MCSE Training Kit: Microsoft Internet Security and Acceleration Server 2000

Microsoft Corporation

  • 出版商: MicroSoft
  • 出版日期: 2001-06-09
  • 售價: $1,890
  • 貴賓價: 9.5$1,796
  • 語言: 英文
  • 頁數: 656
  • 裝訂: Hardcover
  • ISBN: 0735613478
  • ISBN-13: 9780735613478
  • 相關分類: 資訊安全





Official Microsoft® study guide for the skills you need on the job—and on the exam.

Learn how to deliver faster, more secure Web access to your business—and prepare for the Microsoft® Certified Professional (MCP) exam—with this official Microsoft study guide. Work through the lessons and hands-on exercises to gain practical experience using Internet Security and Acceleration (ISA) Server 2000 to optimize network performance and security. As you build these real-world support skills, you’re also preparing for MCP Exam 70-227—a key elective on the MCSE/MCSA tracks.

• Installing ISA Server, including upgrading from Microsoft Proxy Server 2.0
• Setting up hosting roles, VPNs, dial-up connections, and an H.323 Gatekeeper
• Creating and administering access control and bandwidth policies
• Configuring clients for secure network address translation, firewall software, and other services
• Managing arrays of multiple ISA Server computers
• Applying forward and reverse caching for faster Web connectivity
• Monitoring server performance with alerts, logs, reports, and performance counters
• Troubleshooting problems with access, network usage, and security

• Comprehensive self-paced training manual that maps to MCP exam goals and objectives
• Skill-building exercises that help you apply what you learn to the job
• Summaries and end-of-chapter review questions to help gauge your progress
• 120-day evaluation version of ISA Server 2000 Enterprise Edition
• All the book’s content on CD-ROM



Table of Contents:

