHCP Server on the ISA Server Firewall;204
10.6.3.1;Installing the DHCP Service;204
10.6.3.1.1;Installing the DHCP Server Service on a Windows Server 2003 Computer;205
10.6.3.2;Configuring the DHCP Service;205
10.6.4;Installing and Configuring the ISA Server 2006 Software;207
10.6.4.1;Configuring the ISA Firewall;210
10.6.4.1.1;DHCP Request to Server Rule;212
10.6.4.1.2;DHCP Reply from Server Rule;214
10.6.4.1.3;Internal DNS Server to DNS Forwarder Rule;215
10.6.4.1.4;Internal Network to DNS Server;216
10.6.4.1.5;The All Open Rule;217
10.6.5;Configuring the Internal Network Computers;218
10.6.5.1;Configuring Internal Clients as DHCP Clients;218
10.7;Hardening the Base ISA Firewall Configuration and Operating System;221
10.7.1;ISA Firewall Service Dependencies;221
10.7.2;Service Requirements for Common Tasks Performed on the ISA Firewall;224
10.7.3;Client Roles for the ISA Firewall;227
10.7.4;ISA Firewall Administrative Roles and Permissions;229
10.7.5;Lockdown Mode;231
10.7.5.1;Lockdown Mode Functionality;231
10.7.6;Connection Limits;232
10.7.7;DHCP Spoof Attack Prevention;234
10.8;One More Time;237
11;Chapter 4: Creating and Using ISA 2006 Firewall Access Policy;239
11.1;ISA Firewall Access Rule Elements;242
11.1.1;Protocols;242
11.1.2;User Sets;243
11.1.3;Content Types;244
11.1.4;Schedules;250
11.1.5;Network Objects;251
11.2;Configuring Access Rules for Outbound Access through the ISA Firewall;251
11.2.1;The Rule Action Page;251
11.2.2;The Protocols Page;252
11.2.3;The Access Rule Sources Page;254
11.2.4;The Access Rule Destinations Page;255
11.2.5;The User Sets Page;255
11.2.6;Access Rule Properties;256
11.2.6.1;The General Tab;256
11.2.6.2;The Action Tab;256
11.2.6.3;The Protocols Tab;257
11.2.6.4;The From Tab;259
11.2.6.5;The To Tab;260
11.2.6.6;The Users Tab;260
11.2.6.7;The Schedule Tab;261
11.2.6.8;The Content Types Tab;262
11.2.7;The Access Rule Context Menu Options;263
11.2.8;Configuring RPC Policy;264
11.2.9;Configuring FTP Policy;265
11.2.10;Configuring HTTP Policy;266
11.2.11;Ordering and Organizing Access Rules;266
11.2.12;How to Block Logging for Selected Protocols;267
11.2.13;Disabling Automatic Web Proxy Connections for SecureNAT Clients;268
11.3;Using Scripts to Populate Domain Name Sets;269
11.3.1;Using the Import Scripts;271
11.3.2;Extending the SSL Tunnel Port Range for Web Access to Alternate SSL Ports;276
11.3.3;Avoiding Looping Back through the ISA Firewall for Internal Resources;278
11.3.4;Anonymous Requests Appear in Log File Even When Authentication is Enforced For Web (HTTP Connections);280
11.3.5;Blocking MSN Messenger using an Access Rule;280
11.3.6;Allowing Outbound Access to MSN Messenger via Web Proxy;283
11.3.7;Changes to ISA Firewall Policy Only Affects New Connections;284
11.4;Allowing Intradomain Communications through the ISA Firewall;285
11.5;One More Time;294
12;Chapter 5: Publishing Network Services with ISA 2006 Firewalls;297
12.1;Overview of Web Publishing and Server Publishing;298
12.1.1;Web Publishing Rules;298
12.1.1.1;Proxied Access to Web Sites Protectedby the ISA firewall;299
12.1.1.2;Deep Application-Layer Inspection of Connections Made to Published Web Sites;299
12.1.1.3;Path Redirection;300
12.1.1.4;URL rewriting with ISA's Link Translation;300
12.1.1.5;Ability to Publish Multiple Web Sites with a Single IP Address;301
12.1.1.6;Pre-authentication of requests, and Authentication Delegation to the published Site;301
12.1.1.7;Single Sign-On (SSO) for Published Web Sites;302
12.1.1.8;Support for SecurID Authentication;302
12.1.1.9;Support for RADIUS Authentication;302
12.1.1.10;Reverse Caching of Published Web Sites;303
12.1.1.11;Support for Forwarding either the ISA Firewall's IP Address, or the Original Web Client's IP Address to the Web Site;303
12.1.1.12;Ability to Schedule when Connections are Allowed to Published Web Sites;304
12.1.1.13;Port and Protocol Redirection;304
12.1.2;Server Publishing Rules;305
12.1.2.1;Server Publishing Rules are a Form of Reverse NAT, sometimes referred to as "Port Mapping" or "Port forwarding" and do not Proxy the Connection;305
12.1.2.2;Almost All IP Level and TCP/UDP Protocols can be Published using Server Publishing Rules;306
12.1.2.3;Server Publishing Rules do not Support Authentication on the ISA Server;306
12.1.2.4;Application-Layer Filtering can be Applied to a Defined Subset of Server Published Protocols;306
12.1.2.5;You can Configure Port Overrides to Customize the Listening Ports and the Port Redirection. You can also Lock Down the Source Ports the Requesting Clients use to Connect to the Published Server;307
12.1.2.6;You can lock down who can Access Published Resources using IP addresses;307
12.1.2.7;The External Client Source IP Address can be Preserved or it can be Replaced with the ISA Firewall's IP address;307
12.1.2.8;Restrict connections to specific days and times;307
12.1.2.9;Support for Port Redirection or PAT (Port Address Translation);308
12.2;Creating and Configuring Non-SSL Web Publishing Rules;308
12.2.1;The Select Rule Action Page;308
12.2.2;The Publishing Type Page;309
12.2.3;The Server Connection Security Page;310
12.2.4;The Internal Publishing Details Page (Part one);311
12.2.5;The Internal Publishing Details Page(Part two);313
12.2.6;The Public Name Details Page;315
12.2.7;The Select Web Listener Page and Creating an HTTP Web Listener;316
12.2.8;The Web Listener IP Addresses Page;318
12.2.9;The Authentication Settings Page;320
12.2.10;The Single Sign on Settings Page;324
12.2.11;The LDAP Settings Page;325
12.2.12;The RADIUS Settings Page;327
12.2.13;SecurID Settings;329
12.2.14;The Authentication Delegation Page;329
12.2.15;The User Sets Page;332
12.3;Creating and Configuring SSL Web Publishing Rules;333
12.3.1;SSL Bridging;333
12.3.1.1;SSL "Tunneling" versus SSL "Bridging";334
12.3.1.2;What about SSL-to-HTTP Bridging?;334
12.3.1.3;Enterprise and Standalone Certificate Authorities;335
12.3.1.4;SSL-to-SSL Bridging and Web Site Certificate Configuration;336
12.3.2;Importing Web Site Certificates into the ISA Firewall's Machine Certificate Store;338
12.3.3;Requesting a User Certificate for the ISA Firewall to Present to SSL Web Sites;340
12.3.4;Creating an SSL Web Publishing Rule;342
12.3.4.1;The Internal Publishing Details Pages;343
12.3.4.2;The Public Name Details Page;345
12.3.4.3;The Server Connection Security Page;345
12.3.4.4;The Client Connection Security Page;346
12.3.4.5;ISA 2004's Bridging Mode Page and ISA 2006;349
12.4;Configuring Advanced Web Listener Properties;350
12.4.1;The General Tab;350
12.4.2;The Networks Tab;350
12.4.3;The Connections Tab;350
12.4.4;The Connections - Advanced Dialog;352
12.4.5;The Certificates Tab;352
12.4.6;The Certificates - Advanced Dialog;353
12.4.7;The Authentication Tab;353
12.4.8;Advanced Authentication Options Dialog Box;353
12.4.9;The Forms Tab;356
12.4.10;The Forms - Advanced Dialog;357
12.4.11;The SSO Tab;358
12.5;The Web Publishing Rule Properties Dialog Box;359
12.5.1;The General Tab;359
12.5.2;Action;360
12.5.3;From;361
12.5.4;To;362
12.5.5;Traffic;364
12.5.6;Listener;366
12.5.7;Public Name;366
12.5.8;Paths;367
12.5.9;Bridging;371
12.5.10;Users;372
12.5.11;Schedule;374
