firewall isa
TRANSCRIPT
61
Ti: TM HIU V FIREWALL
Thc hin: Phm
Huy Thun
Nha Trang thng 4 nm 2012
61
MC LCContents PageContents Page............................................................................................................................ 2 Li m u.................................................................................................................. 4 CHNG I: TNG QUAN V ISA SERVER 2006.............................................................5 1. Gii thiu v ISA server 2006...............................................................................5 2. Cc phin bn ca ISA server 2006......................................................................5 3. Tnh nng chnh ca ISA server 2006...................................................................5 CHNG II: Ci t ISA Server 2006 ...........................................................................7 Yu cu cu hnh c bn..........................................................................................7 2. Tin trnh ci t..................................................................................................8 CHNG III: PHN LOI V CU HNH ISA SERVER CLIENTS......................................13 1. Phn loi............................................................................................................13 2. Cu hnh............................................................................................................14 a. SecureNAT Client............................................................................................14 b. Web Proxy Client.............................................................................................15 c. Firewall Client..................................................................................................16 CHNG IV: Trin khai ISA server 2006....................................................................17 1. To Rule ............................................................................................................ 17 2. Publish Web.......................................................................................................23 3.VPN.....................................................................................................................32 a. VPN Client to Site ...........................................................................................32 b. VPN Site to Site...............................................................................................39 4. To Caching....................................................................................................... 52 CHNG V: MT S M HNH ISA FIREWALL THNG GP......................................62 1. Edge Firewall.....................................................................................................62 2. 3-Leg Perimeter.................................................................................................63 3. Front/Back Firewall.............................................................................................64
61
CHNG VI. TNG KT.............................................................................................65
61
Li m uTrong thi i ngy ny Internet khng ngng pht trin v vn xa, p ng cc nhu cu ca ngi s dng, nhng vn nh gio dc t xa, t vn Y t, mua hng trc tuyn,vv. Khng cn l nhng khi nim tru tng na. Vi Internet mi th trong m tr thnh hin thc. Trong nhng nm gn y vi tr ca Cng ngh thng tin (CNTT) v ang c khng nh mt cch r nt. S pht trin ca CNTT tc ng tch cc n mi mt ca i sng chnh tr, kinh t, vn ha, x hi ca loi ngi, to ra s pht trin vt bc cha tng c trong lch s. ng dng CNTT c hiu qu v bn vng ang l tiu ch hng u ca nhiu quc gia. CNTT gip con ngi xch li gn nhau hn, khin cho khong cch a l khng cn tn ti l lc y cho mi hot ng trn mi lnh vc ca Quc gia. Xt theo bnh din l mt doanh nghip th hiu qu l iu bt buc v bn vng cng l tt yu. Di gc nhn ca mt chuyn gia v bo mt h thng, khi trin khai mt h thng thng tin v xy dng c c ch bo v cht ch, an ton, nh vy l gp phn duy tr tnh bn vng cho h thng thng tin ca doanh nghip . V tt c chng ta u hiu rng gi tr thng tin ca doanh nghip l ti sn v gi. Khng ch thun ty v vt cht, nhng gi tr khc khng th o m c nh uy tn ca h vi khch hng s ra sao, nu nhng thng tin giao dch vi khch hng b nh cp, ri sau b li dng vi nhng mc ch khc nhau..Hacker, attacker, virus, worm, phishing, nhng khi nim ny gi y khng cn xa l, v thc s l mi lo ngi hng u ca tt c cc h thng thng tin (PCs, Enterprise Networks, Internet, vv..). V chnh v vy, tt c nhng h thng ny cn trang b nhng cng c mnh, am hiu cch x l i ph vi nhng th lc en ti . Trc ht vi vai tr ca mt qun tr vin chng ta cn xy dng thc s dng my tnh cho cc nhn vin trong t chc doanh nghip mnh. Tip theo l cn mt cng t c lc mnh cng chng ta chng li cc th lc trn. l cc Firewall, t Personal Firewall bo v cho tng Computer cho n cc Enterprise Firewall c kh nng bo v ton h thng Network ca mt T chc. V Microsoft ISA Server 2006 l mt Enterprise Firewall nh th ! Mt sn phm tt v l ngi bn tin cy bo v an ton cho cc h thng thng tin. Vy ISA server l g? Cch thc trin khai v cu hnh ca n ra sao? Chc nng ca ISA nh th no? Tc dng ca ISA trong mi trng network..vv..vv. Chuyn ny s gii p nhng cu hi . V s cung cp mt ci nhn chi tit, r nt v ISA server.
