Scribd Logo
Upload

Welcome to Scribd!

  • Xay Dung Va Cau Hinh Microsoft Isa Server 2006

    Uploaded by

    Harry Cong Dat
    18 views79 pages
    Xay Dung Va Cau Hinh Microsoft Isa Server 2006

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Xay Dung Va Cau Hinh Microsoft Isa Server 2006

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    18 views79 pages

    Xay Dung Va Cau Hinh Microsoft Isa Server 2006

    Uploaded by

    Harry Cong Dat
    Xay Dung Va Cau Hinh Microsoft Isa Server 2006

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 79

    XY DNG V CU HNH ISA 2006

    LAB: XY DNG V CU HNH ISA 2006

    A - M HNH

    B- GII THIU
    Khi kt ni h thng mng ni b giao dch vi Internet ,cc Cng ty thng c
    yu cu nh :
    Kim sot cc giao dch thc hin gia mng ni b v Internet
    Ngn chn cc tn cng, thm nhp tri php t Internet
    Gii php thch hp cho cc nhu cu trn l s dng cc Firewall (bc tng la).
    Bi Lab ny gii thiu vic ci t v trin khai phn mm Firewall ca Microsoft
    :Internet Security and Acceleration 2006 (ISA-2K6)
    C- CC BC TRIN KHAI
    Pht trin t h thng Domain ca bi Lab-5, bi Lab ny s dng thm 1 my tnh
    c lp ,dng Windows Server 2003 trin khai ISA-2K6
    Cc bc trin khai bao gm :
    Cu hnh thng s TCP/IP v ci t ISA-2K6
    Cu hnh cc ISA-Clients trong mng ni b
    Khai bo trn ISA-2K6 cc thnh phn trong mng ni b nh :VIP, USER,
    SERVER
    Thit lp cc Access Rules, Application Filer trn ISA-2K6 kim sot cc
    giao dch
    Cu hnh ISA-2K6 nhn bit v ngn chn cc tn cng t bn ngoi
    Internet
    Thc hin thng k, bo co v cc giao dch thng qua ISA-2K6
    D- TRIN KHAI CHI TIT
    I. Chun b
    Bi lab gm 5 PC:
    Server,VIP,Users,Router v ISA
    1. Nng cp Domain Controller trn my Server

    Trang 1/79

    XY DNG V CU HNH ISA 2006

    B1.t IP Address
    Interface
    IP Address Subnet Mark
    Default
    Name
    Gateway
    Lan-3
    192.168.3.2 255.255.255.0
    192.168.3.1
    B2.StartRun:DCPROMO
    Domain Name:nhatnghe.local

    Preferred
    DNS
    192.168.3.2

    2. Cu hnh Routing trn my Router


    B1.t IP Address cho cc Interface
    Interface
    IP Address Subnet Mark
    Default
    Preferred
    Name
    Gateway
    DNS
    Cross
    192.168.5.2 255.255.255.0
    Trng
    Trng
    Lan-2
    192.168.2.1 255.255.255.0
    Trng
    Trng
    Lan-3
    192.168.3.1 255.255.255.0
    Trng
    Trng
    Lan-4
    192.168.4.1 255.255.255.0
    Trng
    Trng
    B2.Enable Lan Routing
    StartProgramsAdministrative ToolsRouting and Remote Access

    Trang 2/79

    XY DNG V CU HNH ISA 2006

    B3.To Static Route

    Trang 3/79

    XY DNG V CU HNH ISA 2006

    Trang 4/79

    XY DNG V CU HNH ISA 2006

    3. Join domain cc my VIP,USERS vo nhatnghe.local


    B1. IP Address
    PC
    IP Address Subnet Mark
    Default
    Gateway
    VIP
    192.168.2.2 255.255.255.0
    192.168.2.1
    Users
    192.168.4.2 255.255.255.0
    192.168.4.1
    B2.My ComputerPropertiesTab Computer NameClick
    Member Of Domain: nhatnghe.local

    Preferred
    DNS
    192.168.3.2
    192.168.3.2
    Change

    II. Ci t ISA Server 2006 trn my ISA


    1.Cu hnh Route trn my ISA
    B1.t IP Address
    Interface
    IP Address Subnet Mark
    Default
    Preferred
    Name
    Gateway
    DNS
    Cross
    192.168.5.1 255.255.255.0
    Trng
    192.168.3.2
    Lan
    192.168.1.2 255.255.255.0
    Trng
    Trng
    B2. To cc route
    Start\Run:CMD.
    *Nhp cc lnh to route sau:
    Route add p 192.168.2.0 mask 255.255.255.0 192.168.5.2 metric 1
    Route add p 192.168.3.0 mask 255.255.255.0 192.168.5.2 metric 1
    Route add p 192.168.4.0 mask 255.255.255.0 192.168.5.2 metric 1
    Route add p 0.0.0.0 mask 0.0.0.0 192.168.1.1 metric 1
    * xem Routing Table, nhp lnh
    route print

    Trang 5/79

    XY DNG V CU HNH ISA 2006

    2.Ci t ISA Server


    T Source ISA2006 chy file:ISAAutorun.exe

    Trang 6/79

    XY DNG V CU HNH ISA 2006

    Trang 7/79

    XY DNG V CU HNH ISA 2006

    Trang 8/79

    XY DNG V CU HNH ISA 2006

    Trang 9/79

    XY DNG V CU HNH ISA 2006

    Trang 10/79

    XY DNG V CU HNH ISA 2006

    Trang 11/79

    XY DNG V CU HNH ISA 2006

    Trang 12/79

    XY DNG V CU HNH ISA 2006

    Trang 13/79

    XY DNG V CU HNH ISA 2006

    3.Ci t Firewall client trn ccmy SERVER,VIP,USERS


    T source ISA2006ClientChy file: ISACient.exe

    Trang 14/79

    XY DNG V CU HNH ISA 2006

    Trang 15/79

    XY DNG V CU HNH ISA 2006

    Trang 16/79

    XY DNG V CU HNH ISA 2006

    III.Cu hnh Access Rules


    1.Cho phn gii tn min DNS

    Trang 17/79

    XY DNG V CU HNH ISA 2006

    Trang 18/79

    XY DNG V CU HNH ISA 2006

    Trang 19/79

    XY DNG V CU HNH ISA 2006

    Trang 20/79

    XY DNG V CU HNH ISA 2006

    Trang 21/79

    XY DNG V CU HNH ISA 2006

    2. Cho PC VIP v Users c gi nhn mail t internet


    B1.nh ngha VIP,Users

    Trang 22/79

    XY DNG V CU HNH ISA 2006

    Trang 23/79

    XY DNG V CU HNH ISA 2006

    B2.To Access rule

    Trang 24/79

    XY DNG V CU HNH ISA 2006

    Trang 25/79

    XY DNG V CU HNH ISA 2006

    Trang 26/79

    XY DNG V CU HNH ISA 2006

    Trang 27/79

    XY DNG V CU HNH ISA 2006

    Trang 28/79

    XY DNG V CU HNH ISA 2006


    3. Cho PC Users oc truy cp trang nhatnghe.com trong gi lm
    vic (8hAM-4hPM t Th 2 n Th 6)
    B1.nh ngha Trang nhatnghe.com

