1. Trang chủ
  2. » Công Nghệ Thông Tin

Tài liệu Module 1: Overview of Microsoft ISA Server docx

172 405 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 172
Dung lượng 4,39 MB

Nội dung

Module 1: Overview of Microsoft ISA Server Contents Overview Introducing ISA Server Using Caching Using Firewalls 11 Deployment Scenarios for ISA Server 18 Review 23 Information in this document is subject to change without notice The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted Complying with all applicable copyright laws is the responsibility of the user No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation If, however, your only means of access is electronic, permission to print one copy is hereby granted Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property  2000 Microsoft Corporation All rights reserved Microsoft, BackOffice, MS-DOS, Windows, Windows NT, are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A and/or other countries Other product and company names mentioned herein may be the trademarks of their respective owners BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module 1: Overview of Microsoft ISA Server iii Instructor Notes Instructor_notes.doc BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module 1: Overview of Microsoft ISA Server Overview Topic Objective To provide an overview of the module topics and objectives ! Introducing ISA Server Lead-in ! Using Caching ! Using Firewalls ! Deployment Scenarios for ISA Server In this module, you will learn about the use of ISA Server as a cache server and an enterprise firewall The Internet enables organizations to connect with customers, partners, and employees While this presents new business opportunities, it can also cause concerns about security, performance, and manageability Microsoft® Internet Security and Acceleration (ISA) Server 2000 is designed to address the needs of today’s Internet-enabled businesses ISA Server includes caching features that enables an organization to save network bandwidth and provide faster Web access for users ISA Server includes a firewall service that helps protect network resources from unauthorized access from outside the organization’s network, while enabling efficient authorized access Finally, ISA Server includes management and administration features that enable an organization to centrally control and manage Internet use and access After completing this module, you will be able to: ! Explain the use of ISA Server ! Describe the concept of caching ! Describe the concept of firewalls ! Identify the deployment scenarios for ISA Server BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module 1: Overview of Microsoft ISA Server # Introducing ISA Server Topic Objective To introduce ISA Server Lead-in ISA Server provides benefits and deployment options to help an organization manage Internet security and access ! ISA Server Editions ! Benefits of ISA Server ! Installation Modes ISA Server is an enterprise firewall and cache server built on the Microsoft Windows® 2000 operating system that provides policy-based access control, acceleration, and management of internetworking ISA Server is available in two editions that are designed to meet the business and networking needs of your organization Whether deployed as dedicated components or as an integrated firewall and caching server, ISA Server provides organizations with a unified management console that is designed to simplify security and access management BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module 1: Overview of Microsoft ISA Server ISA Server Editions Topic Objective To identify the ISA Server editions Lead-in ISA Server is available in two editions that are designed to meet the business and networking needs of your organization ! ISA Server Enterprise Edition ! ISA Server Standard Edition ISA Server is available in two editions that are designed to meet the business and networking needs of your organization ISA Server Enterprise Edition The enterprise edition is designed to meet the performance, management, and scalability needs of high volume Internet traffic environments with centralized server management, multiple levels of access policy, and fault-tolerant capabilities The enterprise edition provides secure, scaleable, fast Internet connectivity for mission-critical environments ISA Server Standard Edition The standard edition provides enterprise-class firewall security and Web caching capabilities for small business, workgroups and departmental environments The standard edition provides robust security, fast web access, intuitive management and excellent price/performance for business-critical environments BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module 1: Overview of Microsoft ISA Server Benefits of ISA Server Topic Objective To describe the benefits offered by ISA Server Caching Caching ISA Server offers an organization several benefits for Internet connectivity Fast Access with a High-Performance Web Cache Fast Access with a High-Performance Web Cache Security Security Lead-in Enterprise Security Through a Multilayered Firewall Enterprise Security Through a Multilayered Firewall Management Management Powerful Management with Integrated Administration Powerful Management with Integrated Administration Extensibility Extensibility Extensible and Customizable Platform Extensible and Customizable Platform The slide for this topic includes animation Click or press the SPACEBAR to advance the animation ISA Server is a key member of the NET Enterprise Server family The products in NET Enterprise Servers are Microsoft’s comprehensive family of