61
CHNG I: TNG QUAN V ISA SERVER 20061. Gii thiu v ISA server 2006Microsoft Internet Security and Acceleration Sever (ISA Server) l phn mm xy dng bc tng la (Firewall) kh ni ting v c s dng kh ph bin ca hng phn mm Microsoft. C th ni y l mt phn mm share internet kh hiu qu, n nh, d cu hnh, firewall tt, nhiu tnh nng cho php bn cu hnh sao cho tng thch vi mng LAN ca bn. Tc nhanh nh ch cache thng minh, vi tnh nng lu Cache vo RAM (Random Access Memory), gip bn truy xut thng tin nhanh hn, v tnh nng Schedule Cache (Lp lch cho t ng download thng tin trn cc WebServer lu vo Cache v my con ch cn ly thng tin trn cc Webserver bng mng LAN). Ngoi ra cn rt nhiu cc tnh nng khc na 2. Cc phin bn ca ISA server 2006 Standard : ISA Server 2006 Standard p ng nhu cu bo v v chia s bng thng cho cc cng ty c quy m trung bnh. Enterprise : ISA Server 2006 Enterprise c s dng trong cc m hnh mng ln,
p ng nhiu yu cu truy xut ca ngi dng bn trong v ngoi h thng. Ngoi nhng tnh nng c trn ISA Server 2006, bn Enterprise cn cho php thit lp h thng mng cc ISA Server cng s dng mt chnh sch, iu ny gip d dng qun l v cung cp tnh nng Load Balancing (cn bng ti). 3. Tnh nng chnh ca ISA server 2006 ISA server l mt trong cc phn mm my ch thuc dng .NET Enterprise Server. Cc sn phm thuc dng .NET Enterprise Server l cc serverng dng ton din ca Microsoft trong vic xy dng, trin khai, qun l, tch hp, cc gii php da trn web v cc dch v. ISA server mang li mt s cc li ch cho cc t chc cn kt ni Internet nhanh, bo mt, d qun l Truy cp Web nhanh vi cache hiu sut cao: o
Ngi dng c th truy cp web nhanh hn bng cci tng ti ch trong cache so vi vic phi kt ni vo Internet lc no cng tim tng nguy c tc nghn. Gim gi thnh bng thng nh gim lu lng internet
o
61
o
Phn tn ni dung ca cc Web server v ccng dng thng miin t mt cch hiu qu,pngc nhu cu khch hng trn ton cu (kh nng phn phi ni dung web ch c trn phin bn ISA server Enterprise)
Kt ni Internet an ton nh nhiu lpo
Bo v mng trc cc truy nhp bt hp php bng cnh gim st lu lng mng ti nhiu lp. Bo v cc my ch web, email v cc ng dng khc khi s tn cng t bn ngoi bng vic s dng web v server qung b x l mt cch an ton cc yu cu n
o
Lc lu lng mngi vn m bo an ton. Cung cp truy cp an toan cho ngi dng hp l t Internet ti mng ni ti nh s dng mng ringo (VPN) Qun l thng nht vi s qun tr tch hpo o
o iu khin truy cp tp trung m bo tnh an ton v pht huy hiu lc ca cc chnh sch vn hnh o Tng hiu xut nh vic gii hn truy cp ti internet ca mt s cc ng dng v ch n o Cp pht bng thng ph hp vi cc u tin o Cung cp cc cng c gim st ch ra cc kt ni internet c s dng nh th no o T ng ha cc dch v nh s dng script Kh nng m rng o Ch trng ti an ton v thi hnh nh s dng ISA server software development kit (SDK) vi cc thnh phn b sung o Chc nng m rng an ton cho cc sn xut th ba o T ng cc tc v qun tr vi cc i tng script COM ( component object model)
61
CHNG II: Ci t ISA Server 2006Yu cu cu hnh c bn
Internet link Up to 5 T1 7.5 megabits Up to 25 Mbps bandwidth per second (Mbps) Processors/Cores 1 Processor type Pentium III750 megahertz (MHz) or higher 1
Up to T3 Up to 90 45 Mbps Mbps 2 2/2
Pentium 4 3.0 Xeon3.04.0 Xeon Dual Core 4.0 gigahertz(GHz) GHz AMD Dual Core 2.03.0 GHz
Memory
512 megabytes(MB)
512 MB
