Tag Archives: ISA

Reader mail – I love hearing from readers! ISA and SBS 2008

Today is Monday and it is the administrative day at work – sales meetings, operations meetings, accounting meetings, etc. So to break up the day, I did two things. First – I started streaming some public radio music so I could rock on. Second – I answered a reader’s e-mail regarding ISA and Small Business Server 2008 (SBS).

The reader wrote:

Hi Harry,

Do you have any idea why Microsoft removed ISA from SBS Premium?  I guess I was the minority but I ONLY sold SBS 2003 Premium because of ISA and loved it.  I did not have 1 installation hacked or any serious incidents and I attribute it to ISA.  Do they have any plans to reincorporate it or it’s newer version into SBS 2008?

Do you happen to have the Product Manager’s name and e-mail address for SBS 2008?  I’d like to give them my 2 cents worth!

Thanks in advance for your time….Vince

And I answered:

Hi Vince and thank you so much for the e-mail. I greatly appreciate it.

The short story on the ISA matter is that Microsoft really turned that over to 3rd parties – and I support that. To be honest – a firewall on the edge such as Cisco, Untangle, SonicWall, etc. is much better than a dual-NIC scenario from the legacy SBS world. 🙂

If you’d like to communicate with Microsoft about this – and I encourage you to – your community manager is Kevin Beares at kbeares@microsoft.com and tell him Harryb sent ya!

cheers…harrybbbb

Leave a comment

Filed under Life Happens

Relocating ISA and RRAS Log Files in Small Business Server 2003

and RRAS Hi there folks – harrybbbb here. I am the co-author of the Advanced Small Business Server 2003 Best Practices book and I greatly enjoy posting up passages as a virtual book reading. So here we go!

Relocating ISA Server Log Files

There are three different ISA Server log files. To change the location to which these ISA Server log files are written:

  • 1. Log on to SBS 2003 as the administrator.
  • 2. Open the ISA Management Console by clicking Start, selecting All Programs, Microsoft ISA Server and finally ISA Management.

4-8

y SECTIONBrelsford1 ☛ SBS 2003Consuting BestDeploymentPrac

 
  • 3. Expand Servers and Arrays, your computer name, and Monitoring Configuration, and click Logs.
  • 4. Right-click Packet Filters and choose Properties from the con­text menu.
  • 5. On the Packet filters Properties dialog box, click Options.
  • 6. On the Options dialog box, click the Other folder radio button and click Browse to manually set the storage location you would like (See Figure 4-1 for an illustration of this procedure).
  • 7. Repeat this procedure until you have changed the location for all three ISA Server logs. The 3 three log files are Packet filters, ISA Server Firewall service, ISA Server Web Proxy Service.

Note that this procedure does not move existing ISA Server log files; it merely establishes the location for future log files. If you want to move old ISA Server log files, you must do so manually. You can find these log files in the original ISA Server installation directory in a subfolder called ISALogs (the default directory is typically “C:\Program Files\Microsoft ISA Server\ISALogs”).

Figure 4-1

Relocating the ISA Server log files.

 

 

pter CHAPTER1 ☛ 4 So You AdvanceWant o SetupBe an and SMB DeplymentConsultan

4-9

Relocating RRAS Log FilesTo change the location to which the RRAS log files are written:

  • 1. Log on to SBS 2003 as the administrator.
  • 2. Launch the Server Management console.

•3.   Open Advanced Management, expand Computer Management (Local), Services and Applications, Routing and Remote Access, and click Remote Access Logging.

  • 4. In the right pane, right-click Local File and select Properties from the context menu.
  • 5. On the Log File Properties dialog box, select the Log File tab.
  • 6. Click Browse to set the location for the log files.

The Browse button here displays a dialog box that does not include a New Folder button, so you will need to create the new folder ahead of time (for example, on the Library partition).

Note that this procedure does not move existing RRAS log files; it merely establishes the location for future log files. To move existing RRAS log files, you must manually copy them from the default location of %Systemroot\ System32\LogFiles.

Moving SQL Server Log Files

Moving SQL Server log files is somewhat complex, so rather than trying to explain it all here, I would like to point you to Microsoft Knowledge Base Article 224071 “Moving SQL Server databases to a new location with Detach/ Attach”. Note, however, that one step is missing from the article concerning how to start the SQL Command Interface. Assuming you are going to move the SharePoint files, here is the command: osql -E -S computername \ SharePoint. Be sure to replace “computername” with your actual computer name.

