SMALL BUSINESS er BIG BUSINESS ISA Workshop Rico Raja, Technology Specialist Brian Thumann Madsen, Senior Executive Consultant.

Præsentationer af emnet: "SMALL BUSINESS er BIG BUSINESS ISA Workshop Rico Raja, Technology Specialist Brian Thumann Madsen, Senior Executive Consultant."— Præsentationens transcript:

1 SMALL BUSINESS er BIG BUSINESS ISA Workshop Rico Raja, Technology Specialist Brian Thumann Madsen, Senior Executive Consultant

2 Agenda  Oversigt over versioner og features  Elementer i ISA 2004  Publishing Rules  Listner  Interfaces  Access rules  Installation og konfiguration af ISA 2004  Brug af ISA Management Konsol  Publish af MS Produkter  Opgavesæt 1  Routing og Remote access med ISA 2004 (VPN)  Brug af ISA Klient  Opgavesæt 2  Demo af Radius med trådløst netværk  Demo brug af tokens med ISA 2004  DMZ Zone

3 Agenda (forsat)  Opgavesæt 3  Failover og load balancing  FAQ  Skyd på Microsoft  Opsamling og afslutning

4 Oversigt over versioner og features

5 Elementer i ISA 2004 – Publishing Rules  Gør Services tilgængelig fra Wan til Lan / DMZ  Alle Services publisheres via ISA Management Console  Prædefinerede Publishing Rules  Muligheder for at lave nye Publishing templates  Mulighed for at route klienten direkte ind til serveren  Mulighed for at publishere interne services direkte på ISA Server så det er ISA der eks. Indeholder certificater mv.

6 Elementer i ISA 2004 – Listner  Fungerer som filter for access Rules  Der kan eks. Laves banning af websites  Indeholder autobanning  Kan styres på AD grupper mv.

7 Elementer i ISA 2004 – Interfaces  Interfaces er fysiske netkort eller kommunikations devices  Disse oprettes seperat i ISA  Kommunikationen mellem disse kan styres via ISA med policy, Access Rules mv.  Typiske eksempler på anvendelse af ekstra interfaes er til DMZ, kursusnet mv.  Standard i ISA server findes flg. Interfaces:  External  Localhost  Internal  VPN clients  Quarantined VPN Clients

8 Elementer i ISA 2004 – Access Rules  Styrer adgang og policies fra lan til wan  Kan styres på:  Porte  Protokoller  Exeptions

9 Installation og konfiguration af ISA 2004 Demo

10 Brug af ISA Management Konsol Demo

11 Publish af MS Produkter Demo

12 Opgaver Opgavesæt 1

13 Routing og Remote access med ISA 2004 (VPN)  Enable VPN i ISA Management console  Sæt maximum antal klienter  Sæt tilladte protokoller  Sæt Domæne info  Opsæt adapter der skal modtage vpn forbindelser  Opsæt adapter der skal udlevere DHCP (klik på Advanced for at sætte DNS mv)  Sæt kryptering  Lav access rule i ISA management console, mellem vpn clients og internal  Tillad vpn brugere at lave dial in fra Active Directory Users and Computers

14 Brug af ISA Klient  Yderligere log funktioner  Integration med AD  Grupper / brugere kan styres med forskellige regelsæt mv.  ISA kan opsættes til kun og acceptere ISA klienter og ikke rene gateway forespørgelser  Hvis maskinen ikke har en klient installeret kan ISA installere denne via Discovery method.

15 Opgaver Opgavesæt 2

16 Demo af Radius med trådløst netværk Demo

17 Demo brug af tokens med ISA 2004 Demo

18 DMZ Zone  Hvornår og til hvad anvendes en DMZ Zone  Brug af ISA med DMZ Zone  Opsætning af ISA til DMZ (Demo)

19 Opgaver Opgavesæt 3

20 Failover og load balancing  Komponenter der benyttes:  ISA Configuration and Storage Server (Seperat server)  Windows NLB  Active Directory Services  Evt. Hardware loadbalancing boks  HUSK! Switch må ikke køre spanning tree

21 FAQ  Q. How can I remotely administer my ISA Server computer?  A. You can use Terminal Services or Remote Desktop to connect to the ISA Server computer. Alternatively, you can install the ISA Server Management Microsoft Management Console (MMC) and use that for remote administration. There are two system policy rules that allow remote management of the ISA Server computer - one for MMC management, the other for Terminal Server (Remote Desktop) management. Add the computer you want to use for remote administration to the predefined Remote Management Computers set used by these rules.  Q. When does ISA Server go into lockdown mode? A. Lockdown mode is triggered when an event triggers the Firewall service to shut down, or if the Firewall service is manually shut down.  A. When the Firewall service restarts, ISA Server exits lockdown mode and continues functioning, as previously. The effects of lockdown mode are documented in ISA Server online Help. When the Firewall service restarts, ISA Server exits lockdown mode. Any changes made to the ISA Server configuration are applied after ISA Server exits lockdown mode.

22 FAQ  Q. What is the Local Host network?  A. The Local Host network represents the ISA Server computer. That is, all traffic that comes from or to ISA Server is considered to have passed by way of the Local Host network. It includes all the IP addresses of the ISA Server computer, and the reserved loopback IP address 127.0.0.1.  Q. What is the significance of NAT and Route relationships between networks?  A. If you have a network rule that defines a network address translation (NAT) relationship between two networks (for example Internal and External), the following will apply: Internal to External traffic will be defined by access rules. External to Internal traffic will be defined by publishing rules. If you have a route relationship, you can use access rules in both directions.

23 Skyd på Microsoft

24 Opsamling og afslutning  Kontakt info:  Rico Raja: rr@jyskpc.dkrr@jyskpc.dk  Brian Thumann Madsen: btm@jyskpc.dkbtm@jyskpc.dk  Community Site: www.windows-admin.comwww.windows-admin.com  MS Technet Site: http://www.microsoft.com/technet/prodtechnol/isa/default.mspxhttp://www.microsoft.com/technet/prodtechnol/isa/default.mspx  ISA Webcasts: http://www.microsoft.com/events/series/isaserversecurity.mspxhttp://www.microsoft.com/events/series/isaserversecurity.mspx  ISA community site: http://www.isaserver.orghttp://www.isaserver.org