1 gigabyte (GB)
2 GB
Disk space
150 MB
2.5 GB
5 GB
10 GB
Network adapter
10/100 Mbps
10/100 Mbps
100/1000 Mbps
100/1000 Mbps
S VPN ng 150 thi kt ni
700
850
2000
61
2. Tin trnh ci tTrc tin ci t ISA th yu cu my ISA phi c t nht 2 card mng, mt card ni vi mng bn trong (Internal) v card mang cn li ni ra Internet (External) Cho a ISA server 2006 vo v chn Install ISA server 2006
Trong ca s Setup type chn Typical nu bn mun ci t theo ch mc nh v chn Custom nu mun ci t bng tay di y ti chn Custom Next
61
Sau chng ta nhp Next
Ti ca s Internal Network nhp Add
61
Chn tip Add Adapter
Trong Select Network Adapter, chn card mang no trc tip ni vo LAN OK
61
Nhp Next
Nhp Next Install Finish
61
y l giao din ca ISA server 2006 sau khi chng ta ci thnh cng
61
CHNG III: PHN LOI V CU HNH ISA SERVER CLIENTSMt ISA Server 2006 client l my tnh kt ni n cc ngun ti nguyn khc thng qua ISA Server 2006 firewall. Nhn chung, cc ISA Server 2006 client thng c t trong mt Internal hay perimeter network DMZ v kt ni ra Internet qua ISA Server 2006
1. Phn loiC 3 loi ISA Server 2006 client: SecureNAT client l my tnh c cu hnh vi thng s chnh Default gateway
gip nh tuyn ra Internet thng qua ISA Server 2006 firewall. Nu SecureNAT client nm trn Mng trc tip kt ni n ISA Server 2006 firewall, thng s default gateway ca SecureNAT client chnh l IP address ca network card trn ISA Server 2006 firewall gn vi Network . Nu SecureNAT client nm trn mt Network xa ISA Server 2006 firewall, khi SecureNAT client s cu hnh thng s default gateway l IP address ca router gn n nht, Router ny s gip nh tuyn thng tin t SecureNAT client n ISA Server 2006 firewall ra Internet. Web Proxy client l my tnh c trnh duyt internet (vd:Internet Explorer) c cu hnh dng ISA Server 2006 firewall nh mt Web Proxy server ca n. Web browser c th cu hnh s dng IP address ca ISA Server 2006 firewall lm Web Proxy server ca n cu hnh th cng, hoc c th cu hnh t ng thng qua cc Web Proxy autoconfiguration script ca ISA Server 2006 firewall. Cc autoconfiguration script cung cp mc ty bin cao trong vic iu khin lm th no Web Proxy clients c h kt ni Internet. Tn ca User (User name) c ghi nhn trong cc Web Proxy logs khi my tnh c cu hnh nh mt Web Proxy client. Firewall client l my tnh c ci Firewall client software. Firewall client software chn tt c cc yu cu thuc dng Winsock application (thng thng, l tt c cc ng dng chy trn TCP v UDP) v y cc yu cu ny trc tip n Firewall service trn ISA Server 2006 firewall. User names s t ng c a vo Firewall service log khi my tnh Firewall client thc hin kt ni Internet thng qua ISA Server 2006 firewall. Di y l bng so snh cc dng ISA server 2006 Client
61
FeatureCn phi ci t
SecureNAT client
Firewall client
Web client
Proxy
Khng, ch cn xc lp Yes. Cn ci t Khng, ch cn cu thng s default gateway software hnh cc thng s ph hp ti trnh duyt Web- Web browser H tr H iu Bt c OS no h tr Ch Windows Bt k OS no c hnh no TCP/IP h tr cc Web application H tr Protocol Nh c b lc ng dng Hu ht cc ng HTTP, Secure -Application filters c th dng trn Internet HTTP h tr cc ng dng chy hin nay (HTTPS), v FTP kt hp nhiu protocols multiconnectionprotocols c