    Trang 29/79

    XY DNG V CU HNH ISA 2006

    B2.nh ngha Gi lm vic

    Trang 30/79

    XY DNG V CU HNH ISA 2006

    B3.To Access Rule

    Trang 31/79

    XY DNG V CU HNH ISA 2006

    Trang 32/79

    XY DNG V CU HNH ISA 2006

    Trang 33/79

    XY DNG V CU HNH ISA 2006

    Trang 34/79

    XY DNG V CU HNH ISA 2006

    Trang 35/79

    XY DNG V CU HNH ISA 2006

    Trang 36/79

    XY DNG V CU HNH ISA 2006

    Trang 37/79

    XY DNG V CU HNH ISA 2006

    4. Cho PC VIP truy cp internet khng hn ch.

    Trang 38/79

    XY DNG V CU HNH ISA 2006

    Trang 39/79

    XY DNG V CU HNH ISA 2006

    Trang 40/79

    XY DNG V CU HNH ISA 2006

    Trang 41/79

    XY DNG V CU HNH ISA 2006

    Trang 42/79

    XY DNG V CU HNH ISA 2006

    Trang 43/79

    XY DNG V CU HNH ISA 2006

    5. Cho Users truy cp internet khng hn ch trong gi gii lao(10hAM2hPM)


    B1.nh ngha Gi gii lao

    Trang 44/79

    XY DNG V CU HNH ISA 2006

    B2. To Access Rule

    Trang 45/79

    XY DNG V CU HNH ISA 2006

    Trang 46/79

    XY DNG V CU HNH ISA 2006

    Trang 47/79

    XY DNG V CU HNH ISA 2006

    Trang 48/79

    XY DNG V CU HNH ISA 2006

    B3. Properties Rule Gio giai lao

    Trang 49/79

    XY DNG V CU HNH ISA 2006

    Trang 50/79

    XY DNG V CU HNH ISA 2006

    Trang 51/79

    XY DNG V CU HNH ISA 2006


    6. Ch cho Users c ch, khng cho xem hnh,xem phim,nghe nhc

    Trang 52/79

    XY DNG V CU HNH ISA 2006

    Trang 53/79

    XY DNG V CU HNH ISA 2006

    7. Cm tt c users truy cp trang ngoisao.net,nu users truy cp trang


    ny th redirect v trang nhatnghe.com.
    B1.nh ngha URL ngoisao.net
    ToolboxNetwork ObjectNew URL Set

    Trang 54/79

    XY DNG V CU HNH ISA 2006


    B2.To Access Rule

    Trang 55/79

    XY DNG V CU HNH ISA 2006

    Trang 56/79

    XY DNG V CU HNH ISA 2006

    Trang 57/79

    XY DNG V CU HNH ISA 2006

    Trang 58/79

    XY DNG V CU HNH ISA 2006

    Trang 59/79

    XY DNG V CU HNH ISA 2006

    B3.Properties Rule Cam Ngoisao.net

    Trang 60/79

    XY DNG V CU HNH ISA 2006

    Trang 61/79

    XY DNG V CU HNH ISA 2006

    Trang 62/79

    XY DNG V CU HNH ISA 2006

    Trang 63/79

    XY DNG V CU HNH ISA 2006

    IV.Cu hnh HTTP Filter


    Nhm cm user chat YM,cm gi mail bng phng thc POST,cm download
    file exe,vbs

    Trang 64/79

    XY DNG V CU HNH ISA 2006

    Trang 65/79

    XY DNG V CU HNH ISA 2006

    Trang 66/79

    XY DNG V CU HNH ISA 2006

    Trang 67/79

    XY DNG V CU HNH ISA 2006

    V.Cu hnh Intrusion Detection


    nhn bit v ngn chn cc tn cng t bn ngoi Internet
    B1.Enable Intrusion Detection

    Trang 68/79

    XY DNG V CU HNH ISA 2006

    Trang 69/79

    XY DNG V CU HNH ISA 2006

    B2:Thit lp Action

    Trang 70/79

    XY DNG V CU HNH ISA 2006

    Trang 71/79

    XY DNG V CU HNH ISA 2006

    VI.Report
    -Thc hin thng k, bo co v cc giao dch thng qua ISA-2K6
    Chn MonitoringTab ReportsClick Generate a New Report

    Trang 72/79

    XY DNG V CU HNH ISA 2006

    Trang 73/79

    XY DNG V CU HNH ISA 2006

    Trang 74/79

    XY DNG V CU HNH ISA 2006

    Trang 75/79

    XY DNG V CU HNH ISA 2006

    Trang 76/79

    XY DNG V CU HNH ISA 2006

    Trang 77/79

    XY DNG V CU HNH ISA 2006

    Trang 78/79

    XY DNG V CU HNH ISA 2006

    Trang 79/79

    You might also like