 

 

cheers….harrybbbb

Harry Brelsford, CEO at SMB Nation

MBA, MCSE, CNE, CLSE, CNP, MCP, MCT, SBSC (Microsoft Small Business Specialist)

PS – my Small Business Server 2008 (SBS 2008) book is now here! J

PPS – my spring show, SMB Nation Spring 2009, is in the NYC-area on May 1-3, 2009.

Leave a comment

Filed under Book

70-282 Exam Cram: ISA Firewall Rules (Microsoft Small Business Specialist Primer book excerpt)

Hiya folks – I am the publihser of the Microsoft Small Business Specialist Primer and I like to hold virtual book readings! This passage is targeted to folks trying to pass the 70-282 exam and concerns ISA firewall rules in a Small Business Server 2003 (SBS) world!

ISA Server 2000 Firewall Access Rules

As you will read in this section, you can configure access policies in ISA Server 2000 that consist of protocol rules and content rules.

Protocol Rules

Protocol rules define the protocols that can be used for communication between the local network and the Internet. Protocol rules are processed at the application level, allowing clients to use protocols like HTTP, HTTPS, and FTP. You can configure protocol rules to apply to all IP traffic, a specific set of protocols definitions, or to all IP traffic except for selected protocols.


When clients request objects using a specific protocol, ISA Server 2000 checks the protocol rules. If there is a protocol rule specifically denying use of the protocol, the request is denied.

Site and Content Rules

Site and content rules define what content clients can be accessed on what Internet sites. Site and content rules are processed at the application level, allowing or denying clients based on the content of a website and specific protocols used to access that website. When clients request objects, ISA Server 2000 checks the site and content rules. If a site and content rule specifically deny the request, access is denied.

IMPORTANT: So how can you truly commit to memory what protocol rules and site and content rules are and how you might use them? Try this on for size. These rules prevent good girls from behaving badly (kinda sounds like an Internet web-cam site, eh?). Many faiths believe that humans are basically good, not evil. But there are temptations out there in the world that challenge the angelic behaviors of the best of us! So sometime we need a roadblock to prevent us from driving on the road to ruin. These site and content rules, when applied, can serve as that roadblock and prevent kind souls from becoming evil by visiting naughty Internet locations. Consider this akin to your buddy throwing a body block so you can’t hurt yourself!

In all seriousness, one SBS site at a sheriff’s department for a small county outside Denver, Colorado, uses the rules discussed in this section. Because of the nature of law enforcement work, it’s essential that all employees operate and conduct their affairs in a manner above reproach. So the protocol, site, and content rules prevent employees from engaging in potentially embarrassing acts. Anything less would be criminal.

Notes:


cheers….harrybbbb

Harry Brelsford, CEO at SMB Nation

MBA, MCSE, CNE, CLSE, CNP, MCP, MCT, SBSC (Microsoft Small Business Specialist)

PS – my Small Business Server 2008 (SBS 2008) book is now here! J

PPS – my spring show, SMB Nation Spring 2009, is in the NYC-area on May 1-3, 2009.

Leave a comment

Filed under Book

Microsoft ISA resources in a SBS 2003 world! [Windows Small Business Server 2003 Best Practices]

Good Sunday to you mates. I am just having coffee and watching the Sunday morning talk shows. What better time for a virtual book reading?!?!  So today’s passage relates to ISA resources in the context of your Windows Small Business Server 2003 (SBS) network. It’s all from da’ purple book that I wrote!

 

cheers…harrybbbb

Harry Brelsford, CEO at smb nation www.smbnation.com

Microsoft Small Business Specialist SBSC, MBA, MCSE, MCT, MCP, CNE, CLSE, CNP

PS – did u know I host a technology conference in the New York City area each spring? Save the date for March 6-8, 2009 and watch “voice meet data” in the SMB space!

PPS – my SBS 2008 book will be out in mid-November 2008!

PPPS – my Microsoft Response Point Primer book is here NOW!

Resources

How many times have I emphasized that (a) this book is an introductory and intermediate volume for the SBS 2003 product, (b) an advanced SBS 2003 book is forthcoming, and (c) you need to go forth and learn more about the individual rich applications, such as ISA Server 2000, by reading books, etc., dedicated specifically to the matter at hand. This book paints some broad and narrow strokes for each SBS 2003 component but can’t hope to compete with individual texts dedicated to only one topic.