12.5.12;Link Translation;374
12.5.13;Authentication Delegation;375
12.5.14;Application Settings;377
12.6;Creating Server Publishing Rules;378
12.6.1;The Server Publishing Rule Properties Dialog Box;383
12.6.2;Server Publishing HTTP Sites;389
12.7;Creating Mail Server Publishing Rules;391
12.7.1;The Client Access: RPC, IMAP, POP3, SMTP Option;392
12.8;Publishing Exchange Web Client Access;394
12.9;One More Time;397
13;Chapter 6: Creating Remote Access and Site-to-Site VPNs with ISA Firewalls;399
13.1;Overview of ISA Firewall VPN Networking;400
13.1.1;Firewall Policy Applied to VPN Client Connections;402
13.1.2;Firewall Policy Applied to VPN Site-to-Site Connections;403
13.1.3;VPN Quarantine;404
13.1.4;User Mapping of VPN Clients;405
13.1.5;SecureNAT Client Support for VPN Connections;406
13.1.6;Site-to-Site VPN Using Tunnel Mode IPSec;407
13.1.7;Publishing PPTP VPN Servers;408
13.1.8;Pre-shared Key Support for IPSec VPN Connections;409
13.1.9;Advanced Name Server Assignment for VPN Clients;410
13.1.10;Monitoring of VPN Client Connections;411
13.1.11;An Improved Site-to-Site Wizard (New ISA 2006 feature);411
13.1.12;The Create Answer File Wizard (New ISA 2006 Feature);412
13.1.13;The Branch Office Connectivity Wizard (New ISA 2006 feature);412
13.1.14;The Site-to-Site Summary (New ISA 2006 Feature);413
13.2;Creating a Remote Access PPTP VPN Server;413
13.2.1;Enable the VPN Server;414
13.2.2;Create an Access Rule Allowing VPN Clients Access to Allowed Resources;425
13.2.3;Enable Dial-in Access;426
13.2.4;Test the PPTP VPN Connection;429
13.3;Creating a Remote Access L2TP/IPSec Server;431
13.3.1;Issue Certificates to the ISA Firewall and VPN Clients;431
13.3.2;Test the L2TP/IPSec VPN Connection;437
13.3.3;Monitor VPN Clients;438
13.3.4;Using a Pre-shared Key for VPN Client Remote Access Connections;440
13.4;Creating a PPTP Site-to-Site VPN;442
13.4.1;Create the Remote Site Network at the Main Office;445
13.4.2;The Network Rule at the Main Office;452
13.4.3;The Access Rules at the Main Office;452
13.4.4;Create the VPN Gateway Dial-in Account at the Main Office;453
13.4.5;Create the Remote Site Network at the Branch Office;455
13.4.6;The Network Rule at the Branch Office;457
13.4.7;The Access Rules at the Branch Office;458
13.4.8;Create the VPN Gateway Dial-in Account at the Branch Office;458
13.4.9;Activate the Site-to-Site Links;459
13.5;Creating an L2TP/IPSec Site-to-Site VPN;460
13.5.1;Enable the System Policy Rule on the Main Office Firewall to Access the Enterprise CA;461
13.5.2;Request and Install a Certificate for the Main Office Firewall;462
13.5.3;Configure the Main Office ISA Firewall to use L2TP/IPSec for the Site-to-Site Link;466
13.5.4;Enable the System Policy Rule on the Branch Office Firewall to Access the Enterprise CA;468
13.5.5;Request and Install a Certificate for the Branch Office Firewall;469
13.5.6;Configure the Branch Office ISA Firewall to use L2TP/IPSec for the Site-to-Site Link;471
13.5.7;Activate the L2TP/IPSec Site-to-Site VPN Connection;471
13.5.8;Configuring Pre-shared Keys for Site-to-Site L2TP/IPSec VPN Links;473
13.6;IPSec Tunnel Mode Site-to-Site VPNs with Downlevel VPN Gateways;474
13.7;Using RADIUS for VPN Authentication and Remote Access Policy;474
13.7.1;Configure the Internet Authentication Services (RADIUS) Server;475
13.7.2;Create a VPN Clients Remote Access Policy;476
13.7.3;Remote Access Permissions and Domain Functional Level;479
13.7.4;Changing the User Account Dial-in Permissions;481
13.7.5;Changing the Domain Functional Level;482
13.7.6;Controlling Remote Access Permission via Remote Access Policy;483
13.7.7;Enable the VPN Server on the ISA Firewall and Configure RADIUS Support;484
13.7.8;Create an Access Rule Allowing VPN Clients Access to Approved Resources;487
13.7.9;Make the Connection from a PPTP VPN Client;488
13.8;Using EAP User Certificate Authentication for Remote Access VPNs;490
13.8.1;Configuring the ISA Firewall Software to Support EAP Authentication;491
13.8.2;Enabling User Mapping for EAP Authenticated Users;493
13.8.3;Issuing a User Certificate to the Remote Access VPN Client Machine;494
13.9;Supporting Outbound VPN Connections through the ISA Firewall;497
13.10;Installing and Configuring the DHCP Server and DHCP Relay Agent on the ISA Firewall;500
13.11;Summary;503
14;Chapter 7: ISA 2006 Stateful Inspection and Application Layer Filtering;505
14.1;Introduction;506
14.2;Application Filters;506
14.2.1;The SMTP Filter;507
14.2.2;The DNS Filter;508
14.2.3;The POP Intrusion Detection Filter;509
14.2.4;The SOCKS V4 Filter;509
14.2.5;The FTP Access Filter;511
14.2.6;The H.323 Filter;511
14.2.7;The MMS Filter;512
14.2.8;The PNM Filter;512
14.2.9;The PPTP Filter;512
14.2.10;The RPC Filter;512
14.2.11;The RTSP Filter;512
14.3;Web Filters;513
14.3.1;The HTTP Security Filter (HTTP Filter);513
14.3.1.1;Overview of HTTP Security Filter Settings;514
14.3.1.1.1;The General Tab;514
14.3.1.1.2;The Methods Tab;516
14.3.1.1.3;The Extensions Tab;518
14.3.1.1.4;The Headers Tab;519
14.3.1.1.5;The Signatures Tab;523
14.3.1.2;HTTP Security Filter Logging;526
14.3.1.3;Exporting and Importing HTTP Security Filter Settings;527
14.3.1.3.1;Exporting an HTTP Policy from a Web Publishing Rule;527
14.3.1.3.2;Importing an HTTP Policy into a Web Publishing Rule;528
14.3.1.4;Investigating HTTP Headers for Potentially Dangerous Applications;529
14.3.1.5;Example HTTP Security Filter Policies;533
14.3.1.6;Commonly Blocked Headers and Application Signatures;537
14.3.2;The ISA Server Link Translator;538
14.3.2.1;Determining Custom Dictionary Entries;541
14.3.2.2;Configuring Custom Link Translation Dictionary Entries;541
14.3.3;The Web Proxy Filter;543
14.3.4;The OWA Forms-Based Authentication Filter;544
14.3.5;The RADIUS Authentication Filter;545
14.4;IP Filtering and Intrusion Detection/Intrusion Prevention ;545
14.4.1;Common Attacks Detection and Prevention;545
14.4.2;DNS Attacks Detection and Prevention;546
14.4.3;IP Options and IP Fragment Filtering;547
14.4.3.1;Source Routing Attack;549
14.5;Summary;550
15;Chapter 8: Accelerating Web Performance with ISA 2006 Caching Capabilities;551
15.1;Understanding Caching Concepts;552
15.1.1;Web Caching Types;552
15.1.1.1;Forward Caching ;553
15.1.1.2;Reverse Caching;553
15.1.1.2.1;How Reverse Caching Reduces Bandwidth Usage;554
15.1.1.2.2;How Reverse Caching Increases Availability of Web Content ;554
15.1.2;Web Caching Architectures ;554
15.1.3;Web Caching Protocols ;557
15.2;Understanding ISA 2006's Web Caching Capabilities;557
15.2.1;Using the Caching Feature;558
15.2.2;Understanding Cache Rules;559
15.2.2.1;Using Cache Rules to Specify Content Types That Can Be Cached;560
15.2.2.2;Using Cache Rules to Specify How Objects are Retrieved and Served from Cache;560
15.2.3;Understanding the Content Download Feature;561
15.3;Configuring ISA 2006 as a Caching Firewall;563
15.3.1;Enabling and Configuring Caching;563
15.3.1.1;How to Enable Caching in Enterprise Edition;563
15.3.1.2;How to Enable Caching in Standard Edition;565
15.3.1.3;How to Disable Caching in Enterprise Edition;565
15.3.1.4;How to Disable Caching in Standard Edition;566
15.3.1.5;How to Configure Properties;566
