664 INDEX options, software, installing, 48-49 ordered-list questions (ExamGear, Training Guide Edition software), 639 ordered-tree questions (ExamGear, Training Guide Edition software), 640 outbound Internet access alerts, 146 authentication, 158 caching, 145 configuring, 161-163 client access problems, troubleshooting, 169-172 client addresses, configuring, 152 custom HTML error messages, 158-160 destination address sets, configuring, 153 hierarchical access, configuring, 161 LAT, 166 local domain tables, 166 outgoing Web request properties, configuring, 147-148 packet filters, 143 policy elements, creating, 149-151 post-installation default settings, 136-138, 140-146 publishing, 145-146 routing, 144-145 rules, 146-160 bandwidth rules, 164-165 content, 153-154 evaluation, 149 protocol rules, 154-157 routing rules, 167 sites, 153-154 server chains, 168 single system configuration, 160 tools, 146-160 Outgoing Web request properties, 403 authentication methods, 148 configuring, 147-148 connections, 147 listeners, 147 P packet filters, 17, 143, 312, 482 default packet filters, 313 IP routing, 312 logging, allowing, 424 properties, configuring/enabling, 316-317 rules, configuring, 312, 314-317 packet-based access problems, troubleshooting, 373-375 pass-throughs, VPNs, configuring for, 274-275 performance analyzing logging, 468-469 reporting, 468-469 reports, 451-458 optimizing, 459-464, 468-470 performance counters, 465-466 Performance Monitor ISA Server, optimizing, 464-466 performance analysis, 460-461 performance monitoring, configuring, 461-462 perimeter arrays, distributed caching, 59 perimeter networks firewalls, considerations, 328-330 publishing, 330 permissions access policies, 368 configuring, 140-141 default security group file permissions, 460 object permissions, 137-141 Read permissions, limiting, 138 Service permissions, 141 phone number rules, H.323 Gatekeeper, configuring, 224-225 ping of death attacks, 18, 430 planning networks, 47-49, 51, 53-57 35 index 6/5/01 1:29 PM Page 664 INDEX 665 policies access policies configuring, 370-371 Enterprise, 369-371 functional framework, 364-367 permissions, 368 and/or array policies, 16 arrays, 341 bandwidth policies, configuring, 370-371 configuring, 346-347 Array level, 35-36 Enterprise level, 35-36 creating, 483 destination sets, 32 elements, 484 creating, 369-370 outbound Internet access, creating, 149-151 Enterprise ISA Server, 488 enterprise policies, scope, 340-341 modifying, 347 policy elements, creating, 369-370 policy-based rules, 31-36 ports autodiscovery port, 403 Outgoing Web request port, 403 testing, 440-442 well-known, 432 post-installation default settings, 136-146 post-installation process, 479-480 Practice Exam mode (ExamGear, Training Guide Edition software), 628-631 compared to Study Mode, 634-635 starting, 635 preinstallation network configuration, 58-63 preinstallation process, 478 pretesting yourself (study tips), 499 preparations for exam, 500 learning as a process, 497 study tips, 498, 500-501 active-study strategies, 498 common-sense strategies, 499 macro and micro strategies, 498 pretesting yourself, 499 processing rules, 372-373 processors, minimum system requirements, 54 promoting Enterprise ISA Server, 488 standalone servers, 348-349 properties configuring, 403 packet filters, configuring/enabling, 316-317 protocol definitions, 32 protocol filters, H.323 Gatekeeper, 212 protocol rules, 32-33 outbound Internet access, configuring, 154-157 protocols H.323, 209-210 Mapping, selecting, 198 Proxy DenySitesSet, 123 Proxy DomainFilter, 123 proxy packet filters, 122 Proxy Server. See Microsoft Proxy 2.0 Server PSTN (Public Service Telephone Networks), 209 publishing, 492 outbound Internet access, 145-146 perimeter network servers, 330 requirements, 54, 479 SSL bridging, 492 Web publishing, 492 publishing servers. See server publishing Q-R question types (ExamGear, Training Guide Edition software), 636 drag and drop, 