Print

Microsoft®
Internet Security &

Acceleration Server
Microsoft®
Internet Security &
Acceleration Server 2006
Part I:
Introduction to
ISA Server
Microsoft®
Internet Security &
What is ISA Server?
 ISA Stands for: Internet Security and
Acceleration Server.
 ISA Server is Microsoft’s Software-
Based Firewall, Web-Proxy, Web-
Caching, and Virtual Private
Networking solution.
Microsoft®
Internet Security &
What ISA Server Does?
 Core functions of ISA are to work as:
• Firewall: Defend the internal network from
the external network
• Proxy Server: Limit and monitor the internet
and network access
• Web Cache Server: Improve internet browsing
speed for users
• Virtual Private Network Solution: Allow
trusted users outside a network to gain access
to internal network resources
Microsoft®
Internet Security &
What is a Firewall?
 A Firewall is a network component that
blocks all unauthorized access to the
network and allows the permitted ones.
 Firewalls are of two types:
• Hardware-Based Firewalls
• Software-Based Firewalls
Microsoft®
Internet Security &
What are Hardware-Based Firewalls?
 Hardware-Based Firewalls are network
device that filter internet-traffic.
 These firewalls inspect each arriving packet
and accept or reject it based on the
information specified in the packet.
 These firewalls work on the first three
layers of the OSI model (Physical,
Data-link, Network).
Microsoft®
Internet Security &
What are Hardware-Based Firewalls?
 Hardware-Based Firewalls are a great first-
line of defense that protect against
unauthorized incoming traffic.
 This type of firewalls are static in nature
and does not provide high customization.
Microsoft®
Internet Security &
What are Software-Based Firewalls?
 Software-Based Firewalls are computer
software that provide firewall services.
 Software Firewalls provide a Graphical
User Interface for firewall management.
 Software Firewalls are far more
customizable than Hardware Firewalls.
 Software Firewalls are preferred to be used
alongside Hardware Firewalls.
Microsoft®
Internet Security &
Example of a Software-Based Firewall
Microsoft®
Internet Security &
What is a Web-Proxy Server?
 A Web-Proxy Server acts as an
intermediary when clients send request
to seek resources over the internet.
 The Proxy Server evaluates client’s
request based on set rules and either
validate or discard the request.
Microsoft®
Internet Security &
Purposes of Web-Proxy Server
 Web-Proxy Server may be used for
following purposes:
• Keep computers behind it anonymous
• Scan web contents before delivering
• Speed-up access to web resources
• Apply access policies to web resources
• Audit Date Usage
Microsoft®
Internet Security &
What is a Web-Cache Server?
 Web-Cache Server is a computer that
stores web documents, each request,
so that they can be easily accessed next
time.
 Web-Cache is used to save bandwidth,
server load, and to decrease the load
time for web documents.
Microsoft®
Internet Security &
Virtual Private Networking
 Virtual Private Network is a type of
network that uses internet to provide
remote access to the clients.
 Virtual Private Network reduce overall
costs and spread the network wider.
 Virtual Private Network may cause
security issues which demands more
attention to security.
Microsoft®
Internet Security &
Outlaying the ISA Advantage
 In addition to a firewall, ISA can work as
a fully functional VPN, Proxy, Web-
Cache, Intrusion Detection Solution.
 ISA is installed on a base Windows
operating system.
 ISA reduces Administrative Overhead &
Potential Errors with Simplified
Management Tools.
Microsoft®
Internet Security &
 Microsoft has worked closely with
several hardware vendors to offer pre-
built and pre-hardened ISA Server 2006
Hardware Appliances.
 These servers look like traditional
firewalls and come pre-built with quick-
restore CDs, and a pre-secured
Windows Server 2003 installed.
Microsoft®
Internet Security &
 The Pre-built, Pre-hardened ISA dedicated
hardware provide the following
advantages:
• Reduced Installation Time
• Simplified Recovery
• Specialized Devices for enhanced VPN
Appliances, Caching Servers, Intrusion
Detection Capabilities.
Microsoft®
Internet Security &
Part II:
Installation of
ISA Server
Microsoft®
Internet Security &
Part II: Installation of ISA Server
ISA Server
Prerequisites
Microsoft®
Internet Security &
ISA Server Hardware Prerequisites
 ISA Server can be installed on any
standard, Intel/AMD-based server
hardware.
 An ideal ISA Server implementation has
redundant components, enough
memory and processor speed to allow
for any type of ISA functionality.
Microsoft®
Internet Security &
ISA Server Hardware Prerequisites
 ISA Server 2006 implementation should
ideally be run on server-class hardware.
 The power of hardware required depends
upon the services expected from ISA.
 ISA server that solely acts as a firewall
does not need as much processor
overhead as one that also performs web
caching and VPN connectivity.
Microsoft®
Internet Security &
Minimum Hardware Requirements for ISA
Component Requirement
OS Windows Server 2003 with SP1 or higher
Processor Single 733MHz Pentium III equivalent
Memory 512MB of memory
Disk Space 150MB available
Network Cards / ISDN Adapter / Modem One OS-compatible card per connected
network
Note: The requirements mentioned in this list support the deployments

