Module 4: Configuring ISA Server as a Firewall Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System Policies Configuring Intrusion Detection and IP Preferences Lesson: Using ISA Server as a Firewall What Is a TCP/IP Packet? What Is Packet Filtering? What Is Stateful Filtering? What Is Application Filtering? What Is Intrusion Detection? How ISA Server 2004 Filters Network Traffic Implementing ISA Server 2004 as a Firewall What Is a TCP/IP Packet? Destination Address: 0003FFD329B0 Source Address: 0003FFFDFFFF Destination Address: 0003FFD329B0 Source Address: 0003FFFDFFFF Network Interface Layer Network Interface Layer Physical payload Physical payload Destination: 192.168.1.1 Source: 192.168.1.10 Protocol: TCP Destination: 192.168.1.1 Source: 192.168.1.10 Protocol: TCP Internet Layer Internet Layer IP payload IP payload Destination Port: 80 Source Port: 1159 Sequence: 3837066872 Acknowledgment: 2982470625 Destination Port: 80 Source Port: 1159 Sequence: 3837066872 Acknowledgment: 2982470625 Transport Layer Transport Layer TCP payload TCP payload HTTP Request Method: Get HTTP Protocol Version: =HTTP/1.1 HTTP Host: =www.contoso.com HTTP Request Method: Get HTTP Protocol Version: =HTTP/1.1 HTTP Host: =www.contoso.com Application Layer Application Layer Web Server Web Server ISA Server ISA Server Packet Filter Packet Filter What Is Packet Filtering? Is the … Source address allowed? Destination address allowed? Protocol allowed? Destination port allowed? What Is Stateful Filtering? Web Server Web Server ISA Server ISA Server Web Server Web Server Connection Rules Create connection rule Is packet part of a connection? What Is Application Filtering? ISA Server ISA Server Get www.contoso.com Get www.contoso.com Respond to client Respond to client Get method allowed? Get method allowed? Does the response contain only allowed content and methods? Does the response contain only allowed content and methods? Web Server Web Server What Is Intrusion Detection? ISA Server ISA Server Alert the administrator Alert the administrator All ports scan attack All ports scan attack Port scan limit exceeded Port scan limit exceeded How ISA Server 2004 Filters Network Traffic TCP/IP TCP/IP Firewall Engine Firewall Engine Firewall Service Firewall Service Application Filters Application Filters Web Proxy Filter Web Proxy Filter Rules Engine Rules Engine Web Filters Web Filters Stateful and protocol filtering Stateful and protocol filtering Application filtering Application filtering Kernel mode data pump Kernel mode data pump 2 2 3 3 4 4 Packet filtering Packet filtering 1 1 Implementing ISA Server 2004 as a Firewall To configure ISA Server as a firewall: To configure ISA Server as a firewall: Determine perimeter network configuration Configure networks and network rules Configure system policy Configure intrusion detection Configure access rule elements and access rules Configure server and Web publishing Determine perimeter network configuration Configure networks and network rules Configure system policy Configure intrusion detection Configure access rule elements and access rules Configure server and Web publishing [...]... Preferences Configuration Options IP preferences are used to: Block or enable network traffic that has an IP option flag set  You can block all packets with IP options, or selected packets Block or enable network traffic where the IP packet has been split into multiple IP fragments  Blocking IP fragments may affect streaming audio and video, and L2TP over IPSec traffic Enable or disable IP routing ... IP Preferences About Intrusion Detection Configuration Options Intrusion detection on ISA Server 20 04: Compares network traffic and log entries to well-known attack methods and raises an alert when an attack is detected Detects well-known IP attacks Includes application filters for DNS and POP that detect intrusion attempts at the application level How to Configure Intrusion Detection About IP Preferences... Network Template Wizard Modifying Rules Applied by Network Templates What Is a Perimeter Network? Perimeter Network Firewall Firewall Internet Internal Network Why Use a Perimeter Network? A perimeter network provides an additional layer of security: Between the publicly accessible servers and the internal network Between the Internet and confidential data or critical applications stored on servers on...Practice: Applying Firewall Concepts In this practice, you will analyze three scenarios describing an organization’s network security requirements and determine what firewall functionality is required in each scenario Lesson: Examining Perimeter Networks and Templates What Is a Perimeter Network? Why Use a Perimeter Network? Network Perimeter Configurations About Network Templates How to...  With IP routing enabled, ISA Server forwards IP packets between networks without recreating the packet How to Configure IP Preferences Practice: Configuring Intrusion Detection Modify the default intrusion detection configuration Test intrusion detection Gen-Web-01 Den -ISA- 01 Internet Den-Clt-01 Den-DC-01 Lab: Configuring ISA Server as a Firewall Exercise 1: Restoring Firewall Access Rules Exercise... Network Template Testing Internet Access Gen-Web-01 Den -ISA- 01 Den-Clt-01 Den-DC-01 Internet Lesson: Configuring System Policies What Is System Policy? System Policy Settings How to Modify System Policy Settings What Is System Policy? System policy is: A default set of access rules applied to the ISA Server to enable management of the server A set of predefined rules that you can enable or disable as required... Perimeter Network LAN Deploy the Edge Firewall template Deploy the 3-Leg Perimeter template Deploy the Front-End or Back-End template LAN Back-to-back configuration Perimeter Network LAN Deploy the Single Network Adapter template for proxy and caching only How to Use the Network Template Wizard Modifying Rules Applied by Network Templates You may need to modify the rules applied by a network template to: Modify... internal network Between potentially nonsecure networks such as wireless networks and the internal network Use defense in depth in addition to perimeter network security Network Perimeter Configurations Bastion host Web Server Three-legged configuration LAN Perimeter Network LAN Back-to-back configuration Perimeter Network LAN About Network Templates Bastion host Web Server Three-legged configuration... access based on user or computer sets Modify Internet access based on protocols Modify network rules to change network relationships You can either change the properties of one of the rules configured by the network template, or you can create a new access rule to apply a specific setting Practice: Implementing Network Templates Applying the 3-Legged Network Template Reviewing the Access Rules Created... disable as required Modify the default set of rules provided by the system policy to meet your organization’s requirements Disable all functionality that is not required System Policy Settings System policy settings include: Network Services Authentication Services Remote Management Firewall Client Diagnostic Services Logging and Monitoring SMTP Scheduled Download Jobs Allowed Sites How to Modify System . filtering 1 1 Implementing ISA Server 2004 as a Firewall To configure ISA Server as a firewall: To configure ISA Server as a firewall: Determine perimeter network configuration Configure. Module 4: Configuring ISA Server as a Firewall Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring