MICROSOFT AREA (/anacat/microsoft-area) > Xy dng v cu hnh ISA Server 2006

Xy dng v cu hnh ISA Server 2006

0
admin (/profile/admin) ng bi 20-09-2014

0
A - M HNH

B - GII THIU
Khi kt ni h thng mng ni b giao dch vi Internet ,cc Cng ty thng c yu cu nh :
- Kim sot cc giao dch thc hin gia mng ni b v Internet
- Ngn chn cc tn cng, thm nhp tri php t Internet
Gii php thch hp cho cc nhu cu trn l s dng cc Firewall (bc tng la). Bi Lab ny gii
thiu vic ci t v trin khai phn mm Firewall ca Microsoft : Internet Security and
Acceleration 2006 (ISA-2K6)
C - CC BC TRIN KHAI
Pht trin t h thng Domain ca bi Lab-5, bi Lab ny s dng thm 1 my tnh c lp ,dng
Windows Server 2003 trin khai ISA-2K6
Cc bc trin khai bao gm :
- Cu hnh thng s TCP/IP v ci t ISA-2K6

Mudim (http://mudim.googlecode.com) v0.8 Tt VNI Telex Viqr Tng hp

- Cu hnh cc ISA-Clients trong mng ni b
T ng Chnh t B du k.mi [ Bt/Tt (F9) n/Hin (F8) ]

- Khai bo trn ISA-2K6 cc thnh phn trong mng ni b nh :VIP, USER, SERVER
- Thit lp cc Access Rules, Application Filer trn ISA-2K6 kim sot cc giao dch
- Cu hnh ISA-2K6 nhn bit v ngn chn cc tn cng t bn ngoi Internet
- Thc hin thng k, bo co v cc giao dch thng qua ISA-2K6
D -TRIN KHAI CHI TIT
I. Chun b
Bi lab gm 5 PC:
Server,VIP,Users,Router v ISA
1. Nng cp Domain Controller trn my Server
B1: t IP Address
Interface
Name

IP Address

Subnet Mark

Default Gateway Preferred DNS

Lan-3

192.168.3.2

255.255.255.0

192.168.3.1

192.168.3.2

B2: Start > Run:DCPROMO

Domain Name:nhatnghe.local
2. Cu hnh Routing trn my Router
B1: t IP Address cho cc Interface
Interface
Name

IP Address

Subnet Mark

Default Gateway Preferred DNS

Cross

192.168.5.2

255.255.255.0

Trng

Trng

Lan-2

192.168.2.1

255.255.255.0

Trng

Trng

Lan-3

192.168.3.1

255.255.255.0

Trng

Trng

Lan-4

192.168.4.1

255.255.255.0

Trng

Trng

B2: Enable Lan Routing

Start > Programs > Administrative Tools > Routing and Remote Access

B3: To Static Route

3. Join domain cc my VIP,USERS vo nhatnghe.local

B1: IP Address
PC

IP Address

Subnet Mark

Default Gateway Preferred DNS

VIP

192.168.2.2

255.255.255.0

192.168.2.1

192.168.3.2

Users

192.168.4.2

255.255.255.0

192.168.4.1

192.168.3.

B2: My Computer > Properties > Tab Computer Name > Click Change
Member Of Domain: nhatnghe.local
II. Ci t ISA Server 2006 trn my ISA
1. Cu hnh Route trn my ISA

B1: t IP Address
Interface
Name

IP Address

Subnet Mark

Default Gateway Preferred DNS

Cross

192.168.5.1

255.255.255.0

Trng

192.168.3.2

Lan

192.168.1.2

255.255.255.0

Trng

Trng

B2: To cc route
Start\Run:CMD.
*Nhp cc lnh to route sau:
Route add p 192.168.2.0 mask 255.255.255.0 192.168.5.2 metric 1
Route add p 192.168.3.0 mask 255.255.255.0 192.168.5.2 metric 1
Route add p 192.168.4.0 mask 255.255.255.0 192.168.5.2 metric 1
Route add p 0.0.0.0 mask 0.0.0.0 192.168.1.1 metric 1
* xem Routing Table, nhp lnh
route print

2. Ci t ISA Server
T Source ISA2006 > chy file: ISAAutorun.exe

3. Ci t Firewall client trn ccmy SERVER,VIP,USERS

T source ISA2006 > Client > Chy file: ISACient.exe

III. Cu hnh Access Rules

1. Cho phn gii tn min DNS

2. Cho PC VIP v Users c gi nhn mail t internet

B1: nh ngha VIP,Users

B2: To Access rule

3. Cho PC Users oc truy cp trang nhatnghe.com trong gi lm vic (8hAM-4hPM t Th 2

n Th 6)
B1: nh ngha Trang nhatnghe.com

B2: nh ngha Gi lm vic

B3: To Access Rule

4. Cho PC VIP truy cp internet khng hn ch.

5. Cho Users truy cp internet khng hn ch trong gi gii lao (10h AM - 2h PM)
B1: nh ngha Gi gii lao

B2: To Access Rule

B3: Properties Rule Gio giai lao

6. Ch cho Users c ch, khng cho xem hnh,xem phim,nghe nhc

7. Cm tt c users truy cp trang ngoisao.net,nu users truy cp trang ny th redirect v

trang nhatnghe.com.
B1: nh ngha URL ngoisao.net"
Toolbox > Network Object > New URL Set

B2: To Access Rule

B3: Properties Rule Cam Ngoisao.net

IV. Cu hnh HTTP Filter

Nhm cm user chat YM, cm gi mail bng phng thc POST, cm download file exe, vbs

V. Cu hnh Intrusion Detection

nhn bit v ngn chn cc tn cng t bn ngoi Internet
B1: Enable Intrusion Detection

B2: Thit lp Action

VI. Report

-Thc hin thng k, bo co v cc giao dch thng qua ISA-2K6

Chn Monitoring > Tab Reports > Click Generate a New Report

(ST QUANTRIMANG)

Thay i ni dung 10-10-2014

n e twor k -se c u r ity (/tagge d/n e twor k -se c u r ity )

isa-2 0 0 6 (/tagge d/isa-2 0 0 6 )

0 Tr li

DANH MC
Hin th ton b danh mc (/category)
THNG BO (/anacat/thong-bao)
ENGLISH (/anacat/english)
NEWS (/anacat/news)
CISCO (/anacat/cisco)
MICROSOFT AREA (/anacat/microsoft-area)
PHP (/anacat/php)
LINUX (/anacat/linux)
TI LIU HNG DN (/anacat/tai-lieu-huong-dan)
DOWNLOAD (/anacat/download)
TH VIN (/anacat/thu-vien)

TM KIM
Go

H TR
(+84) 904 36 27 68
binhnv2010@outlook.com (mailto:binhnv2010@outlook.com)
(mailto:binhnv2010@outlook.com)

T KHA PH BIN

win dows- ser ver (/tagged/win dows- ser ver ) 37

2012 (/tagged/2012) 33

n etwor k- secu r ity (/tagged/n etwor k- secu r ity) 21

2008 (/tagged/2008) 16

vpn (/tagged/vpn ) 15

ex- 2013 (/tagged/ex- 2013) 12

oth er s (/tagged/oth er s) 8

ex- 2007 (/tagged/ex- 2007) 6

switch (/tagged/switch ) 5

2dc (/tagged/2dc) 5

r estor e (/tagged/r estor e) 5

son g- son g (/tagged/son g- son g) 5

sc- 2012 (/tagged/sc- 2012) 5

ipsec (/tagged/ipsec) 5

apach e (/tagged/apach e) 4

isa- 2004 (/tagged/isa- 2004) 5

dpm (/tagged/dpm ) 5

in stall (/tagged/in stall) 5

u pgr ade (/tagged/u pgr ade) 4

r ip (/tagged/r ip) 4

ospf (/tagged/ospf) 4

web (/tagged/web) 3

TUN
extenXP
ded-HNG
access- list
(/tagged/exten ded- access- list) 3
vtp Uritycica
(/tagged/vtp)
3 cdp (/tagged/cdp) 3
(/profile/uritycica)

THNG K

sym an tec (/tagged/sym an tec) 3

win dows (/tagged/win dows) 3

vpn - r econ n ect (/tagged/vpn - r econ n ect) 3

sep (/tagged/sep) 3

r ecover (/tagged/r ecover ) 3

tm t (/tagged/tm dt) 3

lin u x (/tagged/lin u x) 3

ad- r m s (/tagged/ad- r m s) 3

clou d- com pu tin g (/tagged/clou d- com pu tin g) 3

u ser (/tagged/u ser ) 2

balan cin g (/tagged/balan cin g) 2

static (/tagged/static) 3

gateway- ser ver (/tagged/gateway- ser ver ) 3

passwor d (/tagged/passwor d) 3

br an ch cach e (/tagged/br an ch cach e) 3

ci- t (/tagged/cai- dat) 3

teln et (/tagged/teln et) 3

r ou ter (/tagged/r ou ter ) 3

ios (/tagged/ios)
3 cen os (/tagged/cen os) 3
arcabrifT (/profile/arcabrift)
wir eless (/tagged/wir eless) 3

2003 (/tagged/2003) 4

ter m in al- ser vices (/tagged/ter m in al- ser vices) 4

sh ar epoin t (/tagged/sh ar epoin t) 4

wds (/tagged/wds) 3

ex- 2010 (/tagged/ex- 2010) 5

win dows- az u r e (/tagged/win dows- az u r e) 4

m odem (/tagged/m odem ) 4

pki (/tagged/pki) 3

n ap (/tagged/n ap) 6

win dows- 7 (/tagged/win dows- 7) 5

scvm m (/tagged/scvm m ) 5

sstp (/tagged/sstp) 8

sp- 2013 (/tagged/sp- 2013) 6

video (/tagged/video) 5

fir ewall (/tagged/fir ewall) 5

sql (/tagged/sql) 4

dh cp (/tagged/dh cp) 9

h yper - v (/tagged/h yper - v) 7

pfsen se (/tagged/pfsen se) 6

isa (/tagged/isa) 5

vir tu aliz ation (/tagged/vir tu aliz ation ) 12

isa- 2006 (/tagged/isa- 2006) 10

top10v1qtm (/tagged/top10v1qtm ) 10

qos (/tagged/qos) 5

tm g- 2010 (/tagged/tm g- 2010) 17

exch an ge- ser ver (/tagged/exch an ge- ser ver ) 15

backu p (/tagged/backu p) 15

vlan (/tagged/vlan ) 6

ccn a (/tagged/ccn a) 33

gr ou p (/tagged/gr ou p) 2

dem o (/tagged/dem o) 2

dac (/tagged/dac) 2

2
2

(http://info.flagcounter.com/GGA)

C 53 thnh vin gi 315 ln trong 310 tho lun

Th n h vin m i n h t: realhuy (/profile/realhuy) lecongdat22 (/profile/lecongdat22) vutung83 (/profile/vutung83)
cuongnh1809 (/profile/cuongnh1809) phamchau0007 (/profile/phamchau0007) ki_si_rong01 (/profile/ki_si_rong01)
trumtrung (/profile/trumtrung) vuphong (/profile/vuphong) hien tran (/profile/hien-tran) bakuru51
(/profile/bakuru51)

2015 - Powered by MVCForum.com (http://www.mvcforum.com)