15.3.1.6;Configuring Which Content to Cache;566
15.3.1.7;Configuring the Maximum Size of Objects in the Cache;567
15.3.1.8;Configuring Whether Expired Objects Should be Returned from Cache;568
15.3.1.9;Allocating a Percentage of Memory to Caching;568
15.3.2;Creating Cache Rules;569
15.3.2.1;How to Create a Cache Rule;569
15.3.2.2;How to Modify an Existing Cache Rule;573
15.3.2.3;How to Disable or Delete a Cache Rule;575
15.3.2.4;How to Change the Order of Cache Rules;575
15.3.2.5;How to Copy a Cache Rule;575
15.3.2.6;How to Export and Import Cache Rules;576
15.3.3;Configuring Content Downloads;578
15.3.3.1;How to Ensure a Content Download Job Can Run;579
15.3.3.1.1;Configuring the Local Host Network;579
15.3.3.1.2;Enabling the System Policy Rules;581
15.3.3.1.3;Running the Job Scheduler Service;582
15.3.3.2;How to Create and Configure Scheduled Content Download Jobs;584
15.3.3.3;How to Make Changes to an Existing Content Download Job;587
15.3.3.4;How to Disable or Delete Content Download Jobs;588
15.3.3.5;How to Export and Import Content Download Job Configurations;588
15.3.3.6;How to Run a Content Download Job Immediately;589
15.4;Summary;590
16;Chapter 9: Using ISA Firewall 2006's Monitoring, Logging, and Reporting Tools;591
16.1;Introduction;592
16.2;Exploring the ISA 2006 Dashboard;593
16.2.1;Dashboard Sections;595
16.2.1.1;Dashboard Connectivity Section;596
16.2.1.2;Dashboard Services Section;597
16.2.1.3;Dashboard Reports Section;598
16.2.1.4;Dashboard Alerts Section;599
16.2.1.5;Dashboard Sessions Section;600
16.2.1.6;Dashboard System Performance Section;601
16.2.2;Configuring and Customizing the Dashboard;603
16.3;Creating and Configuring ISA 2006 Alerts;604
16.3.1;Alert-Triggering Events;604
16.3.2;Viewing the Predefined Alerts;607
16.3.3;Creating a New Alert;607
16.3.4;Modifying Alerts;614
16.3.5;Viewing Alerts that have been Triggered;615
16.4;Monitoring ISA 2006 Connectivity, Sessions, and Services;617
16.4.1;Configuring and Monitoring Connectivity;617
16.4.1.1;Creating Connectivity Verifiers;618
16.4.1.2;Monitoring Connectivity;621
16.4.2;Monitoring Sessions;625
16.4.2.1;Viewing, Stopping and Pausing Monitoring of Sessions;625
16.4.2.2;Monitoring Specific Sessions Using Filter Definitions;627
16.4.2.3;Disconnecting Sessions;630
16.4.2.4;Exporting and Importing Filter Definitions;630
16.4.3;Monitoring Services;630
16.5;Working with ISA Firewall Logs and Reports;631
16.5.1;Understanding ISA Firewall Logs;631
16.5.1.1;Log Types;632
16.5.1.1.1;Logging to an MSDE Database;632
16.5.1.1.2;Logging to a SQL Server;632
16.5.1.1.3;Logging to a File;633
16.5.1.2;How to Configure Logging;634
16.5.1.2.1;Configuring MSDE Database Logging;635
16.5.1.2.2;Configuring Logging to a File;636
16.5.1.2.3;Configuring Logging to a SQL Database;637
16.5.1.3;How to Use the Log Viewer;638
16.5.1.4;How to Filter the Log Information;639
16.5.1.5;Saving Log Viewer Data to a File;642
16.5.1.6;Exporting and Importing Filter Definitions;643
16.5.2;Generating, Viewing, and Publishing Reports with ISA 2006;643
16.5.2.1;How to Generate a One-Time Report;643
16.5.2.2;How to Configure an Automated Report Job;646
16.5.2.3;Other Report Tasks;649
16.5.2.4;How to View Reports;650
16.5.2.5;Publishing Reports;651
16.6;Using the ISA Firewall's Performance Monitor ;652
16.6.1;Recommended Performance Counters;656
16.7;ISA Firewall 2004 Upgrade Considerations;656
16.7.1;Preserving Log Files Prior to Upgrade;657
16.7.2;File Logging ;657
16.7.3;MSDE Logging ;658
16.7.4;SQL Logging;659
16.7.5;Preserving SQL Logging Options Prior to Upgrade;660
17;Index;661