isa 2004

7/31/2019 isa 2004

1/81

Gii thiu v ISA 2004

ISA internet security Acceleration

ISA l mt phn mm c thit k k bo v h thng mng.

Chng xm nhp t bn ngoi vo.

ISA l mt phn mm firewall.

7/31/2019 isa 2004

2/81

Cc network sevice v nhng tnhnng trn ISA 2004 Ci t v cu hnh Microsoft Certificate Services (dch v cung

cp cc chng th k thut s phc v nhn dng an ton khigiao dch trn Mng)

Ci t v cu hnh Microsoft Internet Authentication Services(RADIUS) dch v xc thc an ton cho cc truy cp t xa thng

qua cc remote connections (Dial-up hoc VPN) Ci t v cu hnh Microsoft DHCP Services (dch v cung cpcc xc lp TCP/IP cho cc node trn Mng) v WINS Services(dch v cung cp gii php truy vnNETBIOS name ca ccComputer trn Mng)

7/31/2019 isa 2004

3/81

tt

Cu hnh cc WPAD entries trong DNS h tr chc nngautodiscovery (t ng khm ph)) v autoconfiguration (t ngcu hnh) cho Web Proxy v Firewall clients. Rt thun li chocc ISA Clients (Web v Firewall clients) trong mt t chckhi hphi mang Computer t mt Network (c mt ISA SERVER) n

Network khc (c ISA SERVER khc) m vn t ng pht hinv lm vic c vi Web Proxy Service v Firewall Service trnISA SERVER ny .

Ci t Microsoft DNS server trn Perimeter network server(Network cha cc Server cung cp trc tuyn cho cc Clients

bn ngoi, nm sau Firewall, nhng cng tch bit vi LAN) Ci t ISA Server 2004 firewall software Back up v phc hi thng tin cu hnh ca ISA Server 2004

firewall

7/31/2019 isa 2004

4/81

Tt

Dng cc m hnh mu ca ISA Server 2004 (ISA Server 2004Network Templates) cu hnh Firewall

Cu hnh cc loi ISA Server 2004 clients

Publish Web Server trn mt Perimeter network

Dng ISA Server 2004 firewall ng vai tr mt Spam filteringSMTP relay (trm trung chuyn e-mails, c chc nng ngnchn Spam mails)

Publish Microsoft Exchange Server services (h thng Mail vlm vic cng tc ca Microsoft, tng t Lotus Notes ca IBM)

Cu hnh ISA Server 2004 firewall ng vai tr mt VPN server

To kt ni VPN theo kiu site to site gia hai Networks

7/31/2019 isa 2004

5/81

Ci t ISA 2004.

7/31/2019 isa 2004

6/81

Ci t isa 2004

Tin hnh cc bc sau ci t ISAServer 2004 software trn dual-homed(mygn hai Network Cards) Windows Server

2003 Computer:

7/31/2019 isa 2004

7/81

Chn install ISA 2004 thc hin qutrnh ci t.

7/31/2019 isa 2004

8/81

Ci t isa 2004

Click Next trn Welcome to the Installation Wizard forMicrosoft ISA Server 2004 page.

Chn I accept the terms in the license agreementtrnLicense Agreement page. Click Next.

Trn Customer Informationpage, in Tn v Tn t chc cabn trong User

Name v Organizationtext boxes. in tip Product SerialNumber. Click Next.

Trn Setup Typepage, chn Customoption. Nu bn khngmun ci t ISA

Server 2004 software trn C: drive, click Change thay i vtr ci t chng trnh trn a cng. Click Next.

7/31/2019 isa 2004

9/81

Ci t isa 2004

Trn Custom Setuppage, bn c th la chn nhng thnhphn ci t. Mc nh th, Firewall Services v ISA ServerManagements c ci t. Cn Message Screener,c s dng gip ngn chn th rc (spam)v cc file nhkm.

Lu . Cn ci t IIS 6.0 SMTP service trn ISA Server 2004

firewall computer trc khi bn ci Message Screener. Dngxc lp mc nh tip tc v click Next.

Trn Internal Network page, click Add

7/31/2019 isa 2004

10/81

Ci t isa 2004

7/31/2019 isa 2004

11/81

Ci t isa 2004

7/31/2019 isa 2004

12/81

Chn thm Firewall installation shared.

