»
Dr. Tom Shinder's Configuring ISA Server 2004
 
 

Dr. Tom Shinder's Configuring ISA Server 2004, 1st Edition

 
Dr. Tom Shinder's Configuring ISA Server 2004, 1st Edition,Debra Littlejohn Shinder,Thomas W Shinder,ISBN9781931836197
 
 
Up to
25%
off
 

  &      

Syngress

9781931836197

9780080477404

608

229 X 178

Print Book + eBook

USD 64.14
USD 106.90

Buy both together and save 40%

Print Book

Paperback

In Stock

Estimated Delivery Time
USD 41.21
USD 54.95

eBook
eBook Overview

VST format:

DRM Free included formats: EPub, Mobi, PDF

USD 38.96
USD 51.95
Add to Cart
 
 

Key Features

* This book will provide readers with unparalleled information on installing, confiuguring, and troubleshooting ISA Server 2004 by teaching readers to: * Deploy ISA Server 2004 in small businesses and large organizations.

* Learn how to configure complex DMZ configurations using ISA Server 2004's new network awareness features and built-in multinetworking capabilities.

* Learn how to take advantage of ISA Server 2004's new VPN capabilities!

Description

Dr. Tom and Debra Shinder have become synonymous with Microsoft's flagship firewall product ISA Server, as a result of Tom's prominent role as a member of the beta development team, and Tom and Deb's featured placement on both Microsoft's ISA Server Web site and ISAserver.org. Tom and Deb's book on the first release of the product "Configuring ISA Server 2000" dominated the ISA Server 2000 book market having sold over 40,000 copies worldwide, and the ISA Server community is eagerly awaiting Tom and Deb's book on ISA Server 2004, which is the dramatically upgraded new release from Microsoft.

Dr. Tom and Debra Shinder have become synonymous with Microsoft's flagship firewall product ISA Server, as a result of Tom's prominent role as a member of the beta development team, and Tom and Deb's featured placement on both Microsoft's ISA Server Web site and ISAserver.org. Tom and Deb's book on the first release of the product "Configuring ISA Server 2000" dominated the ISA Server 2000 book market having sold over 40,000 copies worldwide, and the ISA Server community is eagerly awaiting Tom and Deb's book on ISA Server 2004, which is the dramatically upgraded new release from Microsoft. This book will be featured prominently on the ISAserver.org home page as well as referenced on Microsoft TechNet and ISA Server Web pages. Tom and Deb's unparalleled technical expertise combined with prime on-line marketing opportunities will make this the #1 book again in the ISA Server market.

Readership

System administrators in medium to very large computing environments that use the Microsoft Windows 2000 Server operating system and ISA Server 2004.

Candidates have a basic understanding of DNS, FTP, HTTP, HTTPS, IMAP, POP3, RDP, SMTP, and SSL.

Debra Littlejohn Shinder

Debra Littlejohn Shinder is a technology consultant, trainer and writer who has authored a number of books on computer operating systems, networking, and client and server security over the last fourteen years. These include Scene of the Cybercrime: Computer Forensics Handbook, published by Syngress, and Computer Networking Essentials, published by Cisco Press. She is co-author, with her husband, Dr. Thomas Shinder, of the best-selling Configuring ISA Server 2000, Configuring ISA Server 2004, and ISA Server and Beyond. Deb has been a tech editor, developmental editor and contributor on over 20 additional books on networking and security subjects, as well as study guides for Microsoft's MCSE exams, CompTIA's Security+ exam and TruSecure’s ICSA certification. She formerly edited the Element K Inside Windows Server Security journal. She authored a weekly column for TechRepublic’s Windows blog, called Microsoft Insights and a monthly column on Cybercrime, and is a regular contributor to their Security blog, Smart Phones blog and other TR blogs. She is the lead author on Windowsecurity.com and ISAServer.org, and her articles have appeared in print magazines such as Windows IT Pro (formerly Windows & .NET) Magazine. She has authored training material, corporate whitepapers, marketing material, webinars and product documentation for Microsoft Corporation, Intel, Hewlett-Packard, DigitalThink, GFI Software, Sunbelt Software, CNET and other technology companies. Deb specializes in security issues, cybercrime/computer forensics and Microsoft server products; she has been awarded Microsoft’s Most Valuable Professional (MVP) status in Enterprise Security for eight years in a row. A former police officer and police academy instructor, she has taught many courses at Eastfield College in Mesquite, TX and sits on the board of the Criminal Justice Training Center there. She is a fourth generation Texan and lives and works in the Dallas-Fort Worth area.

Affiliations and Expertise

MCSE, Technology consultant, trainer, and writer

View additional works by Debra Littlejohn Shinder

Thomas W Shinder

Dr. Tom Shinder is a 17 year veteran of the IT industry. Prior to entering IT, Dr. Tom graduated from the University of Illinois College of Medicine with a Doctor of Medicine and was a practicing neurologist with special interests in epilepsy and multiple sclerosis. Dr. Tom began his career in IT as a consultant, and has worked with many large companies, including Fina Oil, Microsoft, IBM, HP, Dell and many others. He started his writing career toward the end of the 1990s and has published over 30 books on Windows, Windows Networking, Windows Security and ISA Server/TMG, UAG and Microsoft DirectAccess. For over a decade, ISA Server and TMG were Tom’s passions, and he ran the popular web site www.isaserver.org, in addition to writing 8 books on ISA/TMG. Tom joined Microsoft in December of 2009 as a member of the UAG DirectAccess team and started the popular “Edge Man” blog that covered UAG DirectAccess. He is currently a Principal Knowledge Engineer in the Server and Cloud Division Information Experience Group Solution’s Team and his primary focus now is private cloud - with special interests in private cloud infrastructure and security.

Affiliations and Expertise

Member of Microsoft’s ISA Server Beta Team and Microsoft MVP for ISA Server, Dallas, TX, U.S.A.

View additional works by Thomas W Shinder

Dr. Tom Shinder's Configuring ISA Server 2004, 1st Edition


Chapter 1 Evolution of a Firewall: From Proxy to ISA 2004

The Book: What it Covers and Who It’s For

It’s in the Book: What We Cover

This Book’s For You: Our Target Audience

Security:The New Star of the Show

Security: What’s Microsoft Got to Do with It?

Security: A Policy-Based Approach

Security: A Multilayered Approach

Firewalls:The Guardians at the Gateway

Firewalls: Features and Functionality

Firewalls: Role and Placement on the Network

ISA: From Proxy Server to Full-Featured Firewall

ISA: A Glint in MS Proxy Server’s Eye

ISA: A Personal Philosophy

Summary

Chapter 2 Examining the ISA Server 2004 Feature Set

The New GUI: More Than Just a Pretty Interface

Examining the Graphical Interface

Examining The Management Nodes

Teaching Old Features New Tricks

Enhanced and Improved Remote Management

Enhanced and Improved Firewall Features

Enhanced and Improved Virtual Private Networking and Remote Access

Enhanced and Improved Web Cache and Web Proxy

Enhanced and Improved Monitoring and Reporting

New Features on the Block

Multi-Networking Support

New Application Layer Filtering (ALF) Features

VPN Quarantine Control

Missing in Action: Gone but Not Forgotten

Live Media Stream Splitting

H.323 Gateway

Bandwidth Control

Active Caching

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 3 Stalking the Competition: How ISA 2004 Stacks Up

Firewall Comparative Issues

The Cost of Firewall Operations

Specifications and Features

Comparing ISA 2004 to Other Firewall Products

ISA Server 2004 Comparative Points

Comparing ISA 2004 to Check Point

Comparing ISA 2004 to Cisco PIX

Comparing ISA 2004 to NetScreen

Comparing ISA 2004 to SonicWall

Comparing ISA 2004 to WatchGuard

Comparing ISA 2004 to Symantec Enterprise Firewall

Comparing ISA 2004 to Blue Coat SG

Comparing ISA 2004 to Open Source Firewalls

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 4 ISA 2004 Network Concepts and Preparing the Network Infrastructure

