Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.

Slides:



Advertisements
Similar presentations
Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.
Advertisements

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Module 1: Installing Windows XP Professional
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Module 5: Configuring Access to Internal Resources.
Module 5: Configuring Access for Remote Clients and Networks.
Paula Kiernan Senior Consultant Ward Solutions
Module 9: Configuring ISA Server for the Enterprise
Module 3 Windows Server 2008 Branch Office Scenario.
Chapter 7 HARDENING SERVERS.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
Chapter 13 Chapter 13: Managing Internet and Network Interoperability.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Windows Server 2008 Chapter 8 Last Update
Module 8: Implementing Administrative Templates and Audit Policy.
11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Ch 11 Managing System Reliability and Availability 1.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Module 7: Configuring TCP/IP Addressing and Name Resolution.
Name Resolution Domain Name System.
Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.
Internal NetworkExternal Network. Hub Internal NetworkExternal Network WS.
Securing Microsoft® Exchange Server 2010
Hands-On Microsoft Windows Server 2008
70-411: Administering Windows Server 2012
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Module 14: Configuring Server Security Compliance
Module 7: Fundamentals of Administering Windows Server 2008.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
Module 4: Planning, Optimizing, and Troubleshooting DHCP
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Module 9: Preparing to Administer a Server. Overview Introduction to Administering a Server Configuring Remote Desktop to Administer a Server Managing.
Module 4 Planning and Deploying Client Access Services in Microsoft® Exchange Server 2010 Presentation: 120 minutes Lab: 90 minutes After completing.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications.
Maintaining and Updating Windows Server Monitoring Windows Server It is important to monitor your Server system to make sure it is running smoothly.
1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.
Module 9: Implementing Caching. Overview Caching Overview Configuring General Cache Properties Configuring Cache Rules Configuring Content Download Jobs.
Module 6: Managing Client Access. Overview Implementing Client Access Servers Implementing Client Access Features Implementing Outlook Web Access Introduction.
Module 6: Designing Security for Network Hosts
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Module 1: Implementing Active Directory ® Domain Services.
1 Installing and Maintaining ISA Server Planning an ISA Server Deployment Understand the current network infrastructure. Review company security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
Module 10: Windows Firewall and Caching Fundamentals.
Module 10: Implementing Administrative Templates and Audit Policy.
Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.
MICROSOFT TESTS /291/293 Fairfax County Adult Education Courses 1477/1478/1479.
Module 14: Advanced Topics and Troubleshooting. Microsoft ® Windows ® Small Business Server (SBS) 2008 Management Console (Advanced Mode) Managing Windows.
Pass Microsoft Installing and Configuring Windows Server 2012 exam in just 24 HOURS! 100% REAL EXAM QUESTIONS ANSWERS Microsoft Installing.
Module 9: Preparing to Administer a Server
Module 3: Enabling Access to Internet Resources
Module Overview Installing and Configuring a Network Policy Server
Configuring Windows Firewall with Advanced Security
Securing the Network Perimeter with ISA 2004
Module 9: Preparing to Administer a Server
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Module 2: Installing and Maintaining ISA Server

Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients Advanced Firewall Client Configuration Securing ISA Server 2004 Maintaining ISA Server 2004

Lesson: Installing ISA Server 2004 System and Hardware Requirements for ISA Server 2004 Installation Types and Components Configuration Choices During Installation How to Perform an Unattended Installation of ISA Server 2004 How to Verify an Installation of ISA Server 2004 Default Configuration for ISA Server 2004 How to Modify the ISA Server Installation Upgrade Options from ISA Server 2000 to ISA Server 2004

System and Hardware Requirements for ISA Server 2004 Windows Server 2000 or Windows Server 2003 Windows Server 2000 or Windows Server 2003 CPU RAM 256 MB500 MHz Hard Disk Format NTFS Hard Disk Space 150 MB Internal External

Installation Types and Components

Configuration Choices During Installation

Practice: Installing ISA Server 2004 Installing ISA Server 2004 Internet Den-ISA-01 Den-DC-01

