Вы находитесь на странице: 1из 12

.

Win2k Microsoft Internet Security and Acceleration ISA


. MSProxy
.
. ISA
. ISA
. ISA

. alikia@mail.com

1
. ISA
Firewall - 2 Cache -1
Cache Ftp Http Request Caching
Cache Server
.
Cache
: Caching
) ISA : Automatic & Scheduled Caching (1
Expire TTL Cache (
) ISA . Update
. (
. ISA Update
. Update
Web Server ISA : Reverse Caching (2
Cache
. Internet Cache Web Server
. Web Server

Transparent Proxy Base ISA :Transparent Cache (3


. . Cache
ISA Cache ISA Cache : Distributed and Hierarchical Caching (4
Cache ISA . Array .
ISA Server Cache Object .
Root System " . Cache
Object " ISA Server
Cache Array Routing CARP . ISA Server
. Array Client Protocol

Firewall
Firewall . Firewall
Cisco PIX Firewall .
:

ISA Firewall MicroSoft


.
: Firewall ISA
, Policy ISA : -1
. Filter Packet Protocol

(Application Network ) Packet -2


. DNS
ISA . Intrusion Detection ISA -3
ISA Hack
. Port Scan ISA .

2
: ISA
. Policy -1
.(Bandwidth (Qos -2
Windows Windows Linux :
ISA Bandwidth . Bandwidth
Bandwidth Cisco Routers Linux .
.
.VPN -3
. Webserver Publish -4
Webserver Intenet Webserver Publish
. ISA
. Webserver " Internet
(NetMeeting ) . IP :H.323 GateKeeper -5
.Monitoring & Alerts -6
(Http (ver 1.1 :
Win95 Client Firewall ISA . WebProxyClient
- ISA SecureNAT Client Client .
.
: ISA Server
. ISA Server : Stand-alone -1
:
. . Firewall Caching . Dialup Connection :
Stand-alone . Enterprise Policy .
ISA ISA Stand alone :Single Point of Failure . Internet
. Active Directory :Enterprise Array -2
. ISA Server Array
Array . Cache Array "
. Domain Array .
. Domain Array
:
.Enterprise Policy ISA Server :No Single Point of Failure .
:
. . . , , -

" ISA Server (Hierarchical Caching) :Array Chains


. Client ISA Server Cache

WebServer :Publishing
. ISA "
: Publish
Security .
. Publish Reverse Caching : Publish
. ISA Server . .

3
:(Demilitarized Zone) DMZ
IP IP
. (Local Address Table)LAT DMZ IP .
: DMZ "
DMZ , ISA NIC :Tree homed DMZ (1
.
ISA :Back to Back DMZ-2
. . DMZ
. , . ISA
:ISA Server
Caching, . Standard Edition Enterprise ISA Server
. Integrted Firewall
Cache HTTP FTP Request Caching
.
. Firewall
. Ientegrated
Security . NTFS Caching :
. NTFS Drive
Cache NTFS MB100 ISA
Cache " . MB150 .
. MB5
Cache
. Cache Size Cache

Cache Cache Size
. GB50 Cache Size " ! . Server
! URL GB50 Cache Server URL
. Cache

Lan) . Request Cache Size


" Dialup . Cache Size (Dialup
. Request 0.02 . Browse %90
. Dialup Peak Request Rate
Peak Request Rate =(Number of Lines) X.02
Browse %10 " Lan
. Lan Peak Request Rate . Request 0.002
Peak Request Rate = (Number of Lan Users) X .002
. Request Rate Cache Size
. Cache Size
Cache Size(MB) = (request rate) X 432
MB268 " Cache Size Dialup 30 Lan 10 "
. Performance Cache Server !
: ISA Microsoft
Cache Size = [100 MB + (n/2)]
Cache Size 40 . Client n
Cache Size " . MB120
.
GB10 . URLCache Cache ISA
Cache . Cache
. GB10
:(Local Address Table)AT
LAT ,IP ISA . IP
. LAT IP ISA .

4
:ISA Policy
. Internet Policy Administrator
.
. ....
Policy Policy Policy
: ISA Policy .
. Policy ( ) :Schedules -1
HostName IP Range :Destination Sets -2
Wild . ( )
. ( ? *) Cards
:Configure Client Address Sets -3
.
Allow :Protocol Definition -4
Http , FTP, MSN, . ISA . Deny
. . ... Telnet , SMTP
:Bandwidth Priorities -5
, Policy
.

