Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Setting up a secured ISA environment

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> General >> Setting up a secured ISA environment Page: [1]
Login
Message << Older Topic   Newer Topic >>
Setting up a secured ISA environment - 1.Aug.2002 7:21:00 PM   
wtdrisco

 

Posts: 25
Joined: 6.Jun.2002
Status: offline 		I am using ISA Server in a company business environment. I have purchased the "Featured Book" and Curt Simmons book. But what I am really after is the procedures and guidelines to setup ISA (policies and port settings) to ensure a real safe environment.
I have the incoming network setup on a split brain DNS, my (First Router)Internet connection goes into a seperate hub that then goes to the external NIC on the ISA server. I then connect the internal NIC to the main switch. I am using NAT. That main switch then connects to an internal router that connects all the remote sites to my site.

But I have been getting an average 3-5 port scan alerts every day from the following:

64.236.16.163
64.236.16.137
207.25.71.252
64.210.243.37
64.236.16.137
207.25.71.252
205.174.16.100
64.236.16.137
207.25.71.252
64.210.243.37
207.25.71.241
64.14.139.216
64.236.16.137
207.25.71.252
64.236.16.137
64.210.243.37
207.25.71.241
207.25.71.252

running a tracert on these, I get mainly time out request, but I have seen CNN.NET and from AOL. We use AOL IM internally (don't ask).. and I know that hackers can come in this way. I have seen unassigned Internal IP addresses show up..

But I was hoping that Tom or someone has or knows of a really detailed list or report on setting up a secured ISA (So that I can really check on what I have done)...

Thanks
Post #: 1
RE: Setting up a secured ISA environment - 3.Aug.2002 8:12:00 PM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Taylor,

Thanks for getting the book! [Big Grin]

Check out my securing ISA Server articles over at www.isaserver.org/shinder They will give you a good start.

You could be getting real port scans, or they could be false alamrms. Check out the packet filter logs and see if they look suspicious there.

HTH,
Tom

(in reply to wtdrisco)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> General >> Setting up a secured ISA environment Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts