What is ISA Server:-
ISA server is a upgraded version of Microsoft proxy server 2.0 with inbuilt FIREWALL
PROXY FIREWALL
Proxy server :- It’s a server which emulates as a web server
192.168.1.2
Client Proxy Server
192.168.1.1
Zoom.com
Internet
HACKING : - Taking over your resources or attempt to bring down your server
Types of ATTACK: -
1. Foot printing:- The way to know the OS and IP of server
2. Scanning:- Scanning system for bugs and loopholes
3. DOS Attacks: - Denial Of Service
4. Exploits: - Writing scripts to bring down server
5. Trojans: - Sending viruses to steal the DATA
6. Port Scan: - Scanning ports for getting into applications
ETC………
Types of Attacks
1. Foot Printing The Art of gathering the complete security profiles of an Organization or a Target Computer
By using a combination of Tools and Techniques, The Hacker can take up the system and determine itsIp address and Domain names
Types of Attacks
2. Scanning
Scanning the System for Bugs and Loopholes in O/S
Hacker uses scanning technique to determine which PortsAre open, what services are running and what is the O/S
E.G: RETINA, Shadow Security scanner, ANSIL etc
Types of Attacks
3. DOS Attack
Denial of Service attack which is an attempt to get the Services or the server down by overflowing the buffer
E.G: Win spoof 97, My Spoof
Types of Attacks
4. Exploits
Exploits are usually Bugs in Applications or O/S which can be Exploited by using a piece of Code often referred as Scripts
E.G: CGI scripts, Perl scripts etc
Types of Attacks
5. Trojan Horses
Trojan Horses is program that pretends to be a useful toolBut actually installs malicious or damaging software
Trojan Horses can be used to take over the Remote System. Sending viruses to steal the Data
E.G. Netbus , Bo2k
Types of Attacks
6. Port Scanner
Scanning the port to get into the Application
E.G: Port Scanner, etc
What is a Firewall : - A firewall protects networked computers from
intentional hostile intrusions
Software Firewall : -
Hardware Firewall : -
ISA Server
Checkpoint
Smooth wall
Cisco Pix
Watch Guard
Multicom Ethernet II…..
Types of FIREWALL
Packet Filtering
e.g.. ROUTERS
Controls data transfer based on
Source & Destination IP Address TCP/UDP Port of Source & Destination IP Address
Packets are allowed or dropped through the device depending on the Access Control List
Application Gateway
eg. PROXY SERVER
Packets are allowed based on type of application and IP address
Filter Application specific commands such as: HTTP:GET and POST etc
Application level Gateways can also be used to: To Log User Activity and Logins
Statefull Multilayer Inspection
This is a full fledged firewall which combines the aspects of other two types of firewalls and is capable of intrusion detection server publishing etc….
eg. ISA SERVER
Flavors of ISA Server
Standard Edition Enterprise Edition
Server Deployment Standalone only Multiple server with Centralized Management
Policy based
Support
Local only Enterprise and Array policies
Scalability 4 cpu’s only No limit
ISA Server requirements : -
1. Member server or Domain Controller
2. Service pack 1 or above
3. Two interface (public and private)
4. Routing and Remote Access
5. Pentium III 300MHz or above
6. 256 Mb Ram
7. 20 Mb of Hard Disk space on NTFS 5.0
Array considerations
Arrays allow a group of ISA Server computers to be treated and managed as a single, logical entity.
They provide scalability, fault tolerance, and load balancing
All array members must be in the same Windows 2000 domain and in the same site
Array Stand-alone server
Scalability and fault tolerance
Can have one or more member servers.
Limited to only one member.
Active Directory requirement
Must be installed only in Windows 2000 domains with Active Directory installed.
No need for 2000 Domain Can be installed in Windows NT 4.0 domains. Configuration information is stored in the registry.
Enterprise policy Yes. A single policy can be applied to all arrays in the enterprise.
No. Only a local array policy can be applied.
Enterprise Vs Standalone Policies
Enterprise
Tiered Policy ISA Server Enterprise Edition supports two levels of policy: array level and enterprise level
Array
ISA SERVER MODES
1. Firewall mode
ISA SERVER MODES
1. Firewall mode
2. Cache mode
ISA SERVER MODES
1. Firewall mode
2. Cache mode
3. Integrated mode
Key features
1. Internet Firewall (Intrusion detection)
Key features
1. Internet Firewall (Intrusion detection)2. Secure Server Publishing
Key features
1. Internet Firewall (Intrusion detection)2. Secure Server Publishing3. Web Caching Server
Key features
1. Internet Firewall (Intrusion detection)2. Secure Server Publishing3. Web Caching Server4. Secure NAT
Key features
1. Internet Firewall (Intrusion detection)2. Secure Server Publishing3. Web Caching Server4. Secure NAT5. Integrated VPN
Key features
1. Internet Firewall (Intrusion detection)2. Secure Server Publishing3. Web Caching Server4. Secure NAT5. Integrated VPN6. Tiered-Policy Management
Key features
1. Internet Firewall (Intrusion detection)2. Secure Server Publishing3. Web Caching Server4. Secure NAT5. Integrated VPN6. Tiered-Policy Management7. QOS(Quality Of Service)
Key features
1. Internet Firewall (Intrusion detection)2. Secure Server Publishing3. Web Caching Server4. Secure NAT5. Integrated VPN6. Tiered-Policy Management7. QOS(Quality Of Service)8. Multiprocessor Support
Key features
1. Internet Firewall (Intrusion detection)2. Secure Server Publishing3. Web Caching Server4. Secure NAT5. Integrated VPN6. Tiered-Policy Management7. QOS(Quality Of Service)8. Multiprocessor Support9. Client Side Auto Discovery
Key features
1. Internet Firewall (Intrusion detection)2. Secure Server Publishing3. Web Caching Server4. Secure NAT5. Integrated VPN6. Tiered-Policy Management7. QOS(Quality Of Service)8. Multiprocessor Support9. Client Side Auto Discovery10. Web Filters
Key features
1. Internet Firewall (Intrusion detection)2. Secure Server Publishing3. Web Caching Server4. Secure NAT5. Integrated VPN6. Tiered-Policy Management7. QOS(Quality Of Service)8. Multiprocessor Support9. Client Side Auto Discovery10. Web Filters11. Alerts
Types of Client
1. SECURE NAT Clients
2. WEB Clients
3. FIREWALL Clients
Access is Controlled based on :-
1. Client address sets
2. Destination sets
3. Protocols
4. Bandwidth priorities