server applications for building, deploying and managing scalable, integrated, Web-based solutions and services ISA Server offers several benefits to organizations that want fast, secure, and manageable Internet connectivity Delivery Tip Fast Access with a High-Performance Web Cache Delivery Tip To present more information about the NET Enterprise Server family, play the NET Enterprise Servers animation The animation is included on the Trainer Materials Compact Disc ISA Server provides the following Web performance benefits: ! Provides faster Web access for users by retrieving objects locally rather than over a slower connection to the potentially congested Internet ! Reduces bandwidth costs by reducing network traffic ! Distributes the content of Web servers and e-commerce applications efficiently and cost-effectively to reach customers worldwide Note The capability for distributing Web content is only available in ISA Server Enterprise Edition Enterprise Security Through a Multilayered Firewall ISA Server provides the following security benefits: ! Protects networks from unauthorized access ! Protects Web, e-mail, and other application servers from external attacks by using Web publishing and server publishing to securely process incoming requests to internal servers ! Filters incoming and outgoing network traffic to ensure security ! Enables secure access for authorized users from the Internet to the internal network by using virtual private networks (VPNs) BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module 1: Overview of Microsoft ISA Server Powerful Management with Integrated Administration ISA Server provides the following management benefits: ! Controls access centrally to ensure and enforce corporate policies ! Improves productivity by limiting Internet use to approved applications and destinations ! Allocates bandwidth to match business priorities ! Provides monitoring tools and produces reports that show how Internet connectivity is used Extensible and Customizable Platform ISA Server provides the following extensibility and customization benefits: ! Addresses security and performance needs that are specific to an organization by using ISA Server Software Development Kit (SDK) for inhouse development of add-on components ! Extends security and management functionality with third-party solutions ! Automates administrative tasks with scriptable Component Object Model (COM) objects BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module 1: Overview of Microsoft ISA Server Installation Modes Topic Objective To identify the installation modes and associated features of ISA Server Lead-in There are three modes for installing ISA Server ! Cache Mode ! Firewall Mode ! Integrated Mode ! Features Available with Each Mode You can install ISA Server in three different modes: cache mode, firewall mode, and integrated mode Cache Mode In cache mode, you can improve network performance and save bandwidth by storing frequently accessed Web objects closer to the user You can then route requests from clients to a cache server that holds cached objects Firewall Mode In firewall mode, you can secure network traffic by configuring rules that control communication between an internal network and the Internet You can also publish internal servers, which enables an organization to share data on its network with partners or customers Integrated Mode In integrated mode, you can combine the firewall and cache services on a single host computer While organizations can deploy ISA Server as a separate firewall or caching service, you can have a single integrated enterprise firewall and cache server by choosing this mode BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY 22 Module 5: Configuring the Firewall Configuring Packet Filter Options Slide Objective To identify the packet filter options available in ISA Server ! ! Enable Filtering of IP Fragments ! Enable Filtering of IP Options ! You can increase the security of your ISA Server computer and gain additional information about packet filtering by configuring packet filtering options Configure PPTP Through the ISA Firewall ! Lead-in Configure Intrusion Detection Configure Logging of Packets from Allow Filters You can increase the security of your ISA Server computer and gain additional information about packet filtering by configuring packet filtering options Packet filtering options enable you to: ! Configure intrusion detection Set this option to detect when an attack is attempted in a network protected by ISA Server ! Configure PPTP through the ISA Firewall Set this option to enable client computers to establish PPTP connections through the Internet ! Enable Filtering of IP Fragments Set this option to refuse and drop all fragmented IP packets A well-known attack sends and reassembles fragmented packets in a way that may disrupt the operations of a computer Important Do not enable filtering of IP fragments if you want to allow video streams or quality audio streams to pass through the ISA Server computer ! Enable Filtering of IP Options Set this option to refuse and drop all packets that have the words IP Options in the header Some well-known attacks use IP options in the IP packet header Enabling the filtering of IP Options guards against such attacks ! Configure Logging of Packets from Allow Filters Enable this option only for troubleshooting packet filters By default, ISA Server logs information about IP packets that it drops due to Block filters When you select Log packets from Allow filters, ISA Server also records information about packets that were forwarded because an Allow filter Enabling