Eicon Networks S92 Manual de usuario descargar pdf (Pagina 106)

YuChakTinMichael‘sGIACGCFWProjectAssignment

Page 106

SecurityPolicy:

1. Provideproxyserviceforinternalclientsaccessingtheinternet.Protocols

allowedinclude:HTTP,HTTPS,FTP,SMTP,POP3,IMAP,DNS,NNTP

2. ProvideHTTPandFTPcachingserviceforinternalclientsaccessingtheinternet.

3. AllowoutgoingPPTPtrafficfrominternalPPPbasedVPNclientsaccessing

externalpartners'VPNsites.

4. Preventunauthorizedusersfromaccessingtheproxyservice.

5. Disallowanyincomingrequestsfromtheoutsideworld.

6. Disalloweverythingelse.

RulebaseConfusion

ISAServersupportsdynamicfiltering,meaningports areopenedandclosedonan

ondemandbasis.Atthesametime,ISAServersupportspacketfiltering,whichis

staticinnature.So,whatisthedifference?SomehowmostISAServer

documentationsouttherefailtoclearlyexplainthedifference.

Infact,ISAServerprovidessecurityviathefollowingmeans:

n AccessPolicy >ProtocolRulesallowinternalclientaccesstotheInternet.

Thisisdynamicinnature.

n AccessPolicy >Packetfilteringrules–openorcloseportstatically.

n PublishingRulesallowexternalclientsaccesstointernalservers.Thisis

dynamicinnatureaswell.

InthecaseofGIAC,wecancontroloutgoingrequestsusingaccesspolicyor

protocolrules.Wedonotneedtouseanypublishingrule,asthereisnoservice

undertheprotectionofthisISAServer.Topreventexternalaccessthroughthis

ISAServer,weshouldstaticallyblockallaccessattemptsmadefromtheoutside.

1 2 ... 101 102 103 104 105 106 107 108 109 110 111 ... 208 209

Sin comentarios

Eicon Networks S92 Manual de usuario Pagina 106