Installing and Maintaining ISA Server - PowerPoint PPT Presentation

View by Category
About This Presentation
Title:

Installing and Maintaining ISA Server

Description:

Installing and Maintaining ISA Server Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies Plan the ... – PowerPoint PPT presentation

Number of Views:253
Avg rating:3.0/5.0
Slides: 37
Provided by: phucdangF
Learn more at: http://phucdang.files.wordpress.com
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Installing and Maintaining ISA Server


1
Installing and Maintaining ISA Server
2
Planning an ISA Server Deployment
  • Understand the current network infrastructure
  • Review company security policies
  • Plan the required network infrastructure
  • Plan for branch office installations
  • Plan for availability and fault tolerance
  • Plan for access to the Internet
  • Plan the ISA Server client implementation and
    deployment
  • Plan for server publishing
  • Plan for VPN deployment
  • Plan the implementation

3
Network Infrastructure Requirements
  • DNS
  • Domain controllers
  • DHCP

4
Domain Name System Requirements
  • To connect to resources on the Internet, client
    computers must be able to resolve the DNS names
    for servers on the Internet to IP addresses
  • To enable access to Internet resources, ensure
    that all client computers can resolve Internet
    DNS names
  • You can use
  • Internal DNS Server
  • External DNS Server

5
Domain Controller Requirements
  • restrict access to Internet resources based on
    user accounts
  • require authentication before users can access
    published servers
  • ISA Server provides several options for
    authenticating the users

6
Dynamic Host Configuration Protocol Requirements
  • DHCP is not required to support an ISA Server
    infrastructure
  • it is highly recommended to simplify network
    management.
  • The advantage of using DHCP is that it can
    provide the IPconfiguration for all the client
    computers on your network automatically. This can
    make your ISA Server deployment much more
    efficient.

7
Operating System Requirements
  • System and Hardware Requirements for ISA Server
    2006
  • ISA Server can be installed on standard,
    Intel/AMD-based server hardware.

Component Requirement
OS Windows Server 2003 with SP1 or higher
Processor Single 733MHz Pentium III equivalent Memory 512MB of memory
Disk Space 150MB available (for installation of ISA software)
Network Cards / ISDN Adapter / Modem One OS-compatible card per connected network
8
Guidelines for Installing ISA Server, Standard
Edition
  • To Configure the ISA Server Network Interfaces
  • The Internal Interface
  • Perimeter Network Interfaces

9
Choosing an ISA Server Client
  • ISA Server Client Options
  • Firewall clients
  • SecureNAT clients
  • Web Proxy clients

10
What Is a Firewall Client
  • The Firewall client computer uses the Firewall
    Client application when initiating connections to
    the ISA Server computer

11
What Is a Firewall Client
  • The advantages of using Firewall clients
  • Firewall clients enable user or group based
    access control and logging
  • When a Firewall client connects to ISA Server,
    the Firewall service automatically authenticates
    the user.
  • the Firewall Client software can configure the
    Web Proxy browser automatically.

12
What Is a Firewall Client
  • Must install the Firewall Client software on the
    client computers
  • a large number of client computers in
    organization and have no means of automating the
    client installation, it will require a
    significant effort to deploy the clien
  • The Firewall client can only be installed on
    Windows computers

13
What Is a SecureNAT Client
  • Do not have Firewall Client software.
  • The clients must be able to route requests for
    Internet resources through the ISA Server
    computer
  • configure the default gateway on the SecureNAT
    clients and configure network routing, so that
    all traffic destined to the Internet is sent
    through the ISA Server computer.

14
What Is a SecureNAT Client
  • When a SecureNAT client connects to the ISA
    Server computer, the request is directed first to
    the NAT driver, which substitutes the external IP
    address of the ISA Server computerfor the
    internal IP address of the SecureNAT client.
  • The client request is then directed to the
    Firewall service to determine whether access is
    allowed.
  • Finally, therequest may be filtered by
    application filters and other extensions.

15
What Is a SecureNAT Client
  • SecureNAT clients have other advantages
  • SecureNAT clients also provide almost as much
    functionality as Firewall clients
  • Requests from SecureNAT clients can be passed to
    application filters, which can modify the
    requests to enable handling of complex protocols.
  • SecureNAT can use the Web Proxy service for Web
    access filtering and caching
  • Any operating system that supports Transmission
    Control Protocol/Internet Protocol
  • (TCP/IP) can be configured as a SecureNAT client

16
What Is a SecureNAT Client
  • SecureNAT clients have two primary limitations
  • You cannot control access to Internet resources
    based on users and groups
  • SecureNAT clients may not be able to use all
    protocols

17
Example
18
Example
Located on the Branch Office Network The client computers must be configured with Router3 as the default gateway. Router3 must be configured with Router2 as the default gateway. Router2 must be configured to route Internet requests to Router1. Router1 must be configured to route Internet requests to the ISA Server computer
Located on Main Office Network2 or Main Office Network1 The client computers must be configured to route all Internet requests to Router1. Router1 must be configured to route Internet requests to the ISA Server computer.
19
What Is a Web Proxy Client?
  • A Web Proxy client is a client computer that has
    an HTTP 1.1compliant Web browser application and
    is configured to use the ISA Server computer as a
    Web Proxy server.
  • do not have to install any software to configure
    Web Proxy clients.
  • must configure the Web applications on the client
    computers to use the ISA Server computer as a
    proxy server

20
How to Configure ISA Server for Web Proxy Clients
  • The first step in enabling Web Proxy clients is
    to configure the ISA Server computer to allow
    connections from these clients.