637-638 hot spot, 641 multiple choice, 637 ordered list, 639 ordered tree, 640 simulations, 640-641 35 index 6/5/01 1:29 PM Page 665 666 INDEX Questions tab (Item Review screen), ExamGear, Training Guide Edition software, 643-645 RAM (random access memory) controlling caching, 469-470 minimum system requirements, 53 Read permissions, limiting, 138 Real-Time Control Protocol (RTCP), 209 Real-Time Protocol (RTP), 209 registering ExamGear, Training Guide Edition software, 630 registration admission and status, H.323 Gatekeeper, 213-214 registration database, H.323 Gatekeeper, 212-213 registration process, H.323 Gatekeeper, 214-215 Registry, performance optimization, 459-460 relays, preventing, 196 remote access authentication, 486 remote administration, 56, 253-254 remote clients, Routing and Remote Access Service, connecting, 246 Remote Procedure Call (RPC) filters, 33, 482 removing. See deleting, uninstalling reports, 485 application usage reports, 37, 456-457, 485 configuring, 37 dates, 453 ISA Server, analysis, 451-458 performance, analyzing, 468-469 reports within reports, 453-454 security reports, 37, 458, 485 summaries, generation, 452 Summary reports, 37, 455, 485 traffic and utilization reports, 37, 457-458, 485 Web usage reports, 37, 455-456, 485 requirements ExamGear, Training Guide Edition software, 629 for certification, 620 MCDBA, 620-621 MCP, 620 MCSD, 622-624 MCSE, 621-622 MCT, 624 restricting management, 341 retired certifications, 620 reverse caching, 20-21 Root CAs, installing and configuring, 290-291 routing, 494 modifying, 401-402 outbound Internet access, 144-145 Routing and Remote Access Service, 246 Routing and Remote Access Service dial-on-demand connections, 249-252 interoperability, 487 ISA Server, compared, 245-248 remote clients, connecting, 246 routing, 246 static routes, 247-248 troubleshooting, 250-252 routing rules, outbound Internet access, configuring, 167 RPC filters, 33, 320 RRAS. See Routing and Remote Access Service RTCP (Real-Time Control Protocol), 209 RTP (Real-Time Protocol), 209 rule processing, H.323 Gatekeeper, 215-216 rules application filters, 33 bandwidth rules, 33, 36-37 call routing rules, H.323 Gatekeeper, 223-228 default, 483 dial-up routing rules, creating, 240-241 outbound Internet access, 146-160 bandwidth rules, 164-165 evaluation, 149 routing rules, 167 packet filters, configuring, 312-317 processing order, 372-373 protocol rules, 33 rule processing, H.323 Gatekeeper, 215-216 server publishing, creating, 197 35 index 6/5/01 1:29 PM Page 666 INDEX 667 site and content rules, 33 Web publishing, configuring, 187-188 S scalibility arrays, configuring, 350-355 CARP, 350-351 scheduling, 32 caching, 22-23 exams, 619 logging, 463 Internet access, creating, 151 Secure (security level), 19 SecureNAT (secure network address translation) clients, 15-16, 386 configuring, 407 NAT client, compared, 386 PPTP filters, 275 security alerts, 433-435 authentication, 485-486 firewalls, system hardening, 321-327 group file permissions, 460 intrusion detection, configuring, 429-433 levels, 19 logs, 485 configuring, 424-428 monitoring alerting, 423-435 logging, 423-435 reports, 37, 458, 485 troubleshooting, 436-442 Security Configuration Wizard, 19 Select and Place questions (ExamGear, Training Guide Edition software), 638 server address mapping, identifying, 198 server certificates, 189-190 server chains, configuring, 168 server placement, 58 server proxy, configuring for, 193-197 content filtering, 195-197 DNS, 194 mail proxy, 194 server publishing configuring for, 197-200 perimeter networks, 199 Service permissions, 141 Services, H.323 Gatekeeper, 212 setup logs, reviewing, migration, 117-118 Shields Up utility, 441 simulation questions (ExamGear, Training Guide Edition software), 640-641 site and content rules, 32-33 site placement, 58 site rules, outbound Internet access, configuring, 153-154 SMTP (Simple Mail Transfer Protocol) filters, 34, 195-197, 482 SMTP buffer overrun attacks, 195 SOCKS filters, 34, 321, 482 software installing, options, 48-49 users, needs, 48 SSL bridging, 492 SSL requests, redirecting, Web publishing, 190-193 standalone CA, certificates, requesting, 292-295 standalone servers, promoting, 348-349 Standard ISA Server, 29-30 installing, 80-82 stateful inspection, 18 static routes, Routing and Remote Access Service, 247-248 status, alerts, monitoring, 435 storage formats, logs, 424 streaming media filters, 34, 482 Study Mode (ExamGear, Training Guide Edition soft- ware), 628, 631 compared to Practice Exam mode and Adaptive Exam mode, 634-635 starting, 632-634 35 index 6/5/01 1:29 PM Page 667 668 INDEX study tips, 498, 500-501 active-study strategies, 498 common-sense strategies, 499 exams, preparation, 500-501 learning as a process, 497 macro and micro strategies, 498 pretesting yourself, 499 study tools, ExamGear, Training Guide Edition software, 627-628 summaries, reports, generation, 452 Summary reports, 37, 455, 485 system hardening, firewalls, configuring, 321-327 system requirements See also, minimum system requirements ExamGear, Training Guide Edition software, 629 hardware, 53-54 interoperability, 51-53 system-hardening templates, 19 T T-120, H.323 Gatekeeper, 210 TCP/IP network cards, configuring, 61 telnet ports, testing, 440-442 Terminal services, interoperability, 487 testing connectivity, 62 ports, 440-442 tools, 495 VPNs, 272-274 time limit on exams, 500 time management options (ExamGear, Training Guide Edition software), 642-643 tools outbound Internet access, 146-160 testing, 495 traffic and utilization reports, 37, 457-458, 485 trainers. See MCT troubleshooting access problems, 372-375 authentication, 413-414 autodetection, 412-413 clients, 411-412 dial-on-demand connections, 238-242 dial-up connections, 243, 245 firewalls, access, 330-331 ISA Server installation, 94-98 network usage, 436-442 outbound Internet access, 169-172 Routing and Remote Access Service, 250-252 security, 436-442 U UDP bomb attacks, 18, 430 unattended setup, ISA Server installation, 90-92 Uninstall program, running, 95 uninstalling ExamGear, Training Guide Edition software, 630-631 ISA Server, 98-99 updates, ExamGear, Training Guide Edition software, 647-648 upgrading, Microsoft Proxy 2.0 Servers, 111-124 upstream servers, 239 user-based access problems, troubleshooting, 373-375 users, 32 needs, 48 rejecting, 197 V verification certificates, 296 ISA Server installation, 96-97 VPN Allow Wizard, 270-272 35 index 6/5/01 1:29 PM Page 668 INDEX 669 VPNs (Virtual Private Networks), 19, 269, 494 configuring as VPN endpoints, 269-274 for pass-throughs, 274-275 endpoints, configuring for, 275-289 Gateway to Gateway VPNs, 494-495 hardware requirements, 56 L2TP over IPSec VPNs, 297 Microsoft certificate services, configuring, 289-292 testing, 272-274 W W3C format, logs, 425 Web Proxy Autodiscovery Protocol (WPAD), 402 Web proxy clients, 12, 15, 386-387, 408 Web publishing, 492 CARP (Cache Array Routing Protocol), enabling, 188 configuring, 184-193 authentication methods, 189-190 destination sets, 186 listeners, 186-187 rules, 187-188 server certificates, 189-190 HTTP requests, redirecting, 190-193 SSL requests, redirecting, 190-193 Web sites ExamGear, Training Guide Edition software, checking, 647 Microsoft Certified Professional, 619 Microsoft Training and Certification, 620 Web usage reports, 37, 455-456, 485 Win Proxy Automatic Discover (WPAD) protocol, 393 Windows 2000 install error message, 114 Windows NT 4.0 domains, interoperability, 487 Windows out-of-band attacks, 18 WinNuke attacks, 429 wizards Add Destination Wizard, 224 ISA VPN Wizard, 276-283 Mail Server Security Wizard, 194 New Filter, 314 Security Configuration Wizard, 19 VPN Allow Wizard, 270-272 WPAD (Web Proxy Autodiscovery Protocol), 393, 402 35 index 6/5/01 3:47 PM Page 669 35 index 6/5/01 1:29 PM Page 670 VOICES THAT MATTER HOW TO CONTACT US VISIT OUR WEB SITE On our web