Hohoho – I am harrybbb – the publisher of the Microsoft Small Business Specialist title focused on passing the 70-282 exam. And darn it, I like to hold virtual book readings. So lets rock.
Configure ISA Server 2000 and Firewalls
When delving deep into ISA Server 2000 and the firewall discussion, step back and consider one approach used in assessment testing. Vendors love to test their stakeholders on the new delta features or the changes since the last release. That is a major paradigm that many exam writers adhere to: “…let’s make sure our partners know about these new features!” So, if you agree, you’d want to approach the ISA Server 2000 and firewall discussion with that thinking, including it in your analytical attack strategy. You can control the flow of Internet Protocol (IP) packets to and from ISA Server with the packet filtering feature in ISA Server. When you enable packet filtering, all packets on the external interface are dropped unless they are explicitly allowed, either statically by IP packet filters or dynamically by access policy or publishing rules.
Packet filters. Most of the time it is recommended to open ports dynamically. Create access policy rules allowing internal clients to access the Internet and publishing rules allowing external clients access to internal servers.
· IP packet filters open ports statically.
· Access policy and publishing rules open ports dynamically.
For instance, if you want users to have access to all HTTP sites you would create a site and content rule and protocol rule for this access, and not an IP packet filter that opens port 80.
Get secure, stay secure . In the SBS 2003 release time frame, Microsoft’s shift to emphasizing security in its software was at full throttle! If you understand where Microsoft was coming from when it was developing the 70-282 exam and SBS 2003, that’ll yield tremendous dividends when you are flat-out stuck on a security question on the 70-282 exam and must guess at an answer. If you must guess, remember that Microsoft was just starting to enter a very conservative era relating to its security practices when the 70-282 exam was created, so you’d
Chapter 6 Securing Windows Small Business Server 2003
want to answer the Microsoft way. In that case, any answer you guess at would be the most restrictive and conservative, all things being equal.
IMPORTANT: Again, remember that the 70-282 exam was written with ISA Server 2000 in mind, not the newly released ISA Server 2004 product. So you might actually need to build a test SBS 2003 network with legacy ISA Server 2000 installed so you THINK like the 70-282 exam!
So let’s dive into ISA Server 2000 and firewalls at an appropriate level for a 70-282 exam-cram book. There are many ways to configure individual settings in ISA Server 2000 and its firewalls. ISA controls the firewall by way of access rules, the firewall clients that use them, and policy elements. The policy elements cover bandwidth, destination sets, client address sets, schedules, protocol definitions, content groups, and dial-up entries. Policy elements allow values to be set on rule properties that are defined beyond the scope of the rule itself.
Regardless whether you install ISA Server 2000 in firewall mode or in integrated mode, you must specify the local address table. The LAT is a table of all internal IP address ranges used by the internal network behind the ISA Server 2000. ISA Server 2000 uses the LAT to control how machines on the internal network communicate with external networks. All of these elements—the LAT, access rules, client types, and policy elements—play into configuring ISA Server 2000.
Harry Brelsford, CEO at SMB Nation
MBA, MCSE, CNE, CLSE, CNP, MCP, MCT, SBSC (Microsoft Small Business Specialist)