Books

I again feature my “fave” authors here: Roberta Bragg and Dr. Thomas Shinder.

Consider books from either of these authors as a next step with ISA Server 2000. Roberta Bragg offers the following ISA Server 2000 books (search on Roberta’s name at Amazon to find these books):

 

          MCSE Training Guide (70-227): Installing, Configuring and Adminis­

 

tering Microsoft Internet Security and Acceleration (ISA) Server 2000

                      Network Security: The Complete Reference

 

Dr. Thomas Shinder offers the following ISA Server 2000 books (search on the good doctor’s name to find these books):

                      Configuring ISA Server 2000

                      Dr. Tom Shinder’s ISA Server and Beyond: Real World security Solu­tions for Microsoft Enterprise Networks

                      Configuring ISA Server 2000: Building Firewalls for Windows 2000

 

Web Sites

Several sites I point you to here are great ISA Server 2000 and security resources. First and foremost would be http://www.isaserver.org, maintained by the good Dr. Tom! And you’ll find Roberta’s contributions in a monthly security column at http://www.mcpmag.com in her “Security Advisor” column. Don’t forget

Chapter 13 Premium Security: ISA Server 2000

Microsoft’s ISA Server site at http://www.microsoft.com/isa. And monitor http://www.microsoft.com/security and http://www.microsoft.com/technet for the latest updates related to security matters.

Courses

Perhaps you’re like me and have attended Microsoft Official Curriculum courses that, to be honest, left you hungry. Such is not the case with the ISA Server 2000 three-day course titled Deploying and Managing Microsoft Internet Security and Acceleration Server 2000 (Course 2159). I found this three day course to be excellent and worth the time and expense. Full details at http://www.microsoft.com/traincert.

Leave a comment

Filed under Book

SBS 2003 and ISA “Futurama” [Windows Small Business Server 2003 Best Practices book excerpt]

Hello there this Saturday! I am Harry Brelsford, author of the Windows Small Business Server 2003 Best Practices book (SBS 2003) and madly working on my SBS 2008 book! I hold a daily virtual book reading by posting up passages – today is no exception and I look FORWARD in the SBS 2003 time frame.

cheers…harrybbbb

Harry Brelsford, CEO at smb nation www.smbnation.com

Microsoft Small Business Specialist SBSC, MBA, MCSE, MCT, MCP, CNE, CLSE, CNP

PS – did u know I host a technology conference in the New York City area each spring? Save the date for March 6-8, 2009 and watch “voice meet data” in the SMB space!

PPS – my SBS 2008 book will be out in mid-November 2008!

PPPS – my Microsoft Response Point Primer book is here NOW!

Futurama!

This section of the chapter looks forward to ISA Server 2004, the next release of ISA Server from Microsoft. It’s also a teaser for how you and I might meet again in my advanced SBS 2003 book down the road when I’ll profile SBS 2003 in-depth.

First, as of this writing, it is not known when ISA Server 2004 will ship and how it will be offered to the SBS 2003 community. I give Microsoft credit for marching ahead with SBS 2003 and releasing it October 9, 2003, instead of waiting for ISA Server 2004. Why? Because based on the research I’ve done, ISA Server 2004 will likely benefit the enterprise sites with 5,000 users in its standalone product version versus greatly helping the ten-user SBS 2003 network. That’s not to say SBSers won’t be appreciative of ISA Server 2004 because they will. I’m just predicting that you’ll find the delta changes to be smaller than you might have anticipated. Moving SBS 2003 forward with ISA Server 2000 was a good thing.

Second, exactly what is ISA Server 2004? According to WinBeta.org, ISA Server 2004 is a generational improvement to the ISA Server 2000 product. It’ll incorporate improvements such as signature blocking and, borrowing from SBS-like thinking, have a simpler setup and configuration process. The public beta is anticipated in early 2004 (this book was written in the second part of 2003).