Our Approach to ISA Firewall Network Design and Defense Tactics

Defense in Depth

Defense in Depth

ISA Firewall Fallacies

Software Firewalls are Inherently Weak

You Can’t Trust Any Service Running on the Windows Operating System to be Secure

ISA Firewalls Make Good Proxy Servers, but I Need a “Real Firewall” to Protect My Network

ISA Firewalls Run on an Intel Hardware Platform, and Firewalls Should Have “No Moving Parts”

“I Have a Firewall and an ISA Server”

Why ISA Belongs in Front of Critical Assets

A Better Network and Firewall Topology

Tom and Deb Shinder’s Configuring ISA 2004 Network Layout

How ISA Firewall’s Define Networks and Network Relationships

ISA 2004 Multinetworking

The ISA Firewall’s Default Networks

Creating New Networks

Controlling Routing Behavior with Network Rules

The ISA 2004 Network Objects

ISA Firewall Network Templates

Dynamic Address Assignment on the ISA Firewall’s External Interface

Dial-up Connection Support for ISA firewalls, Including VPN Connections to the ISP

“Network Behind a Network” Scenarios (Advanced ISA Firewall Configuration)

Web Proxy Chaining as a Form of Network Routing

Firewall Chaining as a Form of Network Routing

Configuring the ISA Firewall as a DHCP Server

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 5 ISA 2004 Client Types and Automating Client Provisioning

Understanding ISA 2004 Client Types

Understanding the ISA 2004 SecureNAT Client

Name Resolution for SecureNAT Clients

Understanding the ISA 2004 Firewall Client

ISA 2004 Web Proxy Client

ISA 2004 Multiple Client Type Configuration

Deciding on an ISA 2004 Client Type

Automating ISA 2004 Client Provisioning

Configuring DHCP Servers to Support Web Proxy and Firewall Client Autodiscovery

Configuring DNS Servers to Support Web Proxy and Firewall Client Autodiscovery

Special Considerations for VPN Clients

Automating Installation of the Firewall Client

Configuring Firewall Client and Web Proxy Client Configuration in the ISA Management Console

Group Policy Software Installation

Silent Installation Script

Systems Management Server (SMS)

Summary

Frequently Asked Questions

Chapter 6 Installing and Configuring the ISA Firewall Software

Pre-installation Tasks and Considerations

Performing a Clean Installation on a Multihomed Machine

Default Post-installation ISA Firewall Configuration

The Post-installation System Policy

Performing an Upgrade Installation

Performing a Single NIC Installation (Unihomed ISA Firewall)

Quick Start Configuration for ISA Firewalls

Configuring the ISA Firewall’s Network Interfaces

Installing and Configuring a DNS Server on the ISA Server Firewall

Installing and Configuring a DHCP Server on the ISA Server Firewall

Installing and Configuring the ISA Server 2004 Software

Configuring the Internal Network Computers

Hardening the Base ISA Firewall Configuration and Operating System

ISA Firewall Service Dependencies

Service Requirements for Common Tasks Performed on the ISA Firewall

Client Roles for the ISA Firewall

ISA Firewall Administrative Roles and Permissions

Lockdown Mode

Connection Limits

DHCP Spoof Attack Prevention

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 7 Creating and Using ISA 2004 Firewall Access Policy

Introduction

ISA Firewall Access Rule Elements

Protocols

User Sets

Content Types

Schedules

Network Objects

Configuring Access Rules for Outbound Access through the ISA Firewall

The Rule Action Page

The Protocols Page

The Access Rule Sources Page

The Access Rule Destinations Page

The User Sets Page

Access Rule Properties

The Access Rule Context Menu Options

Configuring RPC Policy

Configuring FTP Policy

Configuring HTTP Policy

Ordering and Organizing Access Rules

How to Block Logging for Selected Protocols

Disabling Automatic Web Proxy Connections for SecureNAT Clients

Using Scripts to Populate Domain Name Sets

Extending the SSL Tunnel Port Range for Web Access to Alternate SSL Ports

Avoiding Looping Back through the ISA Firewall for Internal Resources

Anonymous Requests Appear in Log File Even When Authentication is Enforced For Web (HTTP Connections)