7/31/2019 isa 2004

13/81

Click Add xc nh vng a ch.

7/31/2019 isa 2004

14/81

Ci t isa 2004

Trong Internal Network setup page, click Select NetworkAdapter

7/31/2019 isa 2004

15/81

Ci t isa 2004

Check vo Add address ranges based on the Windows RoutingTablecheckbox. Check tip vo Network Cardno, trc tip kt nivo LAN ti Select the address rangesInternal network adapter

7/31/2019 isa 2004

16/81

Ci t isa 2004

Click OK trong Setup Messagedialog box xc nhnrng Internal network c nh ngha hot nda trn Windows routing table.

Click OK trn Internal network address rangesdialog box.

7/31/2019 isa 2004

17/81

Ci t isa 2004

7/31/2019 isa 2004

18/81

Ci t isa 2004

Click Next trn Internal Network page.

7/31/2019 isa 2004

19/81

Ci t isa 2004

Trn Firewall Client Connection Settings page,check vo Allow nonencrypted Firewall clientconnections v Allow Firewall clients runningearlier versions of the Firewall client software toconnect to ISA Servercheckboxes.(h tr ccc phin bn c)

7/31/2019 isa 2004

20/81

Ci t isa 2004

7/31/2019 isa 2004

21/81

Ci t isa 2004

Trn Services page, click Next

Click Install trn Ready to Install theProgram page

Trn Installation Wizard Completed page,click Finish.

7/31/2019 isa 2004

22/81

Ci t isa 2004

Trn Services page, click Next

Click Install trn Ready to Install the Programpage

Trn Installation Wizard Completed page, clickFinish.

7/31/2019 isa 2004

23/81

Ci t isa 2004

7/31/2019 isa 2004

24/81

Tin hnh cc bc sau duyt qua chnh sch mc

nh ca Firewall (default firewall System Policy)

Click Start, All Programs. Chn Microsoft ISAServer v click ISA Server Management.

Trong Microsoft Internet Security andAcceleration Server 2004 management console,m rng server nodev click vo Firewall Policynode. Right click trn Firewall Policy node, tr n

View v click Show System Policy Rules.

7/31/2019 isa 2004

25/81

Tin hnh cc bc sau duyt qua chnh sch mcnh ca Firewall (default firewall System Policy)

7/31/2019 isa 2004

26/81

Tin hnh cc bc sau duyt qua chnh sch mcnh ca Firewall (default firewall System Policy)

Nhn thy rng, cc nguyn tc c xc nh r bi: S th t (Order number) Tn (Name Rule)

Hnh ng a ra i vi nguyn tc (Cho php hoc ngn

chn -Allow or Deny) Dng giao thc no (Protocols) T Mng hoc Computer ngun- From (source network or host) n Mng hay Computer ch- To (destination network or host) iu kin- Condition (i tng no hay nhng g nguyn tc

ny s p dng)

7/31/2019 isa 2004

27/81

Sao lu v Phc hi cu hnh Firewall Cc hng dn Backup s c thi hnh sau mt

hoc mt s th tc sau: Thay i kch c hay v tr Cache (cache size /

location)

Thay i chnh sch Firewall (Firewall policy) Thay i nn tng cc nguyn tc ( rule base) Thay i cc nguyn tc h thng (system rules)

Making changes to networks, such as, changingnetwork definition or network rules y quyn cc tc v qun tr ISA Server / B y

quyn

7/31/2019 isa 2004

28/81

Sao lu v Phc hi cu hnh Firewall Chng ta s tin hnh nhng cng vic sau:

Backup cu hnh Firewall

Phc hi cu hnh Firewall t File Backup

Xut chnh sch Firewall

Nhp chnh sch Firewall

7/31/2019 isa 2004

29/81

Tin hnh Back-up cu hnh mc nhngay sau ci t. M Microsoft Internet Security and Acceleration

Server 2004 management console, right click trn

server name. Click BackUp

7/31/2019 isa 2004

30/81

Tin hnh Back-up cu hnh mc nhngay sau ci t.

7/31/2019 isa 2004

31/81

Tin hnh Back-up cu hnh mc nhngay sau ci t. Trong Backup Configurationdialog box, in tn

file backup bn mun t trong File name text box.Nh v tr chng ta lu backup file trong Savelist. Trong v d ny, t tn file backup lbackup1. Click Backup.

7/31/2019 isa 2004

32/81

Tin hnh Back-up cu hnh mc nhngay sau ci t.

7/31/2019 isa 2004

33/81

Tin hnh Back-up cu hnh mc nhngay sau ci t. Trong Set Passworddialog box, in vo passwordv xc

nhn li passwordny trong Password v Confirmpasswordtext boxes

Click OK trong Exportingdialog box khi bn thy thng bo

The configuration wassuccessfully backed upmessage

7/31/2019 isa 2004

34/81

Phc hi cu hnh Firewall tConfiguration from the File Backup

M Microsoft Internet Security and Acceleration Server2004 managementconsole, right click trn computer name,

Click Restore

7/31/2019 isa 2004

35/81


7/31/2019 isa 2004

36/81

Phc hi cu hnh Firewall tConfiguration from the File Backup Chn file cn backup, click Restore

7/31/2019 isa 2004

37/81

Phc hi cu hnh Firewall tConfiguration from the File Backup a vo passwordm bn xc nhn trc cho

file trong Type Password to Open File dialog box, clickOK

7/31/2019 isa 2004

38/81


Click OK trong Importingdialog box khi thy xut hinthng bo The configuration was successfully restored

Click Apply savenhng thay i v cp nht chnhsch cho Firewall.

7/31/2019 isa 2004

39/81


Chn Save the changesand restart the service(s) trong ISAServer Warningdialog box

7/31/2019 isa 2004

40/81


Click OK trong Apply New Configurationdialog box chr rng Changes to the configuration were successfullyapplied

7/31/2019 isa 2004

41/81

Xut chnh sch Firewall (ExportingFirewall Policy)

Chng ta khng nht thit phi lun lun export mi th linquan n cu hnh ca Firewall. C th chng ta ch gp phimt s vn ti Access Policiesv mun gi nhng thngtin ny n mt Security admin no xem xt. Khi y chcn

export cc Access Policieshin thi ca Firewall, sau giExport File ny n mt chuyn gia v ISA Server 2004, h c th nhanh chng nhp (import) cc Policies ny vomt ISA server 2004 Test Computer, v chn on vn

7/31/2019 isa 2004

42/81


Trong Microsoft Internet Security andAcceleration Server 2004 management console,m rng server name, right click trn VirtualPrivate Networks (VPN) node. Click vo ExportVPN Clients Configuration

7/31/2019 isa 2004

43/81


7/31/2019 isa 2004

44/81

Xut chnh sch Firewall (ExportingFirewall Policy) Trong Export Configurationdialog box, in tn cho export

filetrong File nametext box. a mt s thng tin m t vni chng ta lu tr file. Check vo Export user permissionsettings and Export confidential information (encryptionwill be used)check boxes nu bn mun lu thng tin ring

nm bn trongVPN Clients configuration(chng hn nhcc password b mt ca IPSec- IPSecshared secrets)

7/31/2019 isa 2004

45/81


7/31/2019 isa 2004

46/81


Trong Set Passworddialog box, in mt passwordv xc nhn li passwordtrong Confirm passwordtext box. Click OK.

7/31/2019 isa 2004

47/81

Nhp chnh sch Firewall (ImportingFirewall Policy) Trong Microsoft Internet Security and Acceleration Server 2004

managementconsole, m rng server namev right click voVirtual Private Networks (VPN) node. Click Import VPN ClientsConfiguration.

TrongImport Configurationdialog box, chn fileVPN Clients

Backup.nh du vo, Import user permission settings vImport cache drive settingsvSSL certificatescheckboxes in password mtrong Type Password to Open File dialog

box. Click OK.

Click OK trong Importing Virtual Private Networks (VPN) dialogbox khi nhn c thng bo Successfully imported theconfiguration.