Third, what’s my prediction on how it will integrate with SBS 2003 technically and from a marketing perspective? Clearly the setup process you saw for ISA Server 2000 in SBS 2003 premium edition is most likely how the setup process will work for ISA Server 2004. That is unless the SBS development team looks for a way to use the ISA Server 2004 release as a chance to refresh the SBS 2003 product with a new setup process (this could be accomplished with a simple wizard that accompanies ISA Server 2004 when shipped to registered SBS 2003 owners). The marketing side is in some ways more complex. Will Microsoft just give ISA Server 2004 to existing SBS 2003 premium edition owners? Will a discount be given on the purchase price? Will Microsoft not even emphasize ISA Server 2004 with the SBS 2003 premium edition product? Stand by!

Leave a comment

Filed under Book

ISA as a third-party development platform for SBS 2003? [Windows Small Business Server 2003 Best Practices book excerpt]

g’day folks – harrybbbb here with my daily virtual book reading and the topic today is something people forget….ISA was originally developed beyond good old proxy server to be a platform for ISVs to build on…companies like F5 in Seattle really embraced this! Enjoy today’s passage!

 

cheers…harrybbbb

Harry Brelsford, CEO at smb nation www.smbnation.com

Microsoft Small Business Specialist SBSC, MBA, MCSE, MCT, MCP, CNE, CLSE, CNP

PS – did u know I host a technology conference in the New York City area each spring? Save the date for March 6-8, 2009 and watch “voice meet data” in the SMB space!

PPS – my SBS 2008 book will be out in mid-November 2008!

PPPS – my Microsoft Response Point Primer book is here NOW!

Third-party Development Platform

This section is a real treat in this chapter. So many people look at Microsoft’s ISA Server 2000 application as the end all and be all of security. That is not an appropriate viewpoint. First, security is ever-evolving, so at best ISA Server 2000 is only part of the security equation. Second, the more healthy and holistic view of ISA Server 2000 is to consider what can be added to the core services it provides. In fact, Microsoft touts ISA Server 2000 as a development platform for its partners to add cool stuff on top. Vendors such as F5, Trend Micro, GFI, and others do exactly that, selling security-related applications that require ISA Server 2000 to operate. This was a key message during the GTM hands-on labs in the US during the spring of 2003. So remember that the oft-forgotten jewel in ISA Server 2000 is the ability to expand it with additional functionality provided by ISVs.

Leave a comment

Filed under Book

ISA naughty reports in SBS 2003 [Windows Small Business Server 2003 Best Practices book excerpt]

G’day mates – Harrybbbb here on his thrid cup of cofeeeeee….

I hold a daily virtual book reading where I post up a passage from one of my books. This is a favorite section in detecting naughty behavior in ISA in an SBS 2003 world! Beware earthlings – we can watch you and everything you do on your Windows Small Business Server 2003 network! 🙂

 

cheers…harrybbbb

Harry Brelsford, CEO at smb nation www.smbnation.com

Microsoft Small Business Specialist SBSC, MBA, MCSE, MCT, MCP, CNE, CLSE, CNP

PS – did u know I host a technology conference in the New York City area each spring? Save the date for March 6-8, 2009 and watch “voice meet data” in the SMB space!

PPS – my SBS 2008 book will be out in mid-November 2008!

PPPS – my Microsoft Response Point Primer book is here NOW!

Naughty Reports

Some of my SBS clients are control freaks and want to snoopervise users on Internet usage. Some are motivated by deeply held beliefs that viewing pornographic sites is simply wrong and immoral. Others have financial motivations that employees should work, not play, during business hours at their place of employment. With this second group of control freaks, they often don’t care what you do with your own computer at home on your own time.

Granted, these reports were best presented in the SBS 4.x era as a button-click away via the management consoles, but as you’ll see here, these reports, while hidden, can still be found and well used. What occurs is the reports are built using the nearly unreadable raw Internet activity data, shown below (Figure 13-19), and then the data is massaged and an attractive report is the result! Note that the SBS 4.x versions actually used a run-time version of Crystal Reports to render the naughty and nice reports.

 Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

Figure 13-19

The raw reports that hold the secrets as to who (individually) has been naughty or nice on the Internet. But, alas, the reports are hard to read.

BEST PRACTICE: If you must, you can view the raw ISA Server logs at::

%system drive%\Program Files\Microsoft ISA Server\ISALogs.

Rumor has it there are some great third-party parsing tools to present this raw data better. See the ISA Server 2000 Web sites I refer you to at the end of the chapter.

First, you must create a report job. Perform these steps.