How to Perform an Unattended Installation of ISA Server 2004 Why Use an Unattended Installation of ISA Server? Modifying the Msisaund.ini File [Setup Property Assignment] PIDKEY=xxxxxxxxxxxxxxxxxxxxxxxxx INTERNALNETRANGES= INSTALLDIR=C:\Program Files\Microsoft ISA Server COMPANYNAME=Coho Vineyards DONOTDELLOGS=1 DONOTDELCACHE=1 ADDLOCAL=MSFirewall_Management,MSFirewall_ Services,Message_Screener,MSDE [Setup Property Assignment] PIDKEY=xxxxxxxxxxxxxxxxxxxxxxxxx INTERNALNETRANGES= INSTALLDIR=C:\Program Files\Microsoft ISA Server COMPANYNAME=Coho Vineyards DONOTDELLOGS=1 DONOTDELCACHE=1 ADDLOCAL=MSFirewall_Management,MSFirewall_ Services,Message_Screener,MSDE Running an Unattended Setup D:\Setup.exe /V” /qn FULLPATHANSWERFILE= \”c:\MSISAUND.INI\””

How to Verify an Installation of ISA Server 2004 Verify that the ISA Server services are installed and started Verify that the MSDE services are installed and started Review the setup log files Check the Application Log in the Event Viewer Check for ISA Server Alerts

Only Administrators can modify firewall policies Traffic is routed between the ISA Server and all other networks Traffic between the Internal network, the VPN network, the VPN Quarantine network, and the Internet will use network address translation Traffic is routed between the VPN network and the Internal network Default Configuration for ISA Server 2004 System policy permits access to the ISA Server but access rules deny all network traffic through the ISA Server No servers are published Web Proxy requests will be retrieved directly from the Internet Caching is disabled A rule enabling access to the Firewall Client installation share is configured if you install the Firewall Client installation files Only Administrators can modify firewall policies Traffic is routed between the ISA Server and all other networks Traffic between the Internal network, the VPN network, the VPN Quarantine network, and the Internet will use network address translation Traffic is routed between the VPN network and the Internal network System policy permits access to the ISA Server but access rules deny all network traffic through the ISA Server No servers are published Web Proxy requests will be retrieved directly from the Internet Caching is disabled A rule enabling access to the Firewall Client installation share is configured if you install the Firewall Client installation files

Practice: Verifying the Installation and Default Configuration of ISA Server 2004 Verifying the successful installation of ISA Server 2004 Examining the default installation of ISA Server 2004 Internet Den-ISA-01 Den-DC-01

How to Modify the ISA Server Installation Options

Upgrade Options from ISA Server 2000 to ISA Server 2004 ISA Server 2000 Install ISA Server 2004 ISA Server 2000 Extract the ISA Server 2000 configuration Import the ISA Server Configuration Install ISA Server 2004 In-Place Upgrade Migration

Lesson: Choosing ISA Server Clients Types of ISA Server Clients How to Configure a SecureNAT Client How to Configure Web Proxy Clients Guidelines for Choosing an ISA Server Client

Types of ISA Server Clients Improves the performance of Web requests for internal clients Allows internet access only for authenticated users Does not require you to deploy client software ISA Server Internet Web Proxy ClientFirewall Client SecureNAT Client

SecureNAT clients do not require client installation or client configuration How to Configure a SecureNAT Client On a single subnet network, configure the IP address of the internal network interface as the SecureNAT client default gateway On a multiple subnet network, configure the IP address of the router as the SecureNAT client default gateway

How to Configure Web Proxy Clients

Guidelines for Choosing an ISA Server Client If you need to… Then use… Avoid deploying client software SecureNAT clients Use ISA Server only for forward caching SecureNAT or Web Proxy clients Allow access only for authenticated clients Firewall clients or Web Proxy clients Publish servers on your internal network SecureNAT clients Improve Web performance for non-Windows operating systems SecureNAT or Web Proxy clients