C h tr xc c, nhng ch dnh cho c thc ngi dng VPN clients hay khng .Nhm kim sot vic User truy cp ra ngoi
2. Cu hnha. SecureNAT Client Ti my CLIENT, right click My Network Places icon trn desktop v click
Properties. Trong Network and Dial-up Connections, right click Local Area Connection v
click Properties. Trong Local Area Connection Properties dialog box, click Internet Protocol (TCP/IP) , click Properties. Trong Internet Protocol (TCP/IP) Properties dialog box, chng ta khai bo IP, Subnet mask, DNS, quan trng nht l khai bo Default Gateway sao cho mi thng tin hng ra internet phi c nh tuyn n ISA server.
61
M hnh SecureNAT Client
b. Web Proxy Client Chng ta cu hnh trn Internet Explorer Trn my CLIENT, right click Internet Explorer icon nm trn desktop,click
Properties. Trong Internet Properties dialog box, click Connections tab. trn Connections tab, click LAN Settings button. Trong Local Area Network (LAN) Settings dialog box. Ti Proxy server chng ta in IP ca ISA server v port 8080
61
c. Firewall Client Vo th mc Client trong a ISA 2006 chy file setup.exe .
61
Chn option I accept the terms in the licene agreement Next Next.
Chn option Connect ti this ISA server computer, nhp vo IP internal ca my ISA Next Install.
CHNG IV: Trin khai ISA server 20061. To RuleTo Rule cho php ngi qun tr c th cho php hay cm bt k my no trong mng hay ton b mng . Sau y l cc bc to ra 1 Access Rule Chy chng trnh ISA bng cc click chut vo ISA server Management Right click vo Firewall Policy chn New chn Access Rule
61
Sau ca s New Access Rule wizard hin ra chng ta g tn cho Rule chng hn nh Allow Internal to Internet vo Access Rule Name Next
61
Sau chng ta chn hnh ng cho rule l Allow ( cho php) hay Deny ( cm ) v click next
61
Sau chng ta s chn Protocol cho rule, nu chng ta cho my trm truy cp Internet v Email th chng ta ch chn cc giao thc nh DNS, http, https, POP3,SMTP chn rule ta click Add Next
Bc tip theo chng ta chn Source cho rule click Add sau chon ci bn mun add y ti chn Internal v Local Host. y l ngun l nhng mang hay my tnh bn mun cho php hay cm
61
Tip theo chng ta s chon Destination click Add chn im n
Chn Next sau chng ta chn User cho rule
61
Sau chng ta c th xem li cc option chng ta chn v finish kt thc vic to rule
Cui cng chng ta chn Apply thc thi Rule
61
2. Publish WebTi my ISA Server bt chng trnh ISA ln tip tc trong Firewall Policy to mt Rule mi bng cch chn New Web Site Publishing Rule
Sau chng ta t tn cho Rule ( vd nh Publish wed )
61
Trong Rule Action chn Allow Next
Chn Publish a single Web site or load balancer trong Publishing Type Next
61
Vi Rule ny chng ta s Publish dch v HTTP trc nn trong Server Connection Sercurity ti chn la chn Use non-secured connections to conect the published Web server or server farm Next
Internal site name bn nhp tn ca Wed server v click vo Use a computer name or IP address to connect to the published server sau in IP ca Wed server vo Next
61
Trong Internal Publishing Details bn cha trng Path Next
Trong tab Accept requests for chng ta chon Any domain name Next
61
Trong ca s Select Web Listener cha tn ti cc Web Listener no c v vy ta phi to cc Listener mi cho n. Nhp New
Sau chng ta t tn cho Web Listener Next
61