1                    Log on to SPRINGERS1 as Administrator with the password Husky9999!.

2                    Click Start, Server Management.

3                    Expand the ISA Management snap-in (assuming you modified the console earlier in this chapter).

4                    Expand Servers and Arrays.

5                    Expand the SPRINGERS1 server object.

6                    Expand Monitoring Configuration.

 

Chapter 13 Premium Security: ISA Server 2000

 

7.         Right-click the Report Jobs folder and select New, Report Job.

 

8.         The Report Job Properties dialog box appears. Type SPRINGERS Naughty and Nice Reports in the Name field.

 

9.         Select the Period tab and select Monthly.

 

10.       Select the Schedule tab and select Immediately.

 

BEST PRACTICE: It is on the Schedule tab that you could have the report run every day at a specific time. You could elect to generate the report only once per month. For the SSL methodology, you have selected the option to generate the reports immediately so you can see your reports instantly.

11.       Select the Credentials tab and complete the three fields that are dis­played. In the Username field, type Administrator. In the Domain name field, type SPRINGERSLTD. In the password field, type Husky9999!.

BEST PRACTICE: In the Domain field of the Credentials page, you will type the internal NetBIOS domain name, not the external Internet domain name. This is very clear, but you can prove it by trying to type SPRINGERSLTD.COM and observing that the field isn’t wide enough to accommodate this entry.

12. Click OK to close the Report Job Properties dialog box. Next, surf to the naughty and nice Web sites of your choice. A nice site to consider is one of my favorites, http://www.smbnation.com. Then complete these steps to look at the naughty and nice reports.

1                    Log on to SPRINGERS1 as Administrator with the password Husky9999!.

2                    Click Start, Server Management.

3                    Expand the ISA Management snap-in.

4                    Expand Servers and Arrays.

5                    Expand the SPRINGERS1 server object.

6                    Expand Monitoring.

7                    Expand Reports.

 

 Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

BEST PRACTICE: Even though the report job is displayed in the details pane when you click on Reports, you can’t launch the naughty and nice reports from here. Move on to Step #8.

1                    Expand Summary and double-click the SPRINGERS Naughty and Nice Reports entry. An IW Web browser is launched that displays the Array Summary Reports.

2                    Click on the Top Users link on the left. As seen in Figure 13-20, NormH is the top user.

 

Figure 13-20

NormH just edged out the Administrator as the top user in this example.

10.       Click on the Top Web Sites link and compare to Figure 13-21. It appears some Web surfing has been nice, such as entries number two (www.microsoft.com) and number seven (www.cbsnews.com). How­ever, some surfing has been naughty, as in entries number three (www.penthouse.com) and number ten (www.playboy.com).

Chapter 13 Premium Security: ISA Server 2000

Figure 13-21

Some SBS users have been naughty and some have been nice, if you look closely at the URLs of the Top Web Sites report.

BEST PRACTICE: What the naughty and nice reports do not do is relate which user was naughty and which user was nice. That is, the Top Web Sites report shows total hits as an SBS network, not by individual. To find out which specific user has been naughty, you’d need to look directly at the ISA Server logs shown earlier in Figure 13-19.

11.       Selecting the Cache Performance link shows a pie chart of how many hits are drawn from cache. This is displayed in Figure 13-22.

Notes:

 Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

Figure 13-22

In the case of SSL, the Cache Performance report indicates that most hits are returned from the Internet, not cache.

 

12.       Click the Traffic link to display the Traffic report. This shows traffic over a range of dates.

 

13.       Click Daily Traffic to observe traffic by time of day for a specific day. This is shown in figure 13-23.

 

Notes:

Chapter 13 Premium Security: ISA Server 2000

Figure 13-23

The Daily traffic report is very valuable to observe when most of the Web surfing activity is occurring. For example, too much Web surfing over lunch might indicate horseplay by the employees at the firm.

BEST PRACTICE: Matter of fact, I’ve used the Daily traffic report to exonerate the wrongly charged in organizations more than to obtain convictions for naughty behavior. Here’s what I mean. An employee is suspected of surfing the Web for pornography on a company workstation. Perhaps this was determined by a supervisor viewing the History folder in Internet Explorer. But upon closer scrutiny, it might be revealed that the employee had left a workstation logged on each night and there was unusually high traffic at 1:00am when the janitors perform their work. I’ve now introduced reasonable doubt in the equation and allowed the shaken employee to retain his job. Whew!

 Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

Leave a comment

Filed under Book