of100 rules or less and support lesser clients.
Microsoft®
Internet Security &
ISA Server Operating System Prerequisites
 The ISA Server software itself requires
Windows Server 2003 SP1 (or latest) on
which to run on.
 Reasons for Windows Server dependency:
• Cumulative security updates
• Higher default security and privilege reduction
• Security Configuration Wizard
• Support for DEP (Data Execute Protection)
hardware
Microsoft®
Internet Security &
Part II: Installation of ISA Server
Installing
ISA Server 2006
Microsoft®
Internet Security &
Installation of ISA Server 2006
 Insert the ISA Server CD.
 A Dialog box will open up.
 Click on Install ISA Server 2006 to start the
installation
Microsoft®
Internet Security &
At the Welcome screen, click Next to continue.

Microsoft®
Internet Security &
Read the license agreement & select I Accept and click Next.
Microsoft®
Internet Security &
Enter username, organization name, serial number. Next to continue.

Microsoft®
Internet Security &
Choose Custom and click Next to continue.

Microsoft®
Internet Security &
Choose All Features and click Next to continue.

Microsoft®
Internet Security &
Click Add to add network address range.

Microsoft®
Internet Security &
Click Add Adapter, choose your Adapter, click OK

Microsoft®
Internet Security &
Click Next to continue

Microsoft®
Internet Security &
Click Next to continue

Microsoft®
Internet Security &
Click Install to begin installation

Microsoft®
Internet Security &
Wait for the installation to complete

Microsoft®
Internet Security &
Press Finish to end installation.

Microsoft®
Internet Security &
Part III: Exploring ISA Server Tools
Exploring ISA Server
Management Console
Microsoft®
Internet Security &
Exploring ISA Console Panes
 Scope Pane: Displays the Console Tree a navigation component that
helps to quickly change between the various nodes
Microsoft®
Internet Security &
 Details Pane: Displays information specific to the node itself, such as
server log activity, firewall rules, and other server status items.
Microsoft®
Internet Security &
 Task Pane: Displays common tasks and wizards that can be invoked
also contains different options available in the particular node.
Microsoft®
Internet Security &
Let’s go for a demo
Microsoft®
Internet Security &
Part IV:
Deploying ISA Server
as a Firewall
Microsoft®
Internet Security &
Default Network Templates
 ISA Server 2006 streamlines the way
that networks, network rules, and
firewall rules are applied to new
servers by including default templates.
 These templates define what role an
ISA server holds and sets up the
appropriate types of access to match
that role.
Microsoft®
Internet Security &
Default Network Templates
 The network templates that are in ISA
Server 2006 Standard Edition are:
• Edge Firewall
• 3-Leg Perimeter
• Front Firewall
• Back Firewall
• Single Network Adapter
Microsoft®
Internet Security &
Edge Firewall Template VPN
Clients
 This template configures ISA as a
dual-NIC system.
 First NIC facing the Internet.
 Second NIC facing the Internal
ISA Server
Network. Edge Firewall
 This template is the traditional
deployment model for ISA Server. Internal
Network
Microsoft®
Internet Security &
3-Leg Perimeter Template VPN
Clients
 This template configures ISA as a
system with three NIC DMZ
 First NIC facing the Internet.

