• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

best practice for defining rule-set ?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> best practice for defining rule-set ? Page: [1]
Login
Message << Older Topic   Newer Topic >>
best practice for defining rule-set ? - 16.Jan.2010 8:02:48 AM   
xp30

 

Posts: 2
Joined: 16.Jan.2010
Status: offline
hello !

i am looking for a solution to define the rule sets for our new isa-servers. normally i would block everything, and open only those ports which are really needed. This is secure, but not efficient - and my phone never stand still

so the question ist: what is the best practise to define a new rule-set ?

what do you think about that:
1. "allow all" for awhile and log all traffic through the isa-server
2. then make a analysis of the log-file and then
3. define the rule-set
but this is unsecure for a short time ... days ? weeks ?...

what is your experience regarding this problem ?

thanks for your answers.
tom
Post #: 1
RE: best practice for defining rule-set ? - 16.Jan.2010 10:48:53 AM   
richardhicks

 

Posts: 477
Joined: 20.Jan.2009
From: Southern California
Status: offline
Hi Tom,

Allowing all traffic is never a good idea, IMO. You'd be surprised at how few open ports you can actually get away with on your edge firewall. My suggestion would be to assess your current application needs as best you can and create a rule set based on that information. When you implement the changes, watch the TMG logs for denied traffic and create access rules for anything you believe to be legitimate. If/when customers complain, you can implement changes pretty quickly after that.

_____________________________

Richard Hicks - Forefront MVP
http://tmgblog.richardhicks.com/
http://directaccess.richardhicks.com/

(in reply to xp30)
Post #: 2
RE: best practice for defining rule-set ? - 19.Jan.2010 3:47:46 AM   
xp30

 

Posts: 2
Joined: 16.Jan.2010
Status: offline
Hi Richard,

yes, basically i agree with you. I will make a basic rule-set, based on customers informations regarding the used applications and communcation-partners. It depends on the quality of the customers information, if this rule-set is more or less  useable. So i think, that we will have some starting problems !
Do you know a (freeware) tool for analysing the log-files from the ISA server ?


(in reply to richardhicks)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> General >> best practice for defining rule-set ? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts