You are on page 1of 63

P6: XY DNG V CU HNH ISA 2006

Th by - 06/11/2010 14:54

P6: XY DNG V CU HNH ISA 2006 Khi kt ni h thng mng ni b giao dch vi Internet ,cc Cng ty thng c yu cu nh : - Kim sot cc giao dch thc hin gia mng ni b v Internet - Ngn chn cc tn cng, thm nhp tri php t Internet A - M HNH

B- GII THIU Khi kt ni h thng mng ni b giao dch vi Internet ,cc Cng ty thng c yu cu nh : Kim sot cc giao dch thc hin gia mng ni b v Internet Ngn chn cc tn cng, thm nhp tri php t Internet Gii php thch hp cho cc nhu cu trn l s dng cc Firewall (bc tng la). Bi Lab ny gii thiu vic ci t v trin khai phn mm Firewall ca Microsoft : Internet Security and Acceleration 2006 (ISA-2K6) C- CC BC TRIN KHAI Pht trin t h thng Domain ca bi Lab-5, bi Lab ny s dng thm 1 my tnh c lp ,dng Windows Server 2003 trin khai ISA-2K6 Cc bc trin khai bao gm : Cu hnh thng s TCP/IP v ci t ISA-2K6 Cu hnh cc ISA-Clients trong mng ni b Khai bo trn ISA-2K6 cc thnh phn trong mng ni b nh :VIP, USER, SERVER Thit lp cc Access Rules, Application Filer trn ISA-2K6 kim sot cc giao dch Cu hnh ISA-2K6 nhn bit v ngn chn cc tn cng t bn ngoi Internet Thc hin thng k, bo co v cc giao dch thng qua ISA-2K6 D- TRIN KHAI CHI TIT I. Chun b Bi lab gm 5 PC: Server,VIP,Users,Router v ISA 1. Nng cp Domain Controller trn my Server

B1.t IP Address Interface Name Lan-3 IP Address 192.168.3.2 Subnet Mark 255.255.255.0 Default Gateway 192.168.3.1 Preferred DNS 192.168.3.2

B2.StartRun:DCPROMO Domain Name:nhatnghe.local

2. Cu hnh Routing trn my Router B1.t IP Address cho cc Interface Interface Name Cross Lan-2 Lan-3 Lan-4 IP Address 192.168.5.2 192.168.2.1 192.168.3.1 192.168.4.1 Subnet Mark 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 Default Gateway Trng Trng Trng Trng Preferred DNS Trng Trng Trng Trng

B2.Enable Lan Routing

StartProgramsAdministrative ToolsRouting and Remote Access

B3.To Static Route

3. Join domain cc my VIP,USERS vo nhatnghe.local B1. IP Address PC VIP Users IP Address 192.168.2.2 192.168.4.2 Subnet Mark 255.255.255.0 255.255.255.0 Default Gateway 192.168.2.1 192.168.4.1 Preferred DNS 192.168.3.2 192.168.3.2

B2.My ComputerPropertiesTab Computer NameClick Change Member Of Domain: nhatnghe.local

II. Ci t ISA Server 2006 trn my ISA 1.Cu hnh Route trn my ISA B1.t IP Address Interface Name Cross Lan IP Address 192.168.5.1 192.168.1.2 Subnet Mark 255.255.255.0 255.255.255.0 Default Gateway Trng Trng Preferred DNS 192.168.3.2 Trng

B2. To cc route Start\Run:CMD. *Nhp cc lnh to route sau: Route add p 192.168.2.0 mask 255.255.255.0 192.168.5.2 metric 1 Route add p 192.168.3.0 mask 255.255.255.0 192.168.5.2 metric 1 Route add p 192.168.4.0 mask 255.255.255.0 192.168.5.2 metric 1 Route add p 0.0.0.0 mask 0.0.0.0 192.168.1.1 metric 1 * xem Routing Table, nhp lnh route print

2.Ci t ISA Server T Source ISA2006 chy file:ISAAutorun.exe

3.Ci t Firewall client trn ccmy SERVER,VIP,USERS T source ISA2006ClientChy file: ISACient.exe

III.Cu hnh Access Rules 1.Cho phn gii tn min DNS

2. Cho PC VIP v Users c gi nhn mail t internet B1.nh ngha VIP,Users

B2.To Access rule

3. Cho PC Users oc truy cp trang nhatnghe.com trong gi lm vic (8hAM-4hPM t Th 2 n Th 6) B1.nh ngha Trang nhatnghe.com

B2.nh ngha Gi lm vic

B3.To Access Rule

4. Cho PC VIP truy cp internet khng hn ch.

5. Cho Users truy cp internet khng hn ch trong gi gii lao(10hAM-2hPM) B1.nh ngha Gi gii lao

B2. To Access Rule

B3. Properties Rule Gio giai lao

6. Ch cho Users c ch, khng cho xem hnh,xem phim,nghe nhc

7. Cm tt c users truy cp trang ngoisao.net,nu users truy cp trang ny th redirect v trang nhatnghe.com. B1.nh ngha URL ngoisao.net ToolboxNetwork ObjectNew URL Set

B2.To Access Rule

B3.Properties Rule Cam Ngoisao.net

IV.Cu hnh HTTP Filter Nhm cm user chat YM,cm gi mail bng phng thc POST,cm download file exe,vbs

V.Cu hnh Intrusion Detection nhn bit v ngn chn cc tn cng t bn ngoi Internet

B1.Enable Intrusion Detection

B2:Thit lp Action

VI.Report -Thc hin thng k, bo co v cc giao dch thng qua ISA-2K6 Chn MonitoringTab ReportsClick Generate a New Report