21
Configuring Web Proxy Clients Manually
22
How to Configure Web Proxy Clients
23
Guidelines for Choosing ISA Server Clients
If You Need To Then Use
Avoid deploying or configuring client software SecureNAT clients
Use ISA Server only for accessing Web resources using HTTP or HTTPS SecureNAT or Web Proxy clients
Allow access only for authenticated clients Firewall clients or Web Proxy clients
Publish servers that are located on your Internal network SecureNAT clients
Improve Web performance in an environment with non-Windows operating systems Web Proxy or SecureNAT clients
24
Configuring the SecureNAT and Web Proxy Clients
  • Configuring SecureNAT Clients to Route Internet
    Requests

25
Installing and Configuring the Firewall Client
  • How to Install Firewall Client
  • Use folder client in ISA server. Run file
    setup.exe
  • To enable Automatic Discovery of the ISA
  • Server computer, select Automatically Detect The
    Appropriate ISA Server Computer.

26
Installing and Configuring the Firewall Client
can enable or disable the Firewall Client and
configure it to detect the ISA Server computer
automatically or configure the ISA Server
computer manually.
27
Installing and Configuring the Firewall Client
  • To deploy the Firewall Client to a large number
    of clients, choose to automate the Firewall
    Client installation.
  • Using Active Directory Group Policy to Distribute
    the Firewall Client

28
Securing ISA Server 2006
  • defense-in-depth
  • A defense-in-depth security strategy means that
    you use multiple levels of defense to secure your
    network

29
Securing ISA Server 2006
  • Policies, procedures, and awareness
  • Physical security Ensure that only authorized
    personnel can gain physical access to the
    resources.
  • Perimeterconnecting point between the Internet
    and the internal network is as secure as
    possible, options for providing this security
    include firewalls or multiple firewalls
  • Internal networks Even if the perimeter is
    secure, you must still ensure thatthe internal
    networks are secure for cases in which the
    perimeter is compromised or when the attacker is
    within the organization.
  • Operating systems
  • Applications
  • Data

30
How to Secure the Network Interfaces
  • To secure ISA Server, begin by securing the
    network interfaces connected to the server.
  • Securing the External Network Interface
  • Securing the Internal Network Interface
  • Using Security Templates to Manage Services
  • Implementing Security Templates

31
Maintaining ISA Server 2006
  • How to Export and Import the ISA Server
    Configuration
  • Exporting the ISA Server Configuration

32
How to Export and Import the ISA Server
Configuration
  • Cloning a server export a configuration from
    one ISA Server computer and then import the
    settings on another computer
  • Saving a partial configuration export and import
    any part of the ISA Server configuration a
    single rule, an entire policy, or an entire
    configuration
  • Sending a configuration fo troubleshooting
  • Rolling back a configuration change

33
Exporting the ISA Server Configuration
  • The entire ISA Server configuration
  • All the connectivity verifiers, or one selected
    connectivity verifier
  • All the networks, or one selected network
  • All the network sets, or one selected network
    set
  • All the network rules, or one selected network
    rule
  • All the Web chaining rules, or one selected Web
    chaining rule
  • Cache configuration
  • All the content-download jobs, or one or more
    selected content-download jobs
  • The entire firewall policy, or one selected rule

34
Importing the ISA Server Configuration
  • Open ISA Server Management.
  • Select the object whose settings you want to
    import. You must select the correct
  • type of object for the configuration file that
    you are using.
  • On the Tasks tab, click the import task. The
    exact name for the task will vary,
  • depending on the type of object that you
    selected.
  • Select the exported .xml file and click Import.
  • Click Apply to apply the changes and click OK
    when the changes have been
  • applied.

35
How to Back Up and Restore the ISA Server
Configuration
  • Open ISA Server Management and click the server
    name. The option to back up
  • and restore the ISA Server configuration is
    available only when you select the
  • server name.
  • On the Tasks tab, click Backup This ISA Server
    Configuration.
  • Enter a file name for the backup file and click
    Backup.
  • You must provide a password for the ISA Server
    backup
  • To restore the backup, click the server name in
    ISA Server Management. Then
  • click Restore this ISA Server Configuration and
    select the appropriate ISA Server
  • backup file.
  • Click Apply to apply the changes and click OK
    when the changes have been
  • applied.

36
(No Transcript)
About PowerShow.com