Chapter 23

Here is the last review for Eriq Neales wonderful book, SBS2K3 Unleashed. These last two chapters cover ISA. Chapter 23 is entitled "Internet Security and Acceleration Server 2004 Basics". The chapter begins by telling us ISA is a firewall. It then moves into firewall appliances and a bit about the debate between hardware and software firewalls. Hint: ISA is just as good at protecting you as the hardware guys. What runs the hardware? If you said software, give yourself 5 extra bonus points and thanks for playing.

The chapter admits that ISA is tough to master. However, learning the basics and a few advanced topics should get you through most of what you need to know. Some free resources are mentioned to learn the product. The one most often mentioned in these 2 chapters is http://www.isatools.org.

New features of ISA2K4 are discussed next. The ISA management MMC. the ISA Networks, Apply or Discard changes, and Administration Delegation. The ISA Management MMC is spiffed up and broken into three panes. ISA Networks no longer trusts the internal network out of the box. It now knows five networks instead of two and it trusts none of them. The LAT is gone. VPN Quarantine puts your users in a sandbox until they are checked and verified. It is a scriptable environment. Apply or Discard is two big buttons at the top of your window when you make changes. Administration Delegation allows you to setup someone else with three different monitoring roles. This way, your setup cannot be changed by these administrators. Several pages discuss this last topic at length.

ISA has three different client types. They are; SecureNat, Web Proxy and the Firewall Client. The Firewall topic is covered the most with explanations for setting it up, deploying and the like.

Log information comes next. ISA logs everything by default. It can be a nice picture of what happened, but it also requires a  lot of space to create these logs. ISA keeps 16 GB of log files by default. Lucky we all have large hard dives these days! However, you are shown how you can cut that down to size, but not below 4 GB.

ISA has a lockdown mode. If the firewall service stops, ISA automatically locks itself. It does not shut down, it just isolates and protects itself. The book tells you exactly what all that means.

Client connections are limited to 160 with a new install and only 40 if you upgraded from ISA2000. ISA does cache web pages still, but it is just a small part of its functions. The default cache size is 100 MB. This chapter does not have a troubleshooting section. It closes with a Summary section and Best Practices.

Chapter 24

Chapter 24 is called "Internet Security and Acceleration Server 2004 Advanced Administration". By the name, you can see we have moved past the basics and are going into the advanced side. ISA2K4 is very advanced as you will see.

The chapter discusses customizing the dashboard. It is limited as to what you can do, but you can roll up things you don't care to see and unroll things that you want to see. Alerts can be acknowledged or reset. How you wish to handle it will be up to you and your client. If you use a DHCP to assign an address to your external NIC, it can be spoofed. Bottom line, go static and you'll get no static! You can setup a wireless access point for your wireless clients easily.

You can and should enable intrusion detection on ISA. Several pages are devoted to showing you how and explaining the concepts in rather good detail. Turning on detection is easy and can save you a world of grief. The next topic up is configuring automatic detection for the firewall client. This feature allows laptops to connect from anywhere without reconfiguring.

Application  and Web filters are next. Bad dreams of the OSI model come back to you here, but not too much. You can only enable or disable these filters. The majority are enabled by default.

Anatomy of a Firewall Policy is now up to bat. The components are named that make up these policies. A new feature is, these can be copied, renamed then configured to your liking. Components are listed as: Access Rules, Protocol definitions, User set, Schedule, Content filter and Domain name and URL sets. The meanings of each of these are laid out. Next, we are treated to creating new firewall policy rules in a step by step manner. You can use this to restrict websites by the time of day or by certain users. This can come in handy in controlling who sees what. You can also deny certain websites to everyone if you choose. You  can also find free or buy some add-ons to help you limit porn sites, gambling, etc. Is that needed today or what?

If certain websites need direct access, you can configure that so that no proxy is in the way. This is usually caused by sites that have scripts that do not use the standards. You should complain to the web master if ever you have cause to do this.

Port 443 is SSL by default. Some sites may use a different port. You can download a script and easily add this into ISA. The details can be found on page 599.

FTP is our next discussion point. Outbound FTP is not on by default. However, you can configure it if needed and page 601 will walk you through the procedure.

You can publish a web server and pp 602-604 cover that. It also covers the question, should you host your own site. The answer mostly is no just for security alone. Find a good provider that patches consistently and has a good uptime and pay them to host your site. However, if you are determined to do it on SBS, you certainly can go right ahead and do it.

Our chapter comes to a close with Troubleshooting, Summary and Best Practices summary. This not only closes out the chapter, but also the book. My overall impression of this book is, it is very ambitious in its coverage. Think of all we have covered. We started with a condensed MBA program, covered installation, networking, security, exchange, web technologies, client connectivity, administration and management which covered back up, monitoring, group policy, workstation management and patches. Finally, our two ISA chapters closed out the book. These are HUGE topics and all of it is covered in good detail throughout the 605 pages.

Will this book make you an SBS genius? No. However, I think if it is read carefully 2-3 times through, it could make anyone proficient with the product. I can honestly recommend this book to anyone interested in this technology. I would like to thank Eriq and all his compadres for writing this book. It deserves a large following. Please pick one up for yourself and use it. I intend to read through this book again on my own.

Now that we have finished this book, what next? I am going to do another book. That book is ...........drum roll please................... Windows Small Business Server 2003 Best Practices by some guy named Harry Brelsford! ;-> It is the third printing. This book has 14 chapters. We will go over that once I start. I truly hope you enjoyed my review. I thank you for coming by and reading and I hope you'll drop by when I start this next book. See you then!