Click Apply p dng nhng thay i v cp nht Firewall policy. Click OK trong Apply New Configurationdialog box khi nhn c

thng bo Changes to the configuration were successfully applied

7/31/2019 isa 2004

48/81

To rule truy cp web

7/31/2019 isa 2004

49/81

Khi ng ISA chn Firewall policyTab Toolbox chn URL set

7/31/2019 isa 2004

50/81

Chn new URL sets

7/31/2019 isa 2004

51/81

7/31/2019 isa 2004

52/81

Apply lu li

7/31/2019 isa 2004

53/81

To mt Rule mi cho php truy cp web

7/31/2019 isa 2004

54/81

Nhp tn chp Rule mi

7/31/2019 isa 2004

55/81

Chn mc allow cho php truy cp. Denyt chi truy cp.

h l d h i h

7/31/2019 isa 2004

56/81

Chn Selected nh giao thc c sdng

Ch i h li k dd h

7/31/2019 isa 2004

57/81

Chn gio thc click nt add chn.

Ch d Ch l

7/31/2019 isa 2004

58/81

Chn card mng.Chn rule ngun.

Ch l h h dd

7/31/2019 isa 2004

59/81

Chn rule ch.chn add next.

Fi i h li k A l l l i

7/31/2019 isa 2004

60/81

Finish click Apply lu li.

CONTROL USER ACCOUNT

7/31/2019 isa 2004

61/81

CONTROL USER ACCOUNT

- Trc khi cu hnh hay ci t isa 2004 yuccu phi khi bo a ch ip cho cc cardmng LAN v WAN.

K i ISA DC

7/31/2019 isa 2004

62/81

Kt ni ISA server vo DC server

Phi chut my computer chn prperties.

Chn th computer name click nt change.

t tn my v gia nhp my vo domaincontroller.

Sau o restart li my.

K i ISA DC

7/31/2019 isa 2004

63/81

Kt ni ISA server vo DC server

T l b RDP h USER1

7/31/2019 isa 2004

64/81

To rule access web v RDP cho USER1

Khi ng ISA server chn th Firewallpolicy.

Chn Tab Toolbox gc pha mn hnh.

7/31/2019 isa 2004

65/81

Ch P l h t t

7/31/2019 isa 2004

66/81

Chon Pannel user chn new, t tn.

Cli k t Add h i d

7/31/2019 isa 2004

67/81

Click nt Add, chn mc window userand group.

Cli k t L lti

7/31/2019 isa 2004

68/81

Click nt Localtion

Nhp user name v password

7/31/2019 isa 2004

69/81

Nhp user name v passwordadministrator.

Ch E ti Di t

7/31/2019 isa 2004

70/81

Chn Entire Directory

Chn Domain controller chn th user

7/31/2019 isa 2004

71/81

Chn Domain controller chn th user

Chn ser click ok hon tt q trnh

7/31/2019 isa 2004

72/81

Chn user click ok hon tt qu trnh

Nhn Appl l li

7/31/2019 isa 2004

73/81

Nhn Apply lu li

nh ngha (xc thc )cho php user

7/31/2019 isa 2004

74/81

nh ngha (xc thc )cho php userc i ra ngoi.

Phi chut Firewall chn new chn

7/31/2019 isa 2004

75/81

Phi chut Firewall chn new chnaccess rule. Nhp tn vo mc Access

rule name.

Chn allow cho php tt c Chn

7/31/2019 isa 2004

76/81

Chn allow cho php tt c. Chnselected protocol chn giao thc.

Chn mc common protocol thit lp

7/31/2019 isa 2004

77/81

Chn mc common protocol thit lpgiao thc.

Chn rule ngun Chn mc Network

7/31/2019 isa 2004

78/81

Chn rule ngun. Chn mc Networkchn card internal. Click Add

Chn rule ch Chn mc Network chn

7/31/2019 isa 2004

79/81

Chn rule ch. Chn mc Network chncard External. Click Add click next.

Chn tn rule c to phn trc click

7/31/2019 isa 2004

80/81

Chn tn rule c to phn trc clickadd. Click next.

Click next qu trnh kt thc nhn Apply

7/31/2019 isa 2004

81/81

Click next qu trnh kt thc nhn Applylu li qu trnh hon tt.

isa 2004

Documents

Transcript of isa 2004