Internet Den-ISA-01 Den-DC-01 Practice: Configuring SecureNAT and Web Proxy Clients Configuring ISA Server to log client connections Configuring and testing a SecureNAT client Configuring and testing a Web Proxy client Den-Clt-01

Lesson: Installing and Configuring Firewall Clients How to Configure Firewall Client Settings The Firewall Client Installation and Configuration Process Options for Automating the Firewall Client Installation

How to Configure Firewall Client Settings

The Firewall Client Installation and Configuration Process The Firewall Client: Uses a common Winsock service provider that other Winsock applications use to connect to application servers Intercepts Winsock client application calls for remote application servers and redirects the request to ISA Server Uses a common Winsock service provider that other Winsock applications use to connect to application servers Intercepts Winsock client application calls for remote application servers and redirects the request to ISA Server Install the Firewall Client: From the Firewall Client share on computer running ISA Server or another network share

Practice: Installing the Firewall Client Configuring the Firewall Client settings on ISA Server Installing the Firewall Client Internet Den-ISA-01 Den-DC-01Den-Clt-01

Options for Automating the Firewall Client Installation SMS package distributed to specific clients using SMS Unattended installation Software package distributed using Group Policies

Lesson: Advanced Firewall Client Configuration Advanced Firewall Client Configuration Options Firewall Client Configuration Files What is the Automatic Discovery Feature?

Advanced Firewall Client Configuration Options Locallat.txt: A client computer-specific file that defines local addresses for that client The client uses its own routing table, the server- specific settings, and the Locallat.txt file to determine the local IP addresses A client computer-specific file that defines local addresses for that client The client uses its own routing table, the server- specific settings, and the Locallat.txt file to determine the local IP addresses Advanced Firewall Client settings: Can configure locally for each user and for each computer Configure changes to Firewall Client.ini files Can configure locally for each user and for each computer Configure changes to Firewall Client.ini files

Firewall Client Configuration Files Application.ini [FW_Client_App] Disable=0 NameResolution=R LocalBindTcpPorts=7777 LocalBindUdpPorts= , RemoteBindTcpPorts=30 RemoteBindUdpPorts= ServerBindTcpPorts= ProxyBindIp=80: , 82: KillOldSession=1 Persistent=1 ForceCredentials=1 NameResolutionForLocalHost=L [FW_Client_App] Disable=0 NameResolution=R LocalBindTcpPorts=7777 LocalBindUdpPorts= , RemoteBindTcpPorts=30 RemoteBindUdpPorts= ServerBindTcpPorts= ProxyBindIp=80: , 82: KillOldSession=1 Persistent=1 ForceCredentials=1 NameResolutionForLocalHost=L

What Is the Automatic Discovery Feature? Where is Lon-ISA-02? DNS or DHCP Server Den-ISA-01 Query DHCP or DNS for a WPAD entry Query DHCP or DNS for a WPAD entry WPAD: Den-ISA-01 Request Configuration File Firewall Client Configuration DNS or DHCP Server Den-ISA-01 Request Configuration File Firewall Client Configuration

Practice: Configuring Automatic Discovery Configure the ISA Server for Automatic Discovery Configure DHCP for Automatic Discovery Configure DNS for Automatic Discovery Internet Den-ISA-01 Den-DC-01 DNS Server DHCP Server Den-Clt-01

Lesson: Securing ISA Server 2004 ISA Server and Defense in Depth About Using Security Templates to Secure the Server Methods for Implementing Security Updates Guidelines for Enabling Only Required Services How to Secure the Network Interfaces Configuring Administrative Roles Best Practices for Securing the Server

User education Policies, Procedures, & Awareness ISA Server and Defense in Depth Security at all levels:  Increases an attacker’s risk of detection  Reduces an attacker’s chance of success Physical Security Guards, locks, tracking devices ACLs, encryption, EFS Application hardening, antivirus OS hardening, authentication, patch management, HIDS OS hardening, authentication, patch management, HIDS Network segments, IPSec, NIDS Firewalls, Network Access Quarantine Control Data Application Operating Systems Internal Network Perimeter