Tip tc chn ty chn l Do not require SSL secured connections with clients ch Publish dch v HTTP m thi Next
Chn External trong Web Listener IP Address Next
61
Ti Authentications Settings chn No Authentication Next
Nhp Next Finish
61
Nhp Next
61
Chn ty chn No delegation, and cliecnt cannot authenticate directly trong Authentication Delegation Next
Chn All Users trong User Sets
61
Mn hnh to Rule Publish Web sau khi hon tt
3.VPNa. VPN Client to Site
Trc tin cho cc Client truy cp c vo mng thng qua VPN chng ta phi to mt User trn ISA server, click chut phi vo User chn Properties, chn th Dial-in, chn option Allow access ok, To 1 Group v add User trn vo Group ny
61
Ti my ISA Server bn chn Virtual Private Networks (VPN) chn tip Tab VPN Clients Click vo Configure Address Assignment Method
61
Ti Tab Address Assignment bn nhp mt dy IP gn cho cc my VPN Client trong Static address pool, di IP ny khng c trng vi bt k di no trong mng
Mc nh khi ci t hon tt ISA Server s khng bt VPN Clients ln nn bn tip tc chn Enable VNP Client Access trong bc ci t th 1 bt tnh nng ny.
61
Check vo ty chn Enable VPN client access Lu l gi tr trong Maximum number of VPN clients allowed phi nh hn di IP m ta gn cho cc VPN Clients
Sang tab Group add Group chng ta to trc
61
Ti tab protocols chn giao thc bo mt y l PPTP
61
Tip tc chng ta chn mc Firewall Policy to mt Rule mi cho php cc VPN Clients c php truy cp vo bn trong Internal Network t tn cho Rule
Rule Action: Allow Protocol: All outbound traffic Trong Access Rule Sources bn chn mt giao thc duy nht l VPN Clients
61
V cc my Client t bn ngoi truy cp vo bn trong Internal Network nn trong Access Rule Destinations ta chn l Internal
Mn hnh sau khi hon tt
61
b. VPN Site to Site
Trc tin HCM v HANOI c th truy cp c vi nhau thng qua VPN chng ta phi to User trn mi ISA Server Ti my ISA HCM to User/Pass l HCM/123 Ti my ISA HANOI to User/Pass l HANOI/123 Sau Double click vo User HCM chn Tab Dial-in Check ty chn Allow Access trong Remote Access Permission Lm tng t cho User HANOI Trn my ISA server HCM chn Virtual Private Networks (VPN) chn tip Tab Remote Sites Tip tc nhp vo Create VPN Site-to-Site Connection
61
Sau nhp VPN User va c to ra trong mng ca mnh ( HCM ) Next
61
Chn giao thc Point-to-Point Tunneling Protocol (PPTP) Next
Ti Local Network VPN Settings bn nhp mt dy IP gn cho cc my VPN Client trong Static address pool v d ny l dy s 11.0.0.1->11.0.0.100 ( dy IP ny khng c trng vi bt k di IP no trong mang ) Next
61
Trong Remote Site Gateway bn nhp IP Enternal ca mng HANOI Next
Nhp chnh xc VPN User ca mng HANOI vo ca s Remote Authentication Next
Tip tc trong ca s Network Addresses bn nhp nguyn dy IP ca mng HANOI vo Address ranges. Ngha l nhp nguyn c dy IP ca Internal Network mng HANOI
61
Gi nguyn gi tr mc nh trong ca s Site-to-Site Network Rule Next
Ty theo bn mun cc mng truy cp vi thng qua cc Protocol no m ti ca s Siteto-Site Network Access Rule bn Add chng vo Next
61
Sau nhp Finish
Mn hnh sau khi hon tt
61
Vo Firewall Policy bn s thy xut hin thm mt Access Rule mi
61
Vo Configuration/Netwoks chn th Netwok rules s thy rule HCM to Internal Netwok c to ra