this option causes an additional workload for the ISA Server computer and can create large amounts of logging information BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module 5: Configuring the Firewall 23 Note For more information about intrusion detection, see Module 7, “Monitoring and Reporting,” and Module 3, “Enabling Secure Internet Access" in course 2159a, Deploying and Managing Microsoft ISA Server 2000 For more information about ISA Server logs, see Module 7, “Monitoring and Reporting” in course 2159a, Deploying and Managing Microsoft ISA Server 2000 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY 24 Module 5: Configuring the Firewall # Configuring Application Filters Topic Objective To identify topics related to configuring application filters Key Points Unlike IP packet filters, which make forwarding decisions based on the header of each IP packet, application filters can examine entire transactions between a client application and a server application ! Configuring the SMTP Filter ! Configuring the Streaming Media Filter Configuring the HTTP Filter ! Application filters provide an extra layer of security for the Firewall service Application Filter Overview ! Lead-in ! Configuring the H.323 Filter Application filters provide an extra layer of security for the Firewall service Unlike IP packet filters, which make forwarding decisions based on the header of each IP packet, application filters can examine entire transactions between a client application and a server application, such as an entire e-mail message An application filter can perform protocol-specific or system-specific tasks, such as authentication and virus checking ISA Server requires application filters to support protocols that are more complex, such as the FTP protocol Several application filters are installed with ISA Server You can enable and configure these filters to meet the security needs of your organization In-house developers or third-party developers can also create additional application filters Note You can use application filters only if you install ISA Server in Firewall mode or in Integrated mode BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module 5: Configuring the Firewall 25 Application Filter Overview Topic Objective To list the application filters that are available in ISA Server ! ! H.323 Filter ! HTTP Redirector Filter ! POP Intrusion Detection Filter ! RPC Filter ! SMTP Filter ! SOCKS V4 Filter ! When you install ISA Server, ISA Server enables all of the application filters that are included with the default installation FTP Access Filter ! Lead-in DNS Intrusion Detection Filter Streaming Media Filter ISA Server ISA Server When you install ISA Server, ISA Server enables all of the application filters that are included with the default installation However, if you install the Message Screener, the SMTP filter is not enabled Application filters register with the Firewall service and are automatically loaded when you start the Firewall service ISA Server includes the following application filters: ! DNS Intrusion Detection Filter Detects DNS traffic that indicates some of the types of network intrusions that use the Domain Name System (DNS) Note For more information about DNS intrusions, see Module 7, “Monitoring and Reporting,” in course 2159a, Deploying and Managing Microsoft ISA Server 2000 ! FTP Access Filter Enables ISA Server to support the FTP protocol ! H.323 Filter Controls incoming and outgoing network traffic that uses the H.323 protocol Applications that use the H.323 protocol provide multimedia services to clients, such as multimedia conferencing and Internet telephony ! HTTP Redirector Filter Redirects Web requests from Firewall clients and SecureNAT clients to the Web Proxy Service or another location ! POP Intrusion Detection Filter Detects traffic that indicates some of the types of network intrusion that use the Post Office Protocol (POP) Note For more information about POP intrusions, see Module 7, “Monitoring and Reporting,” in course 2159a, Deploying and Managing Microsoft ISA Server 2000 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY 26 Module 5: Configuring the Firewall ! RPC Filter Enables the publishing of servers that use Remote Procedure Calls (RPC) ! SMTP Filter Screens and blocks e-mail messages based on the properties of attachments, such as users, domains, keywords, or SMTP commands ! SOCKS V4 Filter Allows ISA Server to respond to clients that use the SOCKS protocol ! Streaming Media Filter Allows Firewall clients and SecureNAT clients to use protocols for accessing streaming media services, such as those provided by Windows Media Technology (WMT) Server To enable or disable an application filter: In the console tree of ISA Management, expand your server or array, expand Extensions, and then click Application Filters In the details pane, right-click the appropriate application filter, and then click Properties On the General tab, select or click to clear the Enable this filter check box, and then click OK Note Developers can also create Web filters, which screen and route Web content Web filters can monitor, evaluate, and intercept HTTP communication between an internal network and the Internet Web filters load when you start the Web Proxy service BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module 5: Configuring the Firewall 27 Configuring the SMTP Filter Topic Objective To identify the interface that you use to configure the SMTP filter SMTP Filter Properties General Server Commands Users/Domains SMTP Filter Lead-in After you create one or more IP packet filters that allow SMTP traffic to