Minus Human Posted June 12, 2005 Share Posted June 12, 2005 Hello again,As mentioned before ISA configuration is totally new to me, so thought i would start with the basics of what i want to do with it they include,Setup web/internet proxy (this is a test so my internet is provided through a modem)setup a DMZand proxy authenticationKlasika you said you had a course on this stuff i could really use your help here!I got an eval copy of ISA 2004 EEThanks!Minus Human Link to comment Share on other sites More sharing options...
Win2k3EE Posted June 12, 2005 Share Posted June 12, 2005 Hello again,As mentioned before ISA configuration is totally new to me, so thought i would start with the basics of what i want to do with it they include,Setup web/internet proxy (this is a test so my internet is provided through a modem)setup a DMZand proxy authenticationKlasika you said you had a course on this stuff i could really use your help here!I got an eval copy of ISA 2004 EEThanks!Minus Human<{POST_SNAPBACK}>http://www.windowsecurity.com/articles/Mic...net_access.htmlhttp://www.windowsecurity.com/tutorials/Cr...P_Security.htmlhttp://support.microsoft.com/default.aspx?...kb;en-us;867483 Link to comment Share on other sites More sharing options...
valter Posted June 12, 2005 Share Posted June 12, 2005 (edited) Hi m8,here is something for the start ...1. Get a computer with 3 NICs2. Install Windows 2003 Server and updates but NOT SP1 (remember NO SP1)3. Make it a member server of your ADNow we have to secure ISA server itself. Do the following:4. Download this from Microsoft site and extract it somwhere5. On the DC make a new OU, call it ISA and place ISA server there.6. Apply High Security-Member Server Baseline template to the ISA OU (template is located in the extracted material Windows Server 2003 Security Guide\Tools and Templates\Security Guide\Security Templates)Make sure to set the following services as follows (within GPO for ISA OU)a. Remote Access Connection Manager set startup to Automaticb. Routing and Remote Access set startup to Automaticc. Telephony set startup to AutomaticOnce done, on the ISA box open cmd and type "gpupdate /force", reboot machine when asked.7. On the external interface on ISA server do the following:a. Clear the check box next to Client for Microsoft Networksb. Clear the check box next to File and Printer Sharing for Microsoft networksc. On the DNS tab of the Advanced TCP/IP properties clear the check box next to Register this connection address in DNSd. on the WINS tab of the Advanced TCP/IP properties clear the check box next to Enable LMHOSTS lookup and select Disable NetBIOS over TCP/IPNow ISA is secured (at least should be) Now you have to make up your mind about the clients, do you want to use SecureNAT, Web Proxy or Firewall clientsHere is the description of the clients:Firewall clients are computers on which Firewall Client softwarehas been installed and enabled. When a computer with the Firewall Clientsoftware installed requests resources on the Internet, the request is directed to theFirewall service on the ISA Server computer. The Firewall service authenticatesand authorizes the user and filters the request based on Firewall rules and applicationfilters or other add-ins. Firewall clients provide the highest level of functionalityand security.SecureNAT clients do not require any client installation orconfiguration. SecureNAT clients are configured to route all requests for resourceson other networks to the internal Internet Protocol (IP) address of the ISA Servercomputer. If the network includes only a single segment, the SecureNAT client isconfigured to use the internal IP address on the computer running ISA Server asthe default gateway. SecureNAT clients are easiest to configure because only thedefault gateway on the client computers must be configured.Web Proxy clients are any computers that run Web applicationsthat comply with Hypertext Transfer Protocol (HTTP) 1.1, such as Webbrowsers. Requests from Web Proxy clients are directed to the Firewall service onthe ISA Server computer. Because most client computers already run Web Proxy–compatible applications, Web Proxy clients do not require the installation ofspecial software. However, the Web application must be configured to use the ISAServer computer.If you want I can scan you (PDF) my exercises so you can go through. Of course, having a book 70-350 Implementing Microsoft Internet Security and Acceleration Server 2004 is a MUST. If you don't have it, I can "borrow" you a PDF as well Edited June 12, 2005 by klasika Link to comment Share on other sites More sharing options...
Minus Human Posted June 13, 2005 Author Share Posted June 13, 2005 Thanks klasika,I've done all you suggested; if it's really not 2much trouble I would really appreciate those PDF exercises and manual.You’re a great helpMy email: lotzer@ul.ac.za / rlotze@mweb.co.zaMinus Human Link to comment Share on other sites More sharing options...
Minus Human Posted June 16, 2005 Author Share Posted June 16, 2005 Klasika man, are you still alive?Minus Human Link to comment Share on other sites More sharing options...
valter Posted June 17, 2005 Share Posted June 17, 2005 Klasika man, are you still alive?Minus Human<{POST_SNAPBACK}>Sure I am ... check your pm Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now