Good Afternoon fellow mates & Moderators , I just wanted to know if there is any way possible that you can bypass isa server 2000 without showing on isa sever or in its logs . Im running a cable network of about 120 users on local area network and the issue I faced was that a user who is far much experienced in networking somehow managed to do this so I couldnt even detect it on my windows server 2003 based machine running ISA server 2000 with GFI webmonitor . I checked the logs constantly while monitoring on GFI webmonitor and isa but I couldnt find his IP . He was really consuming a huge amount of bandwidth . I have assigned users with the ip series 192.168.1.xx . I asked another friend of mine that that could this be possible ? He replied that there are ip hiding softwares such as 'anonymizer' and 'iphideplatinum' , etc. which masks / conceals ip addresses . So , coming to the point .. can you tell me what software / trick he is using and is there anyway to defend against this ?? Thanking you , A desperate amateur network administrator ( DANA)
One way to disallow this is to have all users authenticate with ISA server when accessing the web. You would need to configure the browsers for your users so that it is using your ISA server as the proxy server. Apart from that, the users will have to authenticate with ISA server when accessing the web. This will allow both ISA server and GFI WebMonitor to show you the usernames of the users accessing the web.
This is more difficult for the users to fake.
Another thing that would help would be to install the Firewall client on the users' machine.