Trn my ISA Server HANOI lm tng t nh trn may ISA Server HCM sau khi to User HANOI v cho php Allow Access chn Virtual Private Networks (VPN) chn tip Tab Remote Sites. Tip tc nhp vo Create VPN Site-to-Site Connection
61
Sau nhp VPN User va c to ra trong mng ca mnh ( HANOI ) Next
Chn giao thc Point-to-Point Tunneling Protocol (PPTP) Next
61
Ti Local Network VPN Settings bn nhp mt dy IP gn cho cc my VPN Client trong Static address pool v d ny l dy s 12.0.0.1->12.0.0.100 ( dy IP ny khng c trng vi bt k di IP no trong mang ) Next
Trong Remote Site Gateway bn nhp IP Enternal ca mng HCM Next
Nhp chnh xc VPN User ca mng HCM vo ca s Remote Authentication Next
61
Tip tc trong ca s Network Addresses bn nhp nguyn dy IP ca mng HCM vo Address ranges. Ngha l nhp nguyn c dy IP ca Internal Network HCM.
Gi nguyn gi tr mc nh trong ca s Site-to-Site Network Rule Next
61
Ty theo bn mun cc mng truy cp vi thng qua cc Protocol no m ti ca s Siteto-Site Network Access Rule bn Add chng vo Next
Mn hnh sau khi hon tt
61
61
4. To CachingMc nh sau khi ci t hon tt ISA Server s tt Cache i, Enable Cache bn chn Cache trong mc Configuration Ti ISA Server trong mn hnh gia chn Tab Cache Drivers , ca s bn phi chn Tab Tasks chn Define Cache Drives (Enable Caching)
61
Chn a lu Cache v dung lng Cache nhp set OK
61
Chn Save the changes and restart the services
n y ta cu hnh hon tt cho ISA Server Cache th ng tt c cc trang Web, ngha l vi nhng trang Web c ni dung khng c lu tr trong Cache ca ISA s phi tn cng ti nguyn c trang v. Nh vy vi mt s trang Web m ta mun ISA t ng Cache vo thi im nht nh no th ta phi to mt Job cho ISA cp nht ch ng trang ny Tr li my ISA Server chn Tab Content Download Jobs trong Cache tip tc nhp chn Schedule a Content Download Job Enable tnh nng ch ng Cache ln
61
Nhp tn cho Schedule Next
Chn Daily thc hin Cache mi ngy
61
Ch nh gi thc hin Cache ch ng cho ISA trong Daily Frequency
Nhp a ch trang Web m bn mun Cache ch ng vo
61
Gi nguyn gi tr mc nh trong mn hnh Content Caching Next Finish
Sau khi hon tt ta start ln
61
Nh vy mc nh ISA s Cache ton b cc trang Web m User truy cp. Vi mt s trang Web m ni dung thng xuyn thay i (cc trang Web chng khon...) th tnh nng Cache ny xem ra l khng kh thi gii quyt vn ny ta s to Rule nhm loi tr mt s trang m ta khng mun ISA Cache chng u tin ta phi to danh sch cc trang wed khng cache. Chn Firewall Policy, ca s bn phi chon Tab Toolbox click chut phi vo URL Sets chn New URL Set
Trong ca s New URL Set Rule Element ta in tn danh sch v add cc trang wed khng lu cache vo trong danh sch OK
61
Tip theo trong mn hnh ISA Server chn Cache nhp phi vo Cache chn New -> Cache Rule
61
t tn cho Rule ny l Deny Cache
Trong mn hnh Cache Rule Destination ta Add vo danh sch m ta va to lc trc
61
Nhn Next tip tc. Trong mn hnh Content Retrieval ta chn Option u tin l Only if a valid version
Nhn Next tip tc. Trong mn hnh Cache Content chn vo Never, no content will ever be cached Next
61
Nhp Finish
CHNG V: MT S M HNH ISA FIREWALL THNG GP1. Edge Firewall
y l m hnh mng vi 1 ISA Server ni trc tip vi mng bn trong Internal . Do d nu h thng b bn ngoi tn cng vo v ISA Server b dnh sp th chng c th truy cp
61
vo tt c cc my tnh trong mng Internal Network. Vi m hnh ny tuy h thng vn c bo mt nhng cn tm rt hn ch.