:Content Groups -6
.
" Dialup Connection :Dialup Entries -7
. Deny Allow
:Array & Enterprise Policy
. Policy Array Enterprise Policy Array
:
. Array (EP)Enterprise Policy -1
Array Policy -2
.
EP Domain Admins Enterprise Admins User -3
.
Array Administrator Array Policy -4
.
. Policy -5
deny Policy . Policy -6
. Override Allow Policy
:ISA

Cache

ISA Data Client


:
. Array Policy Enterprise Policy ISA -1
Cache ISA -2
. Client
ISA Cache -3
. Client , Cache ( Time to Live)TTL
ISA , Expire Cache -4
. Client Cache
(Cache Array Routing Protocol)CARP
. Array ISA Server Cache
Cache " Array ISA Client
ISA Server Cache !
ISA Server Array ISA Client .
ISA Server CARP
. CARP (Internet Cache Protocol)ICP . Client
Proxy Server ICP
. Cache Server
:ICP CARP
URL " CARP . CARP -1
.
Cache . LAN CARP -2
. Search

Hierarchical Caching Array Chains :


.

5
Negative Caching
ISA . Expire Cache Object ( ) TTL
. Expire
ISA , Expire Cache
. Update Cache
Object Server
Expire ISA Cache Configuration Properties Advanced
. Client Cache
Active Caching
Active Caching . ISA
Cache Expire TTL
.
Scheduled Content Download
ISA
Cache Download
.
) . Job :
(
FIREWALL
Data Firewall ISA "
. Application Packet
. ... Access Policy , IP Packet Filtering, Intrusion Detection , Application Filters, LAT , LDT
Application Filters
Firewall . Winsock ISA
, Winsock ISA Data
.
(Local Domain Table)LDT
Domain
Resolve IP Client Client . ISA Local Domain
LDT Client ISA, DNS Query
Network LDT . Internet DNS DNS
. Configuration
Domain LDT :
. *.domainname
System Hardening
ISA
: . Security
, Caching Firewall ISA :Secure -1
.
. Caching Firewall ISA :Limited Services -2
. Firewall :Dedicated -3
Access Policy IP Packet Filter System Hardening
. Secure your ISA Server , Computer

. View/Taskpad Consol
. Secure Computers

6
ISA Authentication
. Authenticate ISA Client
: Authenticate ISA
. Clear text Password Username :Basic -1
Password Username Data :Digested -2
Security Encrypt Password .
.
. Kerberos V.5 :Windows Integrated -3
. Passthrough Authentication ISA
Kerberos . Authenticate WebServer Client
Downstream Client .
. Downstream Chain
. Chain Upstream Array
Application Filters
" Filter Application Filter Array Extensions
Http Redirector . ISA
Request " . Request
. (Redirect) www.hotmail.com www.yahoo.com
) ! (Yahoo ")
Yahoo www.yahoo.com
!( ISP
.
Array
. Array Arrays Servers
. Array Domain Array
Right-Click Array . Array Policy
. Array Properties
:Policy Tab
Array Enterprise Policy Tab
Array Level Policy , Publishing Rules Option
. Packet Filtering
Client ISA Server Outgoing Web Requests "
.
IP Array Server Default :
.
ISA Incoming Web Requests
.
. Default :

7
ISA Array Chain
Array . Chain Array
Properties , Network Configuration Array . Chain
. Chain Array

Upstream Array Chain to this computer


.
:Setting Up ISA Clients
: Client ISA
Client :Firewall Clients -1
Winsock Compatible . Client ISA Server
dll . Win2k Win9x , Me, NT4.0 OS
, Winsock , Compatible Firewall Clients
ISA Redirect , ISA
.
Secure NAT Client Firewall Client Client :Secure NAT -2
High Level . Firewall " .( ... Linux , Macintash )
. User Level Authentication Protocols
Support HTTP 1.1 Web Browser Client :WebProxy -3
. Caching . WebProxy Client
. Support HTTP 1.1 Netscape 3.0 IE 3.0 :
Firewall Client
Client . Share ISA Server MSPClient Firewall Client Default
. Setup Folder
! ISA Server :
: Firewall Client
. Setup :Firewall.txt -1
Firewall Client Folder :Setupbin -2
. Remove
. LAT : MSPLAT.txt -3
. Update MSPAdmin
ISA ) Firewall Client : MSPClient.ini -4
Firewall Client . ( Client Configuration
6 " . Update Start Client
. Updating Client
Winsock Application Dos Utility :Chkwsp32 -5
. Firewall Client
ISA Web Server ISA Server Client :
Firewall Client Browser
ISA Client Configuration . Manually
. Client MSPClient.ini
Client ISA Server IP :Secure NAT Client
. Default Gateway
Proxy ISA Client Web Browser :Client Web Proxy
.
:Automatic Discovery
Client Web Proxy
. Set Proxy Browser
.