Blocking MSN Messenger using an Access Rule

Allowing Outbound Access to MSN Messenger via Web Proxy

Changes to ISA Firewall Policy Only Affects New Connections

Creating and Configuring a Public Address Trihomed DMZ Network

Allowing Intradomain Communications through the ISA Firewall

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 8 Publishing Network Services with ISA 2004 Firewalls

Overview of Web Publishing and Server Publishing

Web Publishing Rules

Server Publishing Rules

Creating and Configuring Non-SSL Web Publishing Rules

The Select Rule Action Page

The Define Website to Publish Page

The Public Name Details Page

The Select Web Listener Page and Creating an HTTP Web Listener

The User Sets Page

The Web Publishing Rule Properties Dialog Box

Creating and Configuring SSL Web Publishing Rules

SSL Bridging

Importing Web Site Certificates into The ISA Firewall’s Machine Certificate Store

Requesting a User Certificate for the ISA Firewall to Present to SSL Web Sites

Creating an SSL Web Publishing Rule

Creating Server Publishing Rules

Server Publishing HTTP Sites

Creating Mail Server Publishing Rules

The Web Client Access: Outlook Web Access (OWA), Outlook Mobile Access, Exchange Server ActiveSync Option

The Client Access: RPC, IMAP, POP3, SMTP Option

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 9 Creating Remote Access and Site-to-Site VPNs with ISA Firewalls

Overview of ISA Firewall VPN Networking

Firewall Policy Applied to VPN Client Connections

Firewall Policy Applied to VPN Site-to-Site Connections

VPN Quarantine

User Mapping of VPN Clients

SecureNAT Client Support for VPN Connections

Site-to-Site VPN Using Tunnel Mode IPSec

Publishing PPTP VPN Servers

Pre-shared Key Support for IPSec VPN Connections

Advanced Name Server Assignment for VPN Clients

Monitoring of VPN Client Connections

Creating a Remote Access PPTP VPN Server

Enable the VPN Server

Create an Access Rule Allowing VPN Clients Access to Allowed Resources

Enable Dial-in Access

Test the PPTP VPN Connection

Creating a Remote Access L2TP/IPSec Server

Issue Certificates to the ISA Firewall and VPN Clients

Test the L2TP/IPSec VPN Connection

Monitor VPN Clients

Using a Pre-shared Key for VPN Client Remote Access Connections

Creating a PPTP Site-to-Site VPN

Create the Remote Site Network at the Main Office

Create the Network Rule at the Main Office

Create the Access Rules at the Main Office

Create the VPN Gateway Dial-in Account at the Main Office

Create the Remote Site Network at the Branch Office

Create the Network Rule at the Branch Office

Create the Access Rules at the Branch Office

Create the VPN Gateway Dial-in Account at the Branch Office

Activate the Site-to-Site Links

Creating an L2TP/IPSec Site-to-Site VPN

Enable the System Policy Rule on the Main Office Firewall to Access the Enterprise CA

Request and install a Web Site Certificate for the Main Office Firewall

Configure the Main Office ISA Firewall to Use L2TP/IPSec for the Site-to-Site Link

Enable the System Policy Rule on the Branch Office Firewall to Access the Enterprise CA

Request and Install a Web Site Certificate for the Branch Office Firewall

Configure the Main Office ISA Firewall to Use L2TP/IPSec for the Site-to-Site Link