About This Book xxiii
Intended Audience xxiv
Prerequisites xxiv
Reference Materials xxiv
About the CD-ROM xxv
Features of This Book xxv
    Notes xxvi
    Conventions xxvi
        Notational Conventions xxvi
        Keyboard Conventions xxvii
    Chapter and Appendix Overview xxviii
    Finding the Best Starting Point for You xxx
        Where to Find Specific Skills in This Book xxx
        Installing ISA Server xxx
        Configuring and Troubleshooting ISA Server Services xxxi
        Configuring, Managing, and Troubleshooting Policies and Rules xxxii
        Deploying, Configuring, and Troubleshooting the Client Computer xxxiii
        Monitoring, Managing, and Analyzing ISA Server Use xxxiii
    Getting Started xxxiv
        Hardware Requirements xxxiv
        Software Requirements xxxv
        Setup Instructions xxxv
The Microsoft Certified Professional Program xxxvii
    Microsoft Certification Benefits xxxviii
        Microsoft Certification Benefits for Individuals xxxviii
        Microsoft Certification Benefits for Employers and Organizations xxxix
    Requirements for Becoming a Microsoft Certified Professional xl
    Technical Training for Computer Professionals xli
        Self-Paced Training xli
        Online Training xli
        Microsoft Certified Technical Education Centers xlii
Technical Support xlii
CHAPTER 1  Introduction to Microsoft Internet Security and Acceleration Server 2000 1
    About This Chapter 1
    Before You Begin 2
Lesson 1 Overview of ISA Server 3
    Editions Comparison 3
        ISA Server Enterprise Edition 3
        ISA Server Standard Edition 4
        Key Differences 4
    ISA Server Roles 4
        Internet Firewall 5
        Secure Server Publishing 5
        Forward Web Caching Server 5
        Reverse Web Caching Server 5
        Integrated Firewall and Web Cache Server 5
    Windows 2000 Integration 6
    Scalability 9
    Extensibility 9
    ISA Server Architecture 10
    Practice: ISA Server Overview Presentation 15
    Lesson Summary 16
Lesson 2 Introduction to the ISA Server Firewall 17
    Filtering Methods 17
        IP Packet Filtering 17
        Circuit-Level (Protocol) Filtering 18
        Application Filtering 19
    Bandwidth Rules 22
    Integrated Virtual Private Networking 22
    Integrated Intrusion Detection 24
        Packet Filter Intrusions 24
    Secure Publishing 25
    Lesson Summary 27
Lesson 3 Overview of ISA Server Caching 28
    High-Performance Web Cache 28
    Forward Web Caching Server 28
    Reverse Web Caching Server 30
    Scheduled Content Download 31
    Active Caching 31
    CARP and Cache Server Scalability 32
    Hierarchical Caching 33
    Web Proxy Routing 34
    Lesson Summary 35
Lesson 4 ISA Servers Management Features 37
    Intuitive User Interface 37
    Integrated Administration 38
    Policy-Based Access Control 38
    Tiered Policy 40
        Array Policy 40
        Enterprise Policy 41
    Lesson Summary 41
Review 43
CHAPTER 2  Installing Microsoft Internet Security and Acceleration Server 2000 45
    About This Chapter 45
    Before You Begin 46
Lesson 1 Planning for an ISA Server Installation 47
    Capacity Planning 47
        Minimal Requirements 48
        Remote Administration Requirements 48
        Firewall Requirements 48
        Forward Caching Requirements 49
        Publishing and Reverse Caching Requirements 50
    Array Considerations 50
        Array Requirements 51
        Standalone Servers and Single-Server Arrays 51
    ISA Server Mode 52
    Internet Connectivity Considerations 53
        Publishing and Connectivity 54
    ISA Server in the Network 54
        Windows NT 4.0 Domain 54
        ISA Server Configuration Data 54
        Internet Connection Server 55
        Remote Access Server 55
    ISA Server Network Topology Scenarios 55
    Small Office Scenario 55
    Enterprise Scenario 56
        Enterprise Network Configuration 56
    Web Publishing Topologies 58
        Co-Located Web Server 58
        Web Server on Local Network 58
    Exchange Server Publishing Topologies 59
        Co-Located Exchange Server 59
        Exchange Server on Local Network 60
    Perimeter Network (DMZ) Scenarios 60
        Back-to-Back Perimeter Network Configuration 61
        Three-Homed Perimeter Network (DMZ) Configuration 62
    Lesson Summary 63
Lesson 2 Performing an ISA Server Installation 64
    Before You Install ISA Server 64
        Setting Up the Network Adapter 64
        TCP/IP Settings 65
        Setting Up a Modem or ISDN Adapter 65
    Windows 2000 Routing Table 66
    Installing ISA Server 66
        Initializing the Enterprise 67
    Installation Procedure 68
    Constructing the Local Address Table 70
        Windows 2000 Routing Table 71
    Default Settings 71
    Troubleshooting ISA Server Installation 72
    Practice: Installing ISA Server Enterprise Edition 73
        Exercise 1: Initializing the Enterprise 73
        Exercise 2: Installing ISA Server Software 74
    Lesson Summary 77
Lesson 3 Migrating from Proxy Server 2.0 78
    Migrating from Microsoft Proxy Server 2.0 78
    Operating System Considerations 78
        Proxy Server on Windows 2000 78
        Proxy Server on Windows NT 4.0 79
    Proxy Server 2.0 Array Considerations 80
    Migrating to an Array 81
    Migrating Proxy Server 2.0 Configuration 82
        Proxy Chains 82
        Web Proxy Client Requests 82
        Publishing 82
        Cache 82
        SOCKS 82
        Rules and Policies 83
    Lesson Summary 83
Review 84
CHAPTER 3  Configuring Secure Internet Access 85
    About This Chapter 85
    Before You Begin 86
Lesson 1 Configuring Local Clients for Secure Internet Access 87
    About ISA Server Clients 87
    Assessing Client Requirements 88
    Configuring SecureNAT Clients 90
        Configuring SecureNAT Clients on a Simple Network 91
        Configuring SecureNAT Clients on a Complex Network 91
        Additional SecureNAT Configuration for Dial-up Networks 91
    Resolving Names for SecureNAT Clients 92
        Internet Access Only 92
        Internal Network and Internet Access 92
    Firewall Clients 92
