Bunchee's Blog

Hi folks , ISA Server uses 3 kind of security mechanisums to prevent unauthorized use getting to the network . those are namely

• Packet filtering
• Statefull inspection
• Application filtering
•  

In below article I am explaining how stateful inspection taking place in ISA Server inspect the data packet.

When a firewall uses stateful filtering, it not only examines the packet header information, but also examines the status of the packet. For example, the firewall can inspect a packet at its external interface and determine whether the packet is a response to a request from the internal network. This check can be performed at both the transport and application layers.

Stateful filtering uses information about the TCP session to determine if a packet should be blocked or allowed through the firewall. TCP sessions are established using the TCP three-way handshake. The purpose of the three-way handshake is to synchronize the sequence number and acknowledgment numbers of both sides of the connection and exchange other information defining how the two hosts will exchange packets.

Hope you find hope full information on this .

Cheers

sanda

Hi Folks

Next IT Pro communitiy gathering will be on last week of this month. we have selected 4 topics and we need to get the feed back from every one . so we can select 2 topics to talk about on that day. so guys that would be great if you all can reply for this based on your interesting and if you feel that is there any other topic that you want to discuss , please mention that as well.

topics are

Active Directory Introduction

Introduction to Windows Vista and new features

Introduction to share point services 3.0 and main difference between share point services 2.0 and 3.0

introduction to group policy.

venue and the date will be send via mail . most probably it will be on last week of this month. so guys give your comment on this and your feed back graetly appriciated .

cheers

Sanda

Hi folks

You make use ISA Server as the protection edge for your network and data. But have you ever worried about how are you going to secure the ISA box itself .here are some tips that you can do to secure the ISA Server it self.

Secure the external Network Interfaces

• Disable File and Printer Sharing for Microsoft Networks and Client for
• Microsoft Networks.
• Disable NetBIOS over TCP/IP.
• Disable the LMHOSTS Lookup option.
• Disable automatic Domain Name System (DNS) name registration.

Secure the internal network interface

• Leave File and Printer Sharing for Microsoft Networks enabled on the internal interface
• Client for Microsoft Networks must also be enabled if you want to access resources on the internal network
• Disable NetBIOS over TCP/IP if you do not have any legacy client computers or Net- BIOS-based applications on the network that need access to the ISA Server computer.
• Leave automatic DNS name resolution enabled on the internal network interface. so that the ISA Server computer’s IP address is registered in DNS
•  

Apply relevant security templates

enable only required service which need to run ISA Server

apply security updates and monitor security updates

cheers .

Sanda

Hi Falks . just wanted to post this since i have seen many ISA Server 2004 installation .but what will happen exactly after you install ISA server 2004. here it is ......

default installation settings of ISA Server 2004

• Only administrators can modify the firewall policies
• Traffic is routed between ISA Server and all other networks
• Traffic is routed between VPN clients and internal networks
• Traffic  between internal network, the VPN networks ,VPN quarantine network , and the internet  will use network address translation
• System policy access to the ISA Server but access rule deny all network traffic through the ISA Server
• No servers are published
• Web proxy requests will be retrieved directly from the internet
• Caching is disabled .
• Rule enable to access firewall client installation share is configured If you install firewall client share installation files  

hope you will find best out of this .

cheers

sanda

hi guys here am trying to explain about how ISA Server 2004 filter the data packet by using different filtering mechanisum.  below article would be more clear , if i can upload the picture. because a single picture explain many things . here we go.

When a network packet arrives at the firewall, it goes through one or more components in the ISA Server architecture. The network packets may be

inspected and allowed or denied by each of the following components:

1.  Packet filtering.

The firewall engine, which runs in kernel mode, receives the packets as they pass through the network layer. The packets are associated with a connection rule, and then the packets are filtered. The firewall engine applies the packet filters. If no packet filters apply, the packet is passed to the firewall service.

2.  Stateful and protocol filtering.

The firewall service, which runs in user mode, performs protocol and stateful filtering. The firewall service creates and manages firewall connections. The firewall service also handles communication with and connections via Firewall Client. If an application filter or Web filter is associated with the connection protocol, the packet is passed to the appropriate application filter or Web filter.

3.  Application filtering.

The application filters expand the network packet and inspects the application data. If the packet uses the HTTP or Hypertext Transfer Protocol Secure (HTTPS) protocols, the message is passed through the Web proxy filter to a HTTP Web filter, which inspects the application data. The Web proxy filter also manages and accesses the Web cache.

4.  Kernel mode data pump.

 If the data entering the firewall engine can be associated with an existing connection rule, the data is forwarded through ISA Server using the kernel mode data pump. This means that data that will be accepted by the higher layers in the architecture can be passed through ISA Server without ever leaving the kernel mode driver.

The rules engine communicates with all of the other major components, including with both the firewall engine and the firewall service, as well as with

application and Web filters.

cheers

Sandaruwan

Hi Guys .even though this article is quite short , hope you find best out of it the way exchange server flow the mail from reciepent to sender .

The following Exchange Features require the use of SMTP:

• Intra Server Message Delivery
• Inter Server Message Delivery
• Message Delivery to the Internet
• Exchange of Routing Information

cheers

sandaruwan

Hi Folks

Since i have been working with ISA Server 2004 for about couple of years and by looking at the new release of ISA Server 2006, below i have mentioned down some new key features which sense me to upgrade to ISA Server 2006. hope you all find best out of this.

Share point Portal Server Publishing wizard .

Fully support for Exchange Server 2007.

branch office VPN connetivity Wizard . 

Flood Resiliency (ISA Server stop unavailable from flooding attacks ).

Enhanced remediation during attack.

Support for LDAP authentication (ISA Server 2006 can access the Authenticate to Active Directory without being the member of the domain. )

BITS caching.(ISA Server 2006 provides the caching mechanism for data received through BITS. Any cache rule that you create can be enabled to cache BITS data.)

Web Publishing load balancing .(Automatically balance request stream among ISA servers on the arry )

HTTP compression.(HTTP compression reduces file size by using algorithms to eliminate redundant data during transmission of HTTP packets)

Quality of Service (new packet prioritization functionality (provided by the Diffserv Web filter), which scans the URL or domain and assigns a packet priority using Diffserv bits.)

if you guys have any problem or more explanation , please put a request so i would be able to support you to clear out doubts . 

cheers

sandaruwan