Activate the L2TP/IPSec Site-to-Site VPN Connection

Configuring Pre-shared Keys for Site-to-Site L2TP/IPSec VPN Links

IPSec Tunnel Mode Site-to-Site VPNs with Downlevel VPN Gateways

Using RADIUS for VPN Authentication and Remote Access Policy

Configure the Internet Authentication Services (RADIUS) Server

Create a VPN Clients Remote Access Policy

Remote Access Permissions and Domain Functional Level

Changing the User Account Dial-in Permissions

Changing the Domain Functional Level

Controlling Remote Access Permission via Remote Access Policy

Enable the VPN Server on the ISA Firewall and Configure RADIUS Support

Create an Access Rule Allowing VPN Clients Access to Approved Resources

Make the Connection from a PPTP VPN Client

Using EAP User Certificate Authentication for Remote Access VPNs

Configuring the ISA Firewall Software to Support EAP Authentication

Enabling User Mapping for EAP Authenticated Users

Issuing a User Certificate to the Remote Access VPN Client Machine

Supporting Outbound VPN Connections through the ISA Firewall

Installing and Configuring the DHCP Server and DHCP Relay Agent on the ISA Firewall

Creating a Site-to-Site VPN Between an ISA Server 2000 and ISA Firewall

Run the Local VPN Wizard on the ISA Server 2000 Firewall

Change the Password for the Remote VPN User Account

Change the Credentials the ISA Server 2000 Firewall uses for the Demand-dial Connection to the Main Office

Change the ISA Server 2000 VPN Gateway’s Demand-dial Interface Idle Properties

Create a Static Address Pool for VPN Clients and Gateways

Run the Remote Site Wizard on the Main Office ISA Firewall

Create a Network Rule that Defines the Route Relationship Between the Main and Branch Office

Create Access Rules Allowing Traffic from the Main Office to the Branch Office

Create the User Account for the Remote VPN Router

Test the Connection

A Note on VPN Quarantine

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 10 ISA 2004 Stateful Inspection and Application Layer Filtering

Introduction

Application Filters

The SMTP Filter and Message Screener

The DNS Filter

The POP Intrusion Detection Filter

The SOCKS V4 Filter

The FTP Access Filter

The H.323 Filter

The MMS Filter

The PNM Filter

The PPTP Filter

The RPC Filter

The RTSP Filter

Web Filters

The HTTP Security Filter (HTTP Filter)

The ISA Server Link Translator

The Web Proxy Filter

The SecurID Filter

The OWA Forms-based Authentication Filter

The RADIUS Authentication Filter

IP Filtering and Intrusion Detection/Intrusion Prevention

Common Attacks Detection and Prevention

DNS Attacks Detection and Prevention

IP Options and IP Fragment Filtering

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 11 Accelerating Web Performance with ISA 2004 Caching Capabilities

Understanding Caching Concepts

Web Caching Types

Web Caching Architectures

Web Caching Protocols

Understanding ISA Server 2004’s Web Caching Capabilities

Using the Caching Feature

Understanding Cache Rules

Understanding the Content Download Feature

Configuring ISA Server 2004 as a Caching Server

Enabling and Configuring Caching

How to Configure Caching Properties

Creating Cache Rules

Configuring Content Downloads

Summary

Fast Track

Frequently Asked Questions

Chapter 12 Using ISA Server 2 004’s Monitoring,Logging, and Reporting Tools

Introduction

Exploring the ISA Server 2004 Dashboard

Dashboard Sections

Configuring and Customizing the Dashboard

Creating and Configuring ISA Server 2004 Alerts

Alert-triggering Events

Viewing the Predefined Alerts

Creating a New Alert

Modifying Alerts

Viewing Triggered Alerts

Monitoring ISA Server 2004 Connectivity, Sessions, and Services

Configuring and Monitoring Connectivity

Monitoring Sessions

Monitoring Services

Working with ISA Server 2004 Logs and Reports

Understanding ISA Server 2004 Logs

Generating, Viewing, and Publishing Reports with ISA Server 2004

Using ISA Server 2004’s Performance Monitor

Solutions Fast Track

Frequently Asked Questions

Appendix A: Network Security Basics is available at www.syngress.com/solutions

Download the bonus chapter “Configuring Entperprise Networks, Caching Arrays, and Network Load Balancing,” from www.syngress.com/solutions after the release of ISA Server 2004 Enterprise Edition.

Index






 
 
Save up to 25% on all Books
Shop with Confidence

Free Shipping around the world
▪ Broad range of products
▪ 30 days return policy
FAQ

Contact Us