Welcome to my ISA Server Resource Site - Add to Favorites.

Hi, welcome to my website. I hope some of this stuff is usefull to you.......Steve

ISA Server and Forefront TMG Are Now Supported on Hardware Virtualization

Microsoft ISA Server and Forefront Threat Management Gateway, the next generation of ISA Server, are now supported on hardware virtualization. If a hardware virtualization platform must be listed as "validated" with the Microsoft Server Virtualization Validation Program (SVVP), ISA Server and Forefront TMG will be supported for production use on that platform within the limits prescribed in the Microsoft Product Support Lifecycle, Non-Microsoft hardware virtualization policies, and the system requirements for that product version and edition. Please see a video and a white paper for more information.

Forefront Threat Management Gateway

The Next Generation of ISA Server, Forefront Threat Management Gateway is now in Public Beta Get a first look at the Forefront Threat Management Gateway, the next generation of ISA Server, as part of the new Forefront codename “Stirling” integrated security system. This first look public beta provides Web anti-malware for enhanced protection against Internet-based threats, simplified management, secure connectivity, and support for Windows Server 2008. Download the public beta today.

Country by Country ISA Computer Sets - Courtesy of THOR

Sets for ISA 2004 HERE!!
Sets for ISA 2006 HERE!!

The first file in both directories is a zip of all countries!

Recently, David Litchfield asked me to help him out a bit with a research project he was working on by having me set up a network capture in my DMZ to log SQL Slammer attacks. I don't publish any services here at my Santa Cruz facility (meaning there are no required inbound protocols and no references in DNS anywhere) so I figured it would be nice "quiet" circuit to use for testing. I basically port-forwarded UDP 1434 to a laptop in my DMZ running NetMon3 also filtering for UDP 1434. After about 4 days of running NetMon, I had captured almost 30 (verified) random SQL Slammer attacks. What I found interesting was that every single one of them was sourced in China (all from different addresses).
Now, it's not my intent to start some geopolitical debate here, but I've long heard about how some people would block entire countries at the border in order to obviate issues with malicious traffic. There are obviously some issues with this (both from a technical and potential customer standpoint) so I set out to do a bit of research on my own. First thing I found out was that if one does decide to block entire countries, that it's going to be a bit of work from a rule standpoint. Sure, if I wanted to block all of China I could block APNIC, but that would block WAY more than I would want. So I set about finding a good resource for country-by-country IP ranges. Fortunately, Wade Alcorn, one of my colleagues at NGSSoftware turned me on to one that seemed pretty decent (there are a few around, though). But finding the resource was just the beginning... The list I got included 234 countries, comprised by almost 100,000 records of IP ranges. Making a firewall rule to block China, for instance, would require entering in almost 600 IP ranges - so the "manual" route was clearly out. The thing is, I just didn't want to block countries without more research, so I needed a way to gather some statistics first. Enter ISA Server - as many of you know, I'm a big fan of ISA - it's a true enterprise security product with great scripting capabilities, so I set to work creating an automated method by which to create computer sets in ISA for each country. Basically, I created a SQL database and loaded all the records into it - I then wrote a little COM app to reach out and grab the data by countries, create the sets in ISA, and loop through the different ranges of IP's to add them to the set. It worked great.
This accomplished two things - one, I now have full detailed computer sets for each country to do with as I please. Secondly, I have an excellent way of producing detailed reports for traffic analysis in ISA- this was key. With data collection points set up at different places around the world, I was able to capture 3.1 million inbound connection attempts. The results were quite interesting. While China still led with connection attempts overall, it was interesting to see that Canada was a close second. However, while China's traffic consisted of SQL Slammer, HTTP, SMTP, probes for GhostProxy, etc, almost all of Canada's traffic was MESSENGER spam (UDP 1026,1027,1208). The world leader for HTTP was Brazil, strangely enough. Now, all of this will change based on who and where you are, and the types of services being offered. For example, I only got 5 SMTP connection attempts to my cable modem in a week, but my ISP in BM got hundreds of thousands (understandably) in the same time period. I'll whip up some cool reports for what I found and post them once I get some more data in from different collection points, but the valuable outcome of the project was the creation of these individual country-by-country Computer Sets for ISA. Beforehand, I had no real way of easily and effectively reporting on traffic patterns by source country. Whether you can or can't block entire countries is your business, but at least this affords someone an easy way of doing research. You may not be able to (or even want) to block HTTP from China, but you very well may want to block SMTP - with ISA and computer sets, you can easily do this. Even if you don't block anything at all, you can use the sets to get rich reports of what kind of traffic your are getting from a particular country. While the validity of the practice of blocking entire countries (or particular protocols for that matter) may be up for debate, you now at least have the option to make your own decision based on factual information - to be sure, you've always been able to do this obviously, it's just been my experience that maintaining rule lists by country/protocol has been quite difficult and time consuming.
I've exported every countries entire list to ISA 2006 .XML format, and have posted them on the HoG site for community use. Since I've automated the Set creation process, I'll be updating the sets each month or so to ensure that changes are processed correctly. I would like to thank NGSSoftware for purchasing the required business services to receive the updates - their donation makes it possible for me to give you updated sets for free.