    Firewall Client Application Settings 94
        Advanced Client Configuration 94
        Sample Wspcfg.ini File 95
    Web Proxy Service 97
        Configuring Web Proxy Clients 98
        Direct Access 99
    Practice 1: Establishing Secure Internet Access for Web Proxy Clients 99
        Exercise 1: Creating a Protocol Rule 100
        Exercise 2: Configuring Internet Explorer to Use the Web Proxy Service 101
    Practice 2: Installing Firewall Client 101
        Exercise: Installing Firewall Client over the Local Network 102
    Lesson Summary 102
Lesson 2 Configuring ISA Server Dial-up Connections 103
    Configuring Dial-up Entries 103
    Dial-on-Demand 105
    Configuring Dial-on-Demand 106
        Limiting ISA Server Dial-out to External Sites 107
    Closing Dial-up Connections 108
    Practice: Configuring a Dial-up Entry 108
        Exercise 1: Testing Internet Connectivity 108
        Exercise 2: Creating a New Dial-up Entry 109
        Exercise 3: Configuring ISA Server to Route through the Dial-up Entry 110
        Exercise 4: Restarting the Firewall Service 110
        Exercise 5: Viewing SecureNAT Session Information 111
    Lesson Summary 111
Lesson 3 Configuring Automatic Discovery of ISA Server 112
    Automatic Discovery 112
        Configuring WPAD and WSPAD on the DNS or DHCP Server 113
        Automatic Discovery for Firewall Clients 115
        Verifying Automatic Discovery for Firewall Clients 115
        Automatic Discovery for Web Proxy Clients 116
        Troubleshooting Automatic Discovery 116
    Practice: Configuring Automatic Discovery 117
        Exercise 1: Publishing Automatic Discovery 117
        Exercise 2: Creating a WPAD Alias (CNAME) Record in DNS 118
        Exercise 3: Enabling Automatic Discovery on a Firewall Client 118
        Exercise 4: Testing Automatic Discovery 118
    Lesson Summary 119
Lesson 4 Troubleshooting ISA Server Client Connectivity 120
    Troubleshooting Client Connections 120
    Troubleshooting Dial-up Entries 122
    Restarting Services after Configuration Changes 123
    Lesson Summary 126
Review 127
CHAPTER 4  Configuring Internet Security Using Access Policies 129
    About This Chapter 129
    Before You Begin 130
Lesson 1 Creating an Access Policy with ISA Server 131
    Controlling Outgoing Requests 131
        Configuring Access Policy 133
    Rules and Authentication 134
        SecureNAT Clients and Authentication 134
        Firewall Clients and Authentication 135
        Web Proxy Clients and Authentication 135
    ISA Server System Security (System Hardening) 136
    Getting Started Wizard 137
    Lesson Summary 139
Lesson 2 Creating Customized Policy Elements 140
    Policy Elements 140
        Array-Level and Enterprise-Level Policy Elements 140
    Configuring Schedules 141
    Configuring Destination Sets 142
    Client Address Sets 144
    Client Users and Groups 145
    Configuring Protocol Definitions 145
        Direction 146
    Configuring Content Groups 147
    Practice: Creating Policy Elements 149
        Exercise 1: Creating a Schedule 149
        Exercise 2: Creating a Destination Set 150
    Lesson Summary 151
Lesson 3 Configuring Protocol Rules 152
    Protocol Rules 152
    Protocol Rule Configuration Scenario 153
    Protocol Availability 154
        Application Filters and Protocol Availability 155
    Processing Order 156
    Array-Level and Enterprise-Level Protocol Rules 156
    Web Protocols 156
    Protocol Definitions that are Installed with ISA Server 157
    Practice: Assigning Protocol Rules to User Accounts 160
        Exercise 1: Monitoring Sessions in ISA Management 161
        Exercise 2: Requiring Authentication for Web Sessions 161
        Exercise 3: Assigning a Protocol Rule to a Windows 2000 User 162
    Lesson Summary 164
Lesson 4 Configuring Site and Content Rules 165
    Site and Content Rules 165
        Processing Order 165
        Allow and Deny Actions 166
    Destination Sets and Path Processing 166
    Array-Level and Enterprise-Level Site and Content Rules 167
        Sample Site and Content Rule 168
    Content Groups 168
    Practice: Creating New Site and Content Rules 174
        Exercise 1: Denying User1 Access to Audio and Video Content 175
        Exercise 2: Testing the Configuration 176
    Lesson Summary 177
Lesson 5 Configuring IP Packet Filters 178
    When to Use IP Packet Filters 178
    Creating IP Packet Filters 179
    Configuring Packet Filter Options 183
    IP Fragment Filtering 183
    IP Options Filtering 184
    Logging Packets 184
    Practice: Running Internet Services on the ISA Server Computer 185
        Exercise 1: Creating an IP Packet Filter for Incoming (POP3) Mail 185
        Exercise 2: Creating an IP Packet Filter for Outgoing (SMTP) Mail 187
        Exercise 3: Creating an IP Packet Filter for NNTP 188
        Exercise 4: Creating an IP Packet Filter to Allow Outgoing Web Requests (DNS Queries) 189
        Exercise 5: Creating an IP Packet Filter for Web Content (HTTP) 190
    Lesson Summary 191
Lesson 6 Configuring ISA Server to Detect External Attacks and Intrusions 192
    Intrusion Types and Alerts 192
    Port Scan Attack 193
        All Ports Scan Attack 193
        Enumerated Port Scan Attack 193
    IP Half Scan Attack 194
    Land Attack 194
    Ping of Death Attack 194
    UDP Bomb Attack 195
    Windows Out-of-Band Attack (WinNuke) 195
    Configuring Intrusion Detection 195
    Practice: Configuring Intrusion Detection on ISA Server 197
        Exercise: Enabling Intrusion Detection 197
    Lesson Summary 198
Review 199
CHAPTER 5  Configuring Internet Acceleration through the ISA Server Cache 201
    About This Chapter 201
    Before You Begin 201
Lesson 1 Creating a Basic Cache Policy with Routing Rules 202
    How Caching Works 202
    Processing Caching Rules 202
        Cache Configuration Properties 203
        Routing Rules 203
        When to Cache Content 203
        When to Retrieve Objects from the Cache 204
        Applying Routing Rules to Particular Destinations 204
        Rule Order 208
        Default Routing Rule 208