2. 3-Leg Perimeter
Vi m hnh ny trong Internal Network chng ta s chia ra lm 2 nhm Nhm th 1 l cc my nh Mail Server, Web Server... ngi dng t
External Network c th truy cp vo Nhm th 2 l cc my ni b cn c bo mt k cng hn nhm th 1 Ti my ISA Server ta cn n 3 Card Lan Card th 1 ni vi cc my thuc nhm th 2 trong Internal Network. ISA
Server s m cc Port Outbound ti Card ny Card th 2 ni vi cc my thuc nhm th 1 trong Internal Network. ISA Server s m cc Port Outbound/Inbound ti Card ny Card th 3 ni vi cc my trong External Network. ISA Server s m cc Port Inbound ti Card ny Nh vy nu mt Hacker t External Network tn cng vo mng chng ta, sau khi nh sp c ISA Server chng c th truy cp vo tt c cc my tnh thuc nhm th 1 trong mng Internal Network. Vi m hnh ny tuy h thng vn c bo mt nhng cn cha c cht ch lm.
61
3. Front/Back Firewall
M hnh ny thc cht l mt m rng ca m hnh 3-Leg Perimeter ti m hnh ny ngi ta s dng nhiu ISA Server trong Local Host Khi nu Hacker tn cng mng chng ta chng phi lin tip nh sp nhiu ISA Server trong Local Host, tuy nhin khi mt vi ISA Server ca chng ta b tn cng th pha chng ta c bo ng v c bin php phng th, cng c li h thng an ton hn. M hnh ny tuy l c an ton cao nhng b li chi ph u t cho n l rt tn km.
61
CHNG VI. TNG KTHin nay bo mt h thng mng ang l vn nhc nhi ca cc qun tr vin. Mi ngy lm vic li c thm mt nguy c tn cng mi, tinh vi, hin i hn vi nhng hnh thc phc tp v quy m hn. S e da h thng lun rnh rp v d ch mt sai lm nh cng dn n hu qu kh lng. V vy chng ta vi vai tr l mt qun tr vin cn c mt trnh nht nh, lun lun cp nht cng ngh bn cnh l xy dng mt server mnh, mt firewall vng chc..vv.vv. Him ha lun lun tim n, c th l bn ngoi h thng mng ca mnh hay chnh t bn trong t chc. Thc t cc cng ty, hay mt t chc no th nhu cu trao i, tm hiu thng tin l iu thit yu v bt buc khng nhng trong mng cc b m cn ra ngoi Internet na. Nh vy cn c s qun l cht ch, kim sot mi truy cp ca local hay Internal ra ngoi Internet v ngc li. ISA server 2006 xng ng l mt s la chn tin cy. Khng nhng p ng hai iu kin trn ISA server cn c giao din thn thin d s dng v qun l. V vi mt vai tr l qun tr vin chng ta cn nng cao kin thc lin tc cp nht cng ngh a ra nhng la chn ng n nht nhm bo v tt nht, an ton nht cho h thng mng ca t chc hay cng ty mnh m nhim. /.