About Using Security Templates to Secure the Server Configure one security template and then apply it to multiple computers, or reapply the template occasionally to the same computers to ensure that the security settings are not changed Use the Security Templates MMC snap-in to apply the security templates to ISA Servers Apply the security template through Group Policies at a domain or organizational unit level

Monitor security updates is to know what security updates are available and the security issues each update is designed to fix Methods for Implementing Security Updates Use tools like Microsoft Baseline Security Analyzer, Windows Update Service, Microsoft Windows Update Services, and Systems Management Server to implement security updates Implement security updates on ISA Server only after thorough evaluation and testing

Guidelines for Enabling Only Required Services Enable only required services Minimize the number of Windows 2000 and Windows Server 2003 built-in services

How to Secure the Network Interfaces Secure the External Network Interface  Disable File and Printer Sharing for Microsoft Networks and Client for Microsoft Networks  Disable NetBIOS over TCP/IP  Disable LMHOSTS lookup  Disable automatic DNS name registration Configure the Internal Network Interface  Disable components if not required

Configuring Administrative Roles Role Description ISA Server Basic Monitoring Monitor ISA Server and network activity Cannot configure monitoring functionality ISA Server Extended Monitoring Can perform all monitoring tasks Can modify monitoring configuration ISA Server Full Administrator Can perform all administrative tasks ISA Server Administrative Roles

Best Practices for Securing the Server Securing ISA Server Do Not Install ISA Server on a Domain Controller Avoid Installing an Internet Edge Server on a Domain Member Rename the Administrator Account Disable Unused Functionality Apply Window Server Security Best Practices Do Not Install ISA Server on a Domain Controller Avoid Installing an Internet Edge Server on a Domain Member Rename the Administrator Account Disable Unused Functionality Apply Window Server Security Best Practices

Practice: Securing the ISA Server Configuring Active Directory for Securing ISA Server Configuring Security on Den-ISA-01 Internet Den-ISA-01 Den-DC-01 Den-Clt-01

Lesson: Maintaining ISA Server 2004 About Monitoring the Server Running ISA Server About Exporting and Importing the ISA Server Configuration About Backing Up and Restoring the ISA Server Configuration Remote Administration Options for ISA Server

About Monitoring the Server Running ISA Server Task Description Monitor Event Viewer Includes information about service failures, application errors, and warnings Use the ISA Server Dashboard Single interface for ISA alerts and performance Review the ISA Server Alerts Includes information about service conditions and error conditions Monitor Connectivity to Network Services Monitor connectivity to Active Directory, DNS servers, internal Web servers, and selected Internet Web servers Monitor Server Performance Use the pre-configured ISA Server Performance Monitor console ISA Server monitoring tasks include

About Exporting and Importing the ISA Server Configuration Use export and import to clone an ISA Server or to save a configuration for troubleshooting or to roll back a configuration change You can export the entire ISA Server configuration, or any individual or group of configuration settings Importing a configuration overwrites all settings from the exported file

About Backing Up and Restoring the ISA Server Configuration Use back up to create a configuration file that can be used for disaster recovery Back up creates a file with the entire ISA Server configuration Restoring a back up overwrites all ISA Server settings

Remote Administration Options for ISA Server Use remote administration to manage physically secured servers or servers in other offices Use Remote Desktop or Terminal Services to manage all settings on the server running ISA Server Configure the server running ISA Server to enable Remote Desktop and configure System Policy to enable remote MMC management Use the ISA Server Management MMC to manage ISA Server settings remotely

Practice: Maintaining ISA Server 2004 Preparing the Client Computer for Remote Administration Preparing ISA Server for Remote Management Remotely administering ISA Server Internet Den-ISA-01 Den-DC-01Den-Clt-01

Lab: Installing and Configuring ISA Server 2004 Exercise 1: Performing an Unattended Installation of ISA Server 2004 Exercise 2: Migrating an ISA Server Configuration Exercise 3: Securing ISA Server 2004 Den-DC-01 Internet Den-ISA-01 Den-ISA-02

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.