reach the mail server, you must enable the SMTP application filter Vendor: Microsoft Version: 3.0 RC Description: Filters SMTP traffic Enable this filter OK Cancel Apply After you create IP packet filters that allow incoming SMTP traffic to reach the mail server, you must enable the SMTP application filter The SMTP application filter screens SMTP traffic that arrives on port 25 of the ISA Server computer The SMTP application filter can screen incoming e-mail messages based on the user or the domain, and can generate an alert if mail is received from the specific users or domains The SMTP application filter can also screen e-mail messages based on attachments and keywords You can also configure the SMTP application filter to block specific SMTP commands For example, you can configure the SMTP application filter to reject e-mail messages that contain an attachment that indicates a known e-mail virus Important In order to screen e-mail messages, you must install the Message Screener The Message Screener is an optional ISA Server add-in service In addition, the SMTP application filter can block certain SMTP commands and can check for buffer overrun attacks A buffer overrun attack occurs when an SMTP command is specified with a line length that exceeds a specific value Some third-party SMTP servers are vulnerable to such attacks, which may allow an intruder to run arbitrary commands on the mail server To configure the SMTP application filter: In the console tree of ISA Management, expand your server or array, expand Extensions, and then click Application Filters In the details pane, right-click the SMTP Filter, and then click Properties BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY 28 Module 5: Configuring the Firewall Perform the following actions in the SMTP Filter Properties dialog box: To Do this Stop users from gaining access to the SMTP server On the Users/Domains tab, in the Sender's name box, type the e-mail address of the e-mail sender from whom e-mail messages will be rejected, and then click Add Stop domains from gaining access to the SMTP server On the Users/Domains tab, in the Domain Name box, type the name of the DNS domain whose users are denied access to the SMTP server, and then click Add Configure attachments for the SMTP application filter On the Attachments tab, click Add In the Mail Attachment Rule dialog box, select the Enable attachment rule check box, and then click one of the following: • Attachment name You must then type the name of the attachment • Attachment extension You must then type a file extension For example, to prohibit attachments with an exe extension, type exe • Attachment size limit You must then type the maximum size of the attachment Some e-mail attacks involve overloading a mail server with large attachments In the Action list, select Delete message, Hold message, or Forward messages to, and then type the forwarding address Configure keywords for the SMTP application filter On the Keywords tab, click Add Click Enable keyword rule In the Keyword box, type the keyword string Under Apply action if keyword is found in, select one of the following to indicate which part of the e-mail message that the SMTP application filter checks for the keyword: • Message header or body • Message header • Message body In the Action list, select Delete message, Hold message, or Forward messages to, and type the forwarding address Disallow an SMTP command On the Commands tab, double-click the appropriate command In the SMTP Command Rule dialog box, click to clear the Enable an SMTP command check box Configure the SMTP application filter buffer overflow thresholds On the Commands tab, double-click the appropriate command In the SMTP Command Rule box, select the Enable an SMTP command check box In the Maximum Length box, type the maximum length of the command line for the SMTP commands BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module 5: Configuring the Firewall 29 Configuring the Streaming Media Filter Topic Objective Streaming Media Filter Properties To identify the interface that is used to configure the Streaming Media filter General Live Stream Splitting Use this page to select WMT live stream splitting mode Select one of these options to enable live stream splitting Lead-in The Streaming Media filter enables Firewall clients and SecureNAT clients to use popular streaming media protocols to gain access to media streaming servers Disable WMT live stream splitting Split live streams using a local WMT server Split live streams using the following WMT server pool: WMT Server Address Add… Remove Edit… WMT server administrator account: User account: Browse… Password: Confirm password: OK Cancel Apply The Streaming Media filter enables Firewall clients and SecureNAT clients to use popular streaming media protocols to gain access to media streaming servers Streaming media technology allows the distribution of audio and video on the Internet as a continuous real-time stream A server application transmits the media stream to a client application The client application can display the video or play the audio as soon as enough of the media stream is received and stored in the buffer ISA Server supports the following streaming media products: ! Microsoft Windows Media (MMS), which allows Microsoft Windows Media™ Player client access and server publishing ! Progressive Networks protocol (PNM), which allows RealPlayer client access and server publishing ! Real Time Streaming Protocol (RTSP), which allows RealPlayer G2 and QuickTime client access and server publishing In addition, the Streaming Media filter can improve the performance