site, you’ll find information about our other books, authors, tables of contents, and book errata.You will also find information about book registration and how to purchase our books, both domestically and internationally. EMAIL US Contact us at: nrfeedback@newriders.com • If you have comments or questions about this book • To report errors that you have found in this book • If you have a book proposal to submit or are interested in writing for New Riders • If you are an expert in a computer topic or technology and are interested in being a technical editor who reviews manuscripts for technical accuracy Contact us at: nreducation@newriders.com • If you are an instructor from an educational institution who wants to preview New Riders books for classroom use. Email should include your name, title, school, depart- ment, address, phone number, office days/hours, text in use, and enrollment, along with your request for desk/examination copies and/or additional information. Contact us at: nrmedia@newriders.com • If you are a member of the media who is interested in reviewing copies of New Riders books. Send your name, mailing address, and email address, along with the name of the publication or web site you work for. BULK PURCHASES/CORPORATE SALES If you are interested in buying 10 or more copies of a title or want to set up an account for your company to purchase directly from the publisher at a substantial discount, contact us at 800-382-3419 or email your contact information to corpsales@pearsontechgroup.com. A sales representative will contact you with more information. WRITE TO US New Riders Publishing 201 W. 103rd St. Indianapolis, IN 46290-1097 CALL/FAX US Toll-free (800) 571-5840 If outside U.S. (317) 581-3500 Ask for New Riders FA X : (317) 581-4663 WWW.NEWRIDERS.COM WWW.NEWRIDERS.COM TG BM 8x9.25 6/5/01 3:43 PM Page 1 New MCSE Candidates (Who Have Not Already Passed Windows NT 4.0 Exams) Must Take All 4 of the Following Core Exams: Exam 70-210: Installing, Configuring and Administering Microsoft ® Windows ® 2000 Professional Exam 70-215: Installing, Configuring and Administering Microsoft Windows 2000 Server Exam 70-216: Implementing and Administering a Microsoft Windows 2000 Network Infrastructure Exam 70-217: Implementing and Administering a Microsoft Windows 2000 Directory Services Infrastructure Core Exams The Road to MCSE Windows 2000 The new Microsoft Windows 2000 track is designed for information technology professionals working in a typically complex computing environment of medium to large organizations. A Windows 2000 MCSE candidate should have at least one year of experience implementing and administering a network operating system. MCSEs in the Windows 2000 track are required to pass five core exams and two elective exams that provide a valid and reliable measure of technical proficiency and expertise. See below for the exam information and the relevant New Riders title that covers that exam. MCPs Who Have Passed 3 Windows NT 4.0 Exams (Exams 70-067, 70-068, and 70-073) Instead of the 4 Core Exams at Left, May Take: Exam 70-240: Microsoft Windows 2000 Accelerated Exam for MCPs Certified on Microsoft Windows NT 4.0. (This accelerated, intensive exam, which will be available until December 31, 2001, covers the core competencies of exams 70-210, 70-215, 70-216, and 70-217.) ISBN 0-7357-0979-3 ISBN 0-7357-0965-3 ISBN 0-7357-0968-8 ISBN 0-7357-0966-1 ISBN 0-7357-0976-9 ISBN 0-7357-0988-2 or MCSE Training Guide: Core Exams (Bundle) PLUS - All Candidates - 1 of the Following Core Elective Exams Required: *Exam 70-219: Designing a Microsoft Windows 2000 Directory Services Infrastructure *Exam 70-220: Designing Security for a Microsoft Windows 2000 Network *Exam 70-221: Designing a Microsoft Windows 2000 Network Infrastructure PLUS - All Candidates - 2 of the Following Elective Exams Required: Any current MCSE electives (visit www.microsoft.com for a list of current electives) (Selected