 Second NIC facing the Internal
ISA Server
Network. Edge Firewall
 Third to be connected to a Perimeter
(DMZ) network. Internal
Network
Microsoft®
Internet Security &
Front Firewall Template VPN
Clients
 This template deploys ISA server as a

dual-NIC.
ISA Firewall
 ISA Server has to work with a Back
Firewall.
DMZ
 ISA Server protects DMZ.
 Back Firewall protects the Internal Back Firewall
Network.
Internal Network
Microsoft®
Internet Security &
Back Firewall Template VPN
Clients
 This template deploys ISA server as a

dual-NIC.
Front Firewall
 ISA Server has to work with a Back
Firewall.
DMZ
 ISA Server protects Internal Network.
 Back Firewall protects the DMZ. ISA Firewall
Internal Network
Microsoft®
Internet Security &
Single Network Adapter Template
 Configures ISA Server with a single
network adapter.
 This template is commonly deployed
for caching-only servers or for
reverse-proxy capabilities.
ISA Server
 This configuration is quite common Firewall
for securing services such as web
sites. Internal Network
Microsoft®
Internet Security &
Deploy ISA Server as Edge Firewall
 Open the ISA Server Management
Console and select the Networks node.
 Select the Templates tab in the Tasks
pane.
 Click on Edge Firewall from the list of
templates
 At the Welcome dialog box, click Next
to continue.
Microsoft®
Internet Security &
 Ignore the Export dialog box and click
Next to continue.
 At the subsequent dialog box, which
allows for the internal network to be
configured, click Add Adapter.
 Check the box for the network card
that is attached to the internal
network.
Microsoft®
Internet Security &
 When finished adding all IP ranges that
should compose the internal network,
click Next to continue.
 The subsequent dialog box allows for
the creation of a default policy that
create firewall rules based on the
needs of the organization.
Microsoft®
Internet Security &
 Select the Allow Limited Web Access
and Access to ISP Network Services
policy. Click Next to continue.
 Review the options and click Finish.
 Click the Apply button that appears in
the upper portion of the Details pane.
 Click OK at the configuration
confirmation dialog box.
Microsoft®
Internet Security &
Edit Firewall Policies
 Select the Firewall Policies from the
scope pane.
 Choose the Firewall Policy, that you
want to edit, from the Detail Pane.
 Click Edit System Policy from the Task
Pane.
 Now you can modify the details of the
Selected Firewall Policy.
Microsoft®
Internet Security &
Create a Network Rule
 Network Rules define relationships
between networks and their
behaviors.
 Select the Network from the
Configuration node in the scope pane.
 Click on Tasks tab in the Task Pane.
 Click on Create a Network Rule.
Microsoft®
Internet Security &
 Enter a descriptive name for the
network rule and click Next to continue.
 On the Network Traffic Sources dialog
box, click Add.
 Select the network or network set that
will be added as a source of the rule
and then click Add, Close, and Next to
continue.
Microsoft®
Internet Security &
 For destination, click Add and perform
the same process, this time for the
destination network , click Next when
complete.
 Select the type of relationship to
configure, NAT or Route, click Next.
 Review the settings and click Finish.
Click Apply and then click OK.
Microsoft®
Internet Security &
Part V:
Deploying ISA Server
as a Cache Server
Microsoft®
Internet Security &
Deploying ISA as Web Cache Server
 By default, content caching is not
enabled on an ISA server.
 It must be turned on to enable an ISA
server to provide for web-caching
capabilities.
 Turning on this functionality is as
straightforward as defining the size of
the cache drive.
Microsoft®
Internet Security &
ISA, Web Cache Server Setup
 From the ISA Management Console,
select the Cache node.
 In the Tasks pane, select the Tasks tab
and click on the link entitled Define
Cache Drives (Enable Caching).
 Define the size of the cache drive
 Click the Set button to save the changes
and then click OK.
Microsoft®
Internet Security &
ISA, Web Cache Server Setup
 Click Apply in the Central Details pane.
 When prompted, select to Save the
Changes and restart the services. Click
OK.
 Click OK when the changes are
complete.
Microsoft®
Internet Security &

Print

Caricato da

Informazioni sul documento

Descrizione originale:

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Print

Caricato da

Copyright:

Formati disponibili

Microsoft®

Internet Security &

Note: The requirements mentioned in this list support the deployments

At the Welcome screen, click Next to continue.

Enter username, organization name, serial number. Next to continue.

Choose Custom and click Next to continue.

Choose All Features and click Next to continue.

Click Add to add network address range.

Click Add Adapter, choose your Adapter, click OK

Click Next to continue

Click Next to continue

Click Install to begin installation

Wait for the installation to complete

Press Finish to end installation.

 First NIC facing the Internet.

 This template deploys ISA server as a

 This template deploys ISA server as a

Potrebbero piacerti anche