Results 1 to 6 of 6

Thread: Internet Security and Acceleration Server

  1. #1
    Senior Member
    Join Date
    Jul 2001
    Posts
    143

    Internet Security and Acceleration Server

    Hello all!

    I was wondering if any of you have had hands on work with Microsoft's Internet Security and Acceleration server, better known as ISA? I'm supposed to be implementing this in about 3 weeks at one of my client's places and I have yet to really get my hands dirty in it. Basically, I'm looking to have ISA do bandwidth throttling, bandwidth monitoring, minor intrustion detection, firewalling, proxying, the whole shebang (or #! for you perl lovers). So any tips or advice you could give me from experience with ISA would be greatly appreciated!

    Regards,
    Wizeman
    \"It\'s only arrogrance if you can\'t back it up, otherwise it is confidence.\" - Me

  2. #2
    when you install it, by default it allows no traffic through. So you have to create a rule that "allows" all traffic for testing and then create various rules to only allow the services that you want. For OWA you'll have to create destinatin sets (assuming the mail server is not the ISA server).... It's a rather complicated product. I've deployed it about 5 times having Citrix, Exchange, Web servers etc.. behind it. Feel free to e-mail me if you have questions or need more detailed info....

  3. #3
    Senior Member
    Join Date
    Jul 2001
    Posts
    143
    Well, I'm aware of the fact that you need to create the rules to allow the traffic, but I guess my biggest question is what kind of intrusion detection capabilities does it have? And the Exchange server is on the same server as ISA, unfortunately. Stupid Small Business Server!

    Regards,
    Wizeman
    \"It\'s only arrogrance if you can\'t back it up, otherwise it is confidence.\" - Me

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    its all pretty straight foward, just like any m$ product. You can download (last i looked) a trial version, which is the full version once the registration number is applied. if not its on the cd's that come with most of the books. install it on a box you own before you go there just so you know where everything is.

    set the monitor to a high res or the mmc will be too crammed to work efficiantly

    install in integrated mode which im sure you know is the least secure, but the one you'll have to use.

    dont forget to download the isa patches after installing.

    all the common protocols have rules and definitions pre-made so you can just implement the ones you need. just like all the rest.

    you'll need to know before hand if their using any accounting software that connects to a remote host, which ports need to be configured out, in and bi-directional allong with the remote ip address and ports.

    For what your doing it sounds like you might want to use the FW/proxy client, but that really depends on how the network is set up, you could use active directory login and groups to set permissions and report.

    the IDS sucks. web sites that use push technology, are reported as having attempted an all ports scan which is any request mabe on "non-standard" ports (above 1024) without listing the port #s involved. If their using msn its going to report mcafee is attacking their system repeatedly. personal fws do a better job of reporting.

    when you have it set up the way you want it theirs a wizard for hardening the firewall.
    im sure you know all this already so just download and install before you go to look more professional when you get there.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    other intrusion alerts:

    ip spoofing

    pop overflows

    various port scans xmas, ack etc.

    common script kiddie ****...ping-o-death, teardrop, nuking and so on

    all the alerts can be seen on the mmc by expanding the alerts folder. here you can set the number of times you want to allow an event to happen before it reports or runs something along with the time interval between attempts. there's a place to list the mail addys that need to be notified. this needs to be set in each alert.

    theres a reports folder in the mmc where you design daily, weekly, monthly reports. a daily report is not available until the next day.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    Senior Member
    Join Date
    Jul 2001
    Posts
    143
    Thanks a lot Tedob1! That is exactly what I wanted to know! I was planning on getting it on a machine before I got in there, but I didn't know if there were any "undocumented features" you wanted to let me know about. I'll test out the intrusion detection and reporting stuff on the trial machine and see how it goes on some tests.

    Thanks again!

    Regards,
    Wizeman
    \"It\'s only arrogrance if you can\'t back it up, otherwise it is confidence.\" - Me

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •