by October 31, 2000 0 comments

The Microsoft Internet Security and Acceleration Server 2000(ISA) is a proxy server and firewall. The Release Candidate 1 for it wasrecently released. It has a host of firewall options, which we’ll talk aboutin this article.

ISA Server is configured using the Microsoft ManagementConsole (MMC). The MMC window is divided into two panes. The right pane displaysthe sub-folders within these folders and properties that can be configured ineach, while the left pane displays the various configurable items and all theservers running ISA Server. Each server is called an array, and holds a set ofits own configuration options. When you click on a particular server, the rightpane shows the configurable parameters. This contains wizards that let youconfigure the server’s security policies.

ISA Server’s firewall can be configured for both internaland external users. Two configuration wizards do this. One configures accesspolicies for internal users, while the other configures firewall protection forexternal users. You can also manually configure everything, which requires anunderstanding of the server’s functioning.

Protection from inside

From the client’s side, ISA Server let’s you preventunauthorized traffic from going to the Internet. This can be done to conservebandwidth, prevent access to certain websites, keep a tab on and preventunwanted downloads, etc. The Configure Access Policy wizard let’s you setthese options. You can also configure the options from the Access Policy folderin the left pane. This folder let’s you define address sets for clients thatare allowed access to the internet. Client address sets can also be set todivide your intranet into smaller virtual networks with individual access rules.You can also define protocols, which can be used later to create protocol rules.These can either be predefined or user-defined.

Created protocol rules are applied to all traffic passingthrough the ISA Server. These rules can be either of Allow or Deny type. Acertain protocol rule may be applied to either a single protocol or a group ofprotocols. On the client front, these rules can be applied to specified users orgroups or client address sets. Protocol rules can also be scheduled. So theadministrator can choose to implement a rule only during office hours.

Site and content rules can be applied to the type of contentbeing accessed by clients. So you may choose to block out images, text, audio,video or any other type of content that you don’t want them to access. As inthe case with protocol rules, these can also be client specific. You may applythem to a particular sub-network that you created in the beginning.

Blocking outside access

Now let’s see the other side of the picture–accessingyour network from the Internet through ISA Server. The Configure FirewallProtection option let’s you protect your network from the outside world. Ithas four options for securing your server and machine, creating packet filters,configuring packet filters and intrusion detection, and modifying packetfilters.

The Secure your server and machine option is a wizard thatallows you to quickly set up security on your server. You can choose to havehigh security for very secure stand-alone firewall installations, moderatesecurity for firewalling Domain Controllers, or standard Windows 2000 securityfor application or database servers.

The next option, create packet filters, can be either staticor dynamic. In static packet filtering you define a set of filers for thefirewall to follow. Here, the ports that allow packets to flow are always open.In dynamic packet filtering, the ports are opened only when a packet that’sallowed access comes in. Otherwise, they remain closed.

The third option is to configure packet filters yourself. Ifyou have an array of computers running ISA server, then you can create a filteron one, and choose to apply it on all. Again, as with the rules alreadydiscussed, these filters are allow or block type. You can apply rules for a hostof options ranging from ICMP requests, POP3, SMTP, HTTP, HTTPS, NetBIOS, etc.Alternatively, you can choose to have a custom filter based on the type of IPprotocol, direction of request and local and remote port numbers. Once created,the packet filter can be virtually positioned either on both the internal andexternal interface IP addresses of the ISA Server machine or on the external IPaddress only. Packets from filters set to allow access can also be logged in alog file.

Finally, you can also configure the created packet filters ata later stage.

Intrusion detection is a feature of the ISA Server firewallthat detects various types of attacks on the server from the Internet. Attackslike WinNuke, Ping of Death, IP half scan, Port scan or UDP bombs can bedetected. What then? Once detected, the attack triggers a predefined alert.Alerts are specified in the Monitoring Alerts configuration. So, when triggered,the alert can send the administrator an e-mail message, start a predefinedapplication, log it to the event log, start or stop certain specific services ordo all of these. Not only this, the program keeps an eye out for furtherattacks. Normally any such attack is followed by a series of after attacks onother ports. The ISA Server firewall detects such after attacks on otherwell-known ports even after the initial attack is over.

The configurable options are plenty, and it takes sometime tounderstand them.

Ashish Sharma

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.