of the streaming media for clients by splitting the live streams BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY 30 Module 5: Configuring the Firewall Configuring Live Stream Splitting Configuring live stream splitting enables the Streaming Media filter to obtain the media stream from the Internet, and then make it available on a local WMT server for access by clients You can enable live stream splitting for a single WMT server or for a pool of one or more WMT servers If you configure ISA Server to make streaming media available on a single WMT server, the server must reside on the ISA Server computer If you retransmit the live stream by using a pool of one or more WMT server computers, this pool can be located anywhere on your internal network of filters to obtain information from the Internet once, then make it available locally on a Note To use live stream splitting, you must install Windows Media Services, which is a component of Windows 2000 Server, on the ISA Server computer If you use a WMT server pool, you only need to install the Windows Media Service administration tool on the ISA Server computer To configure live stream splitting for a streaming media filter: In ISA Management, in the console tree, expand your server or array, expand Extensions, and then click Application Filters In the details pane, right-click Streaming Media Filter, and then click Properties On the Live Stream Splitting tab, click one of the following options: To Then Prohibit access to media streams from a WMT server Click Disable WMT live stream splitting Allow access to media streams from a single local WMT server Click Split live streams using a local WMT server Allow access to media streams from a WMT server pool on your network Click Split live streams using the following WMT server pool, click Add, and then type the IP address of the WMT server pool If you are allowing access to media streams from a WMT server pool, in the User account box, type the user name for the WMT server administrator account Note The user account that you specify must be a member of the Netshow Administrators group on each WMT server In the Password box and in the Confirm password box, type the account password, and then click OK BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module 5: Configuring the Firewall 31 Configuring the HTTP Redirector Filter Topic Objective HTTP Redirector Filter Properties To identify the interface that is used to configure the HTTP Redirector filter General Options Select to redirect HTTP requests Response to HTTP requests: Redirect to local Web Proxy service If the local service is unavailable, redirect requests to requested Web server Lead-in The HTTP Redirector filter forwards HTTP requests from Firewall clients and SecureNAT clients to the Web Proxy service Send to requested Web server Reject HTTP requests from Firewall and SecureNAT clients OK Key Points Redirecting HTTP requests improves client performance and allows you to apply site and content rules to Web Proxy clients and SecureNAT clients Cancel Apply The HTTP Redirector filter forwards HTTP requests from Firewall clients and SecureNAT clients to the Web Proxy service on the internal ISA Server computer By using the HTTP Redirector filter, HTTP requests are cached, even if users on a Firewall client computer or SecureNAT client computer not configure their Web browser to use the ISA Server computer as a Web Proxy server Redirecting HTTP requests improves client performance and allows you to apply site and content rules to Web Proxy clients and SecureNAT clients HTTP Redirector Filter Options You can configure the HTTP Redirector filter to one of the following: ! Redirect requests to the Web Proxy service Redirects requests to the Web Proxy service on the ISA Server computer This option is the default option for the HTTP Redirector filter ! Send requests to a specified Web server Requests bypass the Web Proxy service and the objects are not cached Choose this option if you not want the ISA Server computer to cache HTTP requests from Firewall clients or from SecureNAT clients ! Discard HTTP requests Discards all HTTP requests from Firewall clients and SecureNAT clients Choose this option when you want to require all clients that use the HTTP protocol to be configured as Web Proxy clients Important When the HTTP Redirector filter passes a request from a SecureNAT client to the Web Proxy service, the client's authentication information is lost Therefore, requests from Firewall clients are handled as unauthenticated If you configured the Web Proxy client to require authentication, the requests from the Web Proxy clients will be denied BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY 32 Module 5: Configuring the Firewall Configuring Redirection Options To configure the HTTP filter: In the ISA Management, in the console tree, expand your server or array, expand Extensions, and then click Application Filters In the details pane, right-click HTTP Redirector Filter, and then click Properties On the Options tab, click the appropriate option, and then click OK BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module 5: Configuring the Firewall 33 Configuring the H.323 Filter Topic Objective To identify the interface that is used to configure the H.323 filter Lead-in The H.323 filter enables conferencing applications, such as NetMeeting, to communicate with computers over the Internet using video, audio, and application sharing H.323 Filter Properties General Call Control Specify an H.323 Gatekeeper Gatekeeper location Use this Gatekeeper Browse… PHOENIX Call direction Allow incoming