Publishing Exchange 2007 may fail (ISA Team Blog)

After installing the update "Update for Publishing Microsoft Exchange Server 2007 for ISA Server 2006" (http://support.microsoft.com/kb/925403/en-us ), publishing Exchange 2007 using the Exchange RPC Server protocol may fail. Clients may be able to connect, but will not receive notifications for new messages. Read the article HERE.

I'm an author now!

I am proud to announce that   a new ISA Server 2006 book has been published. I just happen to be a contributing Author..:), along with Adrian F. Dimcev, James Eaton-Lee, Jason Jones and the Master, Dr. Tom Shinder....Get it from Amazon http://www.amazon.com/Shinders-Server-2006-Migration-Guide/dp/1597491993

releases new web security and web filtering solutions for SMBs - August 22nd, 2007

London, UK, 22 August, 2007 – GFI Software, a leading developer of network security, content security and messaging software, today announced the release of the latest version of GFI WebMonitor for ISA Server, a solution that gives administrators comprehensive control over corporate web usage and what employees are downloading from the Internet. GFI WebMonitor 4 boosts employee productivity and increases security whilst maintaining optimum use of the Internet as a business tool. See the whole release here: http://www.gfi.com/news/en/webmon4.htm

ISA 2006 clients are repeatedly prompted for credentials when they try to access Outlook Web Access - August 20th, 2007

So you’ve installed Windows Server 2003 SP2 on your ISA Firewall and now your external Outlook Web Access (OWA) clients are getting repeated authentication prompts. What’s up with that? Looks like it’s our usual suspect — the Windows Server 2003 RSS bug! Who’d a thought the RSS bug would cause this problem? I didn’t. The good news is that there’s a fix for this. Go to: http://support.microsoft.com/kb/936702/en-us And you’ll find the instructions on how to fix the problem.

New ISA Firewall Information Site by Adrian Dimcev - August 20th, 2007

Adrian Dimcev, a big ISA Firewall fan, has put up a new ISA Firewall information site. Adrian has a lot of useful and detailed information about the ISA Firewall and how to setup the ISA Firewall in a virtualized environment for testing purposes. In addition, Adrian is putting together a very detailed series of documents on how the ISA Firewall’s L2TP/IPSec server and protocols work. I highly recommend this site and it’s worth your time to check it out.  Visit Adrian Dimcev’s site at:  http://www.carbonwind.net