third-party certifications that focus on interoperability will be accepted as an alternative to one elective exam. Please watch for more information on the third-party certifications that will be acceptable.) *Exam 70-219: Designing a Microsoft Windows 2000 Directory Services Infrastructure *Exam 70-220: Designing Security for a Microsoft Windows 2000 Network *Exam 70-221: Designing a Microsoft Windows 2000 Network Infrastructure Exam 70-222: Upgrading from Microsoft Windows NT 4.0 to Microsoft Windows 2000 *Core exams that can also be used as elective exams may only be counted once toward a certification; that is, if a candidate receives credit for an exam as a core in one track, that candidate will not receive credit for that same exam as an elective in that same track. ISBN 0-7357-0983-1 ISBN 0-7357-0982-3 ISBN 0-7357-0984-X ISBN 0-7357-0983-1 ISBN 0-7357-0982-3 ISBN 0-7357-0984-X WWW.NEWRIDERS.COM TG BM 8x9.25 6/5/01 3:43 PM Page 2 ISBN: 0735709882 4 books in slipcase US $149.99 ISBN: 1562059297 1450 pages US $49.99 ISBN: 0735711356 Available November 2001 900 pages US $49.99 ISBN: 073570984X 906 pages US $49.99 ISBN: 0735709912 500 pages US $39.99 Inside Windows 2000 Server William Boswell “I can’t believe how many great books these people publish. Inside Windows 2000 is an extremely thorough reference for anyone deploying or supporting Windows 2000. Don’t try to read it cover to cover. It is much too exhaustive for that. It is my primary reference for Windows 2000 issues.” —An online reviewer Windows 2000 Security Roberta Bragg “Roberta Bragg is one of the foremost experts on security. I got this book based on her repu- tation and was not disappointed. Security has a lot of dark pas- sages that can lose you, but this book, since it is dedicated to Win2K, covers all topics in a clear, concise format. It is good for secu- rity novices and experts. I have used it to not only understand principles but to gather reference information. An excellent book!” —An online reviewer MCSE Training Guide (70-220) Windows 2000 Network Security Design Roberta Bragg Exam 70-220, Designing Security for a Windows 2000 Network tests the skills required to ana- lyze the business requirements for security and design a secu- rity solution that meets business requirements. Security includes controlling access to resources, auditing access to resources, authentication, and encryption. Ideal for professionals looking for comprehensive self-study materials to get through the exam successfully. Exam 70-220 is one of the required core elective exams. Inside ASP.NET Scott Worley Inside ASP.NET is a comprehen- sive guide to ASP.NET develop- ment using Microsoft's .NET development framework. This book presents information on the .NET framework that is of specific interest to Internet and intranet developers. Each chapter tackles a specific area of ASP.NET development, first by giving a detailed overview, then presenting a series of code examples and walk-throughs that illustrate various applications of ASP.NET. The chapters conclude with an indepth look inside that particular area of ASP.NET. MCSE Training Guide Windows 2000 Core Exams Bundle Get all the core requirements of the MCSE 2000 exam track in one place! This bundle contains four Training Guides, one covering each of the four required exams. Each book is held up to the rigor- ous standards of New Riders and each title contains a companion CD-ROM with ExamGear, Training Guide edition, which helps to extend your study and offers premium exam preparation content. OTHER NEW RIDERS TITLES TG BM 8x9.25 6/5/01 3:44 PM Page 3 . software), 638 server address mapping, identifying, 198 server certificates, 189-190 server chains, configuring, 168 server placement, 58 server proxy, configuring. 430 unattended setup, ISA Server installation, 90-92 Uninstall program, running, 95 uninstalling ExamGear, Training Guide Edition software, 630-631 ISA Server, 98-99 updates,