Arts & Photography
Audio CDs
Audiocassettes
Biographies & Memoirs
Business & Investing
Children's Books
Christianity
Comics & Graphic Novels
Computers & Internet
Cooking, Food & Wine
Entertainment
Gay & Lesbian
Health, Mind & Body
History
Home & Garden
Horror
Literature & Fiction
Mystery & Thrillers
Nonfiction
Outdoors & Nature
Parenting & Families
Professional & Technical
Reference
Religion & Spirituality
Romance
Science
Science Fiction & Fantasy
Sports
Teens
Travel
Women's Fiction
|
 |
Dr. Tom Shinder's Configuring ISA Server 2004 |
List Price: $49.95
Your Price: |
 |
|
|
|
| Product Info |
Reviews |
<< 1 >>
Rating: 
Summary: ISA 2004 maximized.
Review: ISA 2004 is Microsoft's latest and greatest entry into the firewall market and make no mistake as that is what it is - a high performance, sophisticated, deep application filtering, enterprise class, but easy to configure firewall with the ability to be a VPN server, produce boatloads of reports and logging, and integrate with Active Directory for user authentication, even if not a domain member, via IAS/radius and also cache web content - whew! It is a very significant upgrade from ISA 2004 and in my opinion much easier to configure. The author and his community groups were very involved in helping Microsoft to develop ISA 2004 with real world user feedback and wants.
From reading the book Tom Shinder is obviously very enthusiastic about ISA 2004. This is not a book with a bunch of copy and pastes from the help files and Microsoft white papers. The authors are very familiar with ISA 2004 and network security and how to implement it in a number of different scenarios. There are many of the author's tricks and traps in configuration that can save you a lot of time setting up your ISA server. Each chapter ends with a summary "Solutions Fast Track" that are multi sentence main points of the chapter content followed by some helpful FAQ. Throughout the book are many references to Microsoft relevant articles and links to the author's website that is a great resource for any version of ISA. The focus of the book is not just on ISA 2004 but also the required network and client configuration to get everything working in harmony.
The book is well organized and you do not have to read the whole book to learn how to implement ISA 2004. There is a whole chapter just on features including comparison to ISA 2000 and another on comparing ISA 2004 to other enterprise firewalls such as CheckPoint, Cisco, and Netscreen to help you determine if ISA is right for you. The myth that a real firewall can not have a hard drive and only be configured by highly paid firewall consultants via the command line is debunked. Chapter 4 shows you how to configure and optimize your network for firewall protection. Gone is the LAT and now each network adapter can be configured separate from each other [including access rules between them] and allows the use of a DMZ. Proper dns configuration is frequently explained, including "split dns" as propers dns name resolution is crucial for a network to funtion and is often misunderstood. Chapter 5 goes into detail on the firewall clients - secure NAT, Firewall Client, and web proxy and how to determine which are best for you and how to implement and configure them in an automated fashion using Group Policy, DHCP, or DNS. Secure NAT is simply using the ISA server as the default gateway for the client which allows it to be used by any operating system. Web proxy and Firewall Client can be used to require user authentication in an access rule! Of course other chapters cover firewall rules [access rules], web and server publishing, installation, dns configuration including "split dns", configuring caching, VPN, using built in templates, how to implement ssl, backing up and restoring configuration, intrusion detection, running reports, configuring/viewing logs, IAS/radius integration, and more.
The chapter on VPN covers all the features including how to set up site to site VPN's using pptp, l2tp, or ipsec tunnel mode [for compatibility with third party devices]. ISA 2004 has the ability to create access rules to restrict what content the VPN users can access on the lan or internet and integrate with IAS/radius for user authentication. How to request and install certificates is shown for use with l2tp, ipsec, and web servers. The book is loaded with explicit step by step instructions such as for certificates so as not to leave the user scratching their head or trying to figure out exactly how to implement specific tasks. These step by step instructions will be of great help for the more novice ISA 2004 user. Publishing a web server and configuring it for ssl was covered in great detail for the various methods. Apparently this has been a problem point for ISA admins in the past [particualry proper certificate selection and installation] and the authors wanted to make sure users got it right.
Chapter 10 on stateful inspection and application layer filtering is of note. ISA 2004 has some very powerful abilities in this regard. They are not difficult for the most part to configure which the authors covered well but in addition they listed tables of specific recommendations of lists for particular HTTP security filters. For instance you can have an access rule and configure HTTP filtering for extensions to prevent users from downloading executeable content including .zip files. I tried to block .mp3 downloads via HTTP and it worked well for that also. Various methods were shown how to prevent users from using progamas like Kazaa and P2P applications with the various categories in HTTP filtering including headers and signatures. The same HTTP filtering can also be used when you publish a web server behind ISA 2004 for advanced protection from the internet. Numerous examples of using the built in netmon to capture network traffic to help show you how to spot entries to add to HTTP filters were given.
The logging and reports available with ISA 2004 give a great deal on information on what is going on with firewall access, intrusion detection, and user statistics. Chapter 12 shows you how to use the built in reports, create custom ones, and filter connected users and log views. It is easy to pull reports showing top websites visited, top web users, top protocols used, and top bandwidth users for instance. Most admins would find these reports very useful. It is easy to view currently connected users, including VPN, and what client they are using.
ISA 2004 is an impressive product that is relatively easy to use. Much more so than ISA 2000 in my opinion which helps lower it's TCO. Most users will be able to get up and running in no time at all and then be able to investigate the more advanced features which are numerous. Tom and Deb Shinder's book Configuring ISA Server 2004 will be of great help to anyone who wants to get the most out of ISA 2004 and explore all it's possibilities and implement them on their network for maximum network protection.
<< 1 >>
|
|
|
|