Jim Harrison’s Definitive Guide on Troubleshooting RPC/HTTP Publishing

Date - August 16th, 2007 Category - News, ISA Central No Comments That’s right! Jim has created a new guide to troubleshooting RPC/HTTP publishing. If you have any problems with your RPC/HTTP publishing, you need to check out Jim’s guide first. If you still can’t figure out the problem, then come on over to the ISAserver.org Web boards and we’ll see what we can do to help. Check out the guide at: https://blogs.technet.com/isablog/archive/2007/08/...g.aspx https://blogs.technet.com/isablog/archive/2007/08/...s.aspx https://blogs.technet.com/isablog/archive/2007/08/...s.aspx

ISA Server Admin Pet Hates

Pet Peeves

Firewall Client for ISA Server with Vista Support - December 14, 2006

The final release of the new Firewall Client for ISA Server is now available for download from http://www.microsoft.com/downloads/details.aspx?FamilyId=05C2C932-B15A-4990-B525-66380743DA89&displaylang=en.  The new version can be installed on computers running Windows 2000, Windows NT 4.0, Windows Server 2003, Windows XP, and Windows Vista. It also includes software updates that improve the security and stability of Firewall Client software.  You can read more about Firewall Client in Internal Client Concepts in ISA Server 2006, available from the ISA Server TechCenter at http://www.microsoft.com/technet/isa/2006/clients.mspx. The new ISA Server TechCenter on TechNet is now the central location for all ISA Server 2004 and ISA Server 2006 technical documentation. For more information, see . http://www.microsoft.com/technet/isa/default.mspx

Customizing the HTML forms used for client form-based authentication - November 26, 2006

Since the release of ISA Server 2006, many customers have been asking for instructions on how to customize HTML logon forms. I'm happy to announce that this document is now available! To view the document, go to Customizing HTML Forms in ISA Server 2006. ISA Server 2006 comes with a complete set of preconfigured HTML logon forms used when Web publishing rules specify forms-based authentication. These forms can be used in their default configuration, or can be customized, allowing you to provide a different look for the logon forms for different published Web sites. The default HTML logon forms reside in the CookieAuthTemplates directory that was created when you installed ISA Server 2006. This directory contains two folders: ISA and Exchange. The form sets in these folders include the default logon pages (.htm), and the strings file containing all the text strings used in the the logon forms (strings.txt).  When ISA Server displays an HTML form, it replaces the placeholders in the .htm files with the strings in the strings.txt file of the language specified in the language settings of the client's browser, or as specified in the Web listener. Text string customization is done by modifying the strings in the strings.txt file that correspond to the placeholders in the .htm files. Note that before customizing HTML forms, you should create a backup of the forms in the original forms folder. For details and instructions, see the document Customizing HTML Forms in ISA Server 2006.  

New french ISA Site!!

Moez Mezghani has just launched ISAFirewalls.org Nip on over and give it a visit.

Jim Harrison's ISATools.org has had a facelift!!

Jim Harrison and I have given ISATools.org a little facelift. Nip on over and give it a visit.

What is ISA Server 2006?

ISA Server 2006 is the integrated edge security gateway that helps protect your IT environment from Internet-based threats while providing your users with fast and secure remote access to applications and data. Learn more about deploying ISA Server 2006 for Secure Application Publishing, as your Branch Office Gateway, and for Web Access Protection.

ISA Server 2006 Released

ISA Server 2006 has been released. Get the trial software here! ISA Server 2006 is the integrated edge security gateway that helps protect your IT environment from Internet-based threats while providing your users with fast and secure remote access to applications and data. ISA Server 2006 is available for download in both Standard Edition and Enterprise Edition.

12th June, 2006 ISA Server 2004 Best Practices KB

ISA Server rules are evaluated in the order in which they appear in the firewall policy. The order of the rules affects not only the effective policy for your organization, but the efficiency with which the rules are evaluated. KB Article here. Published 3rd May, 2005

12th June, 2006 Updated Destination Sets.

Thanks and kudos to Raj Periyasamy for supplying me with the means to convert my ISA 2004 Destination Sets for use with ISA 2004 Enterprise Edition. I have started posting them to the website and will complete them as and when time allows. At the moment I have done the Sex Site and Porn Site sets.

This site is secured and protected by: