Jump to content

ISA 2004

Minus Human
 Share

Recommended Posts

Minus Human

Minus Human

Posted
Posted

Hello again,

As mentioned before ISA configuration is totally new to me, so thought i would start with the basics of what i want to do with it they include,

Setup web/internet proxy (this is a test so my internet is provided through a modem)

setup a DMZ

and proxy authentication

Klasika you said you had a course on this stuff i could really use your help here!

I got an eval copy of ISA 2004 EE

Thanks!

Minus Human

Link to comment
Share on other sites

Win2k3EE

Win2k3EE

Posted
Posted
Hello again,

As mentioned before ISA configuration is totally new to me, so thought i would start with the basics of what i want to do with it they include,

Setup web/internet proxy (this is a test so my internet is provided through a modem)

setup a DMZ

and proxy authentication

Klasika you said you had a course on this stuff i could really use your help here!

I got an eval copy of ISA 2004 EE

Thanks!

Minus Human

http://www.windowsecurity.com/articles/Mic...net_access.html

http://www.windowsecurity.com/tutorials/Cr...P_Security.html

http://support.microsoft.com/default.aspx?...kb;en-us;867483

Link to comment
Share on other sites
valter

valter

Posted
Posted (edited)

Hi m8,

here is something for the start ...

1. Get a computer with 3 NICs

2. Install Windows 2003 Server and updates but NOT SP1 (remember NO SP1)

3. Make it a member server of your AD

Now we have to secure ISA server itself. Do the following:

4. Download this from Microsoft site and extract it somwhere

5. On the DC make a new OU, call it ISA and place ISA server there.

6. Apply High Security-Member Server Baseline template to the ISA OU (template is located in the extracted material Windows Server 2003 Security Gu

ide\Tools and Templates\Security Guide\Security Templates)

Make sure to set the following services as follows (within GPO for ISA OU)

a. Remote Access Connection Manager set startup to Automatic

b. Routing and Remote Access set startup to Automatic

c. Telephony set startup to Automatic

Once done, on the ISA box open cmd and type "gpupdate /force", reboot machine when asked.

7. On the external interface on ISA server do the following:

a. Clear the check box next to Client for Microsoft Networks

b. Clear the check box next to File and Printer Sharing for Microsoft networks

c. On the DNS tab of the Advanced TCP/IP properties clear the check box next to Register this connection address in DNS

d. on the WINS tab of the Advanced TCP/IP properties clear the check box next to Enable LMHOSTS lookup and select Disable NetBIOS over TCP/IP

Now ISA is secured (at least should be) :)

Now you have to make up your mind about the clients, do you want to use SecureNAT, Web Proxy or Firewall clients

Here is the description of the clients:

Firewall clients are computers on which Firewall Client software

has been installed and enabled. When a computer with the Firewall Client

software installed requests resources on the Internet, the request is directed to the

Firewall service on the ISA Server computer. The Firewall service authenticates

and authorizes the user and filters the request based on Firewall rules and application

filters or other add-ins. Firewall clients provide the highest level of functionality

and security.

SecureNAT clients do not require any client installation or

configuration. SecureNAT clients are configured to route all requests for resources

on other networks to the internal Internet Protocol (IP) address of the ISA Server

computer. If the network includes only a single segment, the SecureNAT client is

configured to use the internal IP address on the computer running ISA Server as

the default gateway. SecureNAT clients are easiest to configure because only the

default gateway on the client computers must be configured.

Web Proxy clients are any computers that run Web applications

that comply with Hypertext Transfer Protocol (HTTP) 1.1, such as Web

browsers. Requests from Web Proxy clients are directed to the Firewall service on

the ISA Server computer. Because most client computers already run Web Proxy–

compatible applications, Web Proxy clients do not require the installation of

special software. However, the Web application must be configured to use the ISA

Server computer.

If you want I can scan you (PDF) my exercises so you can go through. Of course, having a book 70-350 Implementing Microsoft Internet Security and Acceleration Server 2004 is a MUST. If you don't have it, I can "borrow" you a PDF as well :)

Edited by klasika
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...