calls Allow outgoing calls Use DNS gatekeeper lookup and LRQs for alias resolution Media Control Select one or more media options Allow audio Allow video Allow T120 and application sharing OK Cancel Apply The H.323 filter enables people that use conferencing applications, such as Microsoft NetMeeting®, to communicate with others over the Internet by using video, audio, and data sharing You can configure the H.323 filter to limit client access to certain media, such as denying access to video or data sharing Note To enable multiple H.323 sessions and to improve efficiency for H.323 applications, you can configure an H.323 Gatekeeper For more information on H.323 Gatekeepers, see Module 6, “Configuring Access to Internal Resources,” in course 2159a, Deploying and Managing Microsoft ISA Server 2000 To configure the H.323 filter: In ISA Management, in the console tree, expand Extensions, and then click Application Filters In the details pane, right-click H.323 Filter, and then click Properties On the Call Control tab, select the Use this Gatekeeper check box, and then type the IP address of the computer that runs the H.323 Gatekeeper Select one or more of the following options, and then click OK: • Allow incoming calls Permits people in other organizations to call people within your organization over the Internet • Allow outgoing calls Permits people within your organization to call people in other organizations over the Internet • Use DNS gatekeeper lookup and LRQs for alias resolution Enables DNS to look up DNS gatekeepers for outgoing calls • Allow audio Permits audio calls • Allow video Permits video calls • Allow T120 and application sharing Permits T.120 data and application sharing BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY 34 Module 5: Configuring the Firewall Lab A: Configuring the Firewall Topic Objective To introduce the lab Lead-in In this lab, you will configure an ISA Server computer as a firewall Explain the lab objectives Lab.doc BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module 5: Configuring the Firewall 35 Review Topic Objective To reinforce module objectives by reviewing key points Lead-in The review questions cover some of the key concepts taught in the module ! Securing the Server ! Examining Perimeter Networks ! Examining Packet Filtering ! Configuring Packet Filtering and Routing ! Configuring Application Filters You have been asked to troubleshoot an ISA Server installation that was performed by another administrator Since installing and configuring ISA Server, the administrator no longer gets any replies when using the Ping command to test connectivity with Internet hosts The administrator can connect to the same hosts using other protocols, such as the HTTP protocol and the FTP protocol What should you check when troubleshooting this problem? Ensure that IP routing is enabled on the ISA Server computer, and that there is an active IP packet filter that allows the forwarding of the required ICMP packets You want to ensure that the ISA Server computer never responds to any outside connection attempts that use the Telnet protocol, even if an administrator accidentally installs a Telnet server application on the ISA Server computer Telnet uses TCP port 23 What must you to ensure that ISA Server never accepts any packets that are intended for port 23? You must create an IP packet filter The IP packet filter must be a Block filter that blocks packets from any source IP address and port with the destination IP address of the ISA Server’s external IP address and a destination TCP port of 23 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY 36 Module 5: Configuring the Firewall You are running the ISA Server Security Configuration Wizard and you receive a message that a required template is missing Where can you find the templates and where must you put them for the wizard to run successfully? The templates are on the Windows 2000 Server CD They must be in the systemroot\security\templates folder for the wizard to run successfully When must you enable ISA Server IP routing? You must enable ISA Server IP routing when the ISA Server computer must forward protocols other than TCP and UDP, or when you want to make resources in a three-homed perimeter network available All of the software developers in your organization will participate in training broadcasts that are delivered over the Internet This training involves weekly live video broadcasts You are concerned about whether your connection to the Internet will be able to handle multiple simultaneous sessions to the media server, each of which transmits a large amount of data What can you to reduce the amount of Internet bandwidth that your organization uses for viewing these training sessions? You can configure the Streaming Media Filter for live stream splitting All of the users in your organization can then gain access to the video stream from an internal server BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY ... MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module 1: Overview of Microsoft ISA Server Benefits of ISA Server Topic Objective To describe the benefits offered by ISA Server Caching... CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module 1: Overview of Microsoft ISA Server # Introducing ISA Server Topic Objective To introduce ISA Server Lead-in ISA Server provides benefits and deployment... TRAINER PREPARATION PURPOSES ONLY Module 1: Overview of Microsoft ISA Server ISA Server Editions Topic Objective To identify the ISA Server editions Lead-in ISA Server is available in two editions

Ngày đăng: 11/12/2013, 14:15

TỪ KHÓA LIÊN QUAN