DHCP Server Manually Browser Proxy


, ... IP , Subnet Mask IP Client Option
R-Click Server DHCP . Web Proxy
Option Add . Set Predefined Options
:
Name: WPAD (Web Proxy Automatic Discovery)
Data Type: String
Code: 252
: Value . Ok
http://wpad/wpad.dat
ISA Alias DNS Server ( wpad) wpad
ISA Server IP wpad Server
.
Publish Automatic Discovery Port wpad :
: .
http://wpad:80/wpad.dat
Array Server wpad :Publishing Automatic Discovery
Array Server ISA . Automatic Discovery Publish
. Automatic Discovery Properties
" (MSPLat.txt ) Client LAT :
. Overwrite .
MSPLat.txt LocalLat.txt
Browser Proxy . Overwrite
IP Client Option DHCP Server Manually
. Web Proxy , ... IP , Subnet Mask
. Set Predefined Options R-Click Server DHCP
: Option Add
Name: WPAD (Web Proxy Automatic Discovery)
Data Type: String
Code: 252
: Value . Ok
http://wpad/wpad.dat
ISA Alias DNS Server ( wpad) wpad
ISA Server IP wpad Server
.
Publish Automatic Discovery Port wpad :
: .
http://wpad:80/wpad.dat
Array Server wpad :Publishing Automatic Discovery
Array Server ISA . Automatic Discovery Publish
. Automatic Discovery Properties
" (MSPLat.txt ) Client LAT :
. Overwrite .
MSPLat.txt LocalLat.txt
. Overwrite

8
:Packet Filtering
Access Policy Packet Filtering Array Enterprise Policy
. Filter Packet ,Packet Filtering Array
Port Win2k Default Filtering Filtering
Packet Filters Tab Array Packet Filtering . Dynamic
:
:Enable filtering of IP fragments (1
( ) Fragment Packet Hacker
Firewall Packet .
ISA Option .
. Packet
. Media Stream :
:Enable IP Filtering Options (2
Option Packet Header
. Hacker .
. Packet
:Log packets from allow Filters (3
Packet ISA
. " Log Log
:DMZ Static Filter
Static Filter DMZ Server
DMZ Publish Server Packet
Filter New IP Packet Filters .
. Filter
Builtin Hacking 6 ISA :Intrusion Detection
(. Properties IP Packet Filtering ) Intrusion Detection
.
:Windows out of band(WinNuke) (1
NetBIOS Session Service ) . TCP 139 Hacker
Packet Hacker ( . .
! Networking Windows
:Land(2
Packet Hacker
Hacker ! Packet
.
Packet Hacker :Ping of Death (3
") Packet ( Echo ICMP)Ping
! Crash Kernel buffer overflow , (. Byte65536 , Byte64
:IP half scan (4
. Ack Hack
Packet , Ack
. Hacker
:UDP Bomb(5
Packet UDP Packet Hacker
.
:Port Scan (6
Hacking Packet Hacker
) . Port

. Scan Hacker (.
. Port Scan ISA

:Creating & Managing Routing Rules


Client Rule Routing
. Data
Rule ) Internet Rule Default
Rule . Rule .( Delete
Cache Site Client
. ISA Upstream
Rule ISA . Rule
. Rule Rule Default.
:Bandwidth Rules & Application Filters
User Bandwidth Rules
. Site Protocol
.
. ( Quality of Service )Qos
Rule . Edit Delete Rule Default
:
Destination Set -1
Schedule -2
Specific users or groups -3
Protocol -4
Content Rule -5
Priority -6
:Bandwidth Priorities
200 1 Elements Policy
. Rules Bandwidth
. Bandwidth Effective
Priority kbps 100
.
:Bandwidth Effective
Rule Bandwidth Priority ISA
Internet
.
Properties Bandwith Rules Connection
Dial-up Internet .
. Elements Policy Dial-up Properties
:
Dial-up .
. kbps 30 28 Internet 33.600
:ISA Application & Web Filters
. Packet Extentions
default Application Filters
. ... RPC , FTP , HTTP Packet
Third- . Default Web Filters
. Party
(. )

:Publishing

. Rceverse Caching Publishing
Incomming Tab Array Server properties
. Publish Application Server Webserver Publishing
Web Server Web Rublishing Rules
Rule Default Publish
.
:
Incoming Connection 80 , 443 Port Outgoing Connection 8080 , 8443 Port ISA
. SSL , HTTP
:Internet
ISA ISA Client
Rule . Access Policy
Deny Rule Allow Protocol Rules Site & Content
. .
Routing Rule Bandwidth Rule .
. Rule
:
HTTP 6PM www.Farstec.com User
. Access Policy .
Ali Data . Bandwidth Priority Routing Rule
) Data . Cache
. Data Routing Rule (www.Farstec.com
Bandwidth Download www.Farstec.com Data
.

alikia@mail.com

Оценить