RE: Help me and my ISA server

From: Damien Ilmonen (damien@hammerheadtech.net)
Date: 06/10/02


From: "Damien Ilmonen" <damien@hammerheadtech.net>
To: <miloskv1@netscape.net>, <focus-ms@securityfocus.com>
Date: Mon, 10 Jun 2002 12:24:56 -0500

Yes, the LAT is only for people that are in your "private" space. If
you have everything in the LAT, than anyone who can access your IP
address can proxy off of your ISA server. Something that could be done
if you cannot change the physcial configuration is to enable user
authentication against the server so that only people logged into your
network can proxy off the server. However, I do not see why you cannot
add a second NIC to the ISA server, change the LAT, & modify the gateway
so that they using the ISA server. You'll be able to get better control
over your traffic & should be able to setup your content filtering and
any server hosting much better as well. You can't "publish" anything
when you only have one NIC in the ISA server.

Damien Ilmonen, CISSP

-----Original Message-----
From: miloskv1@netscape.net [mailto:miloskv1@netscape.net]
Sent: Monday, June 10, 2002 7:03 AM
To: focus-ms@securityfocus.com
Subject: Help me and my ISA server

I've just got a job as a system administrator in one company which have
ISA 2000 server in it. When I look at the configuration of my isa server
I saw that it has only one network adapter connected to the public range
of IP adressess on my network. Internal client are comming from my
private range (192.168.x.x) through win2000 router 192.168.x.x /
194.x.x.x and comming to my ISA server one and only NIC 194.x.x.140.
Something like this

192.168.0.0-192.168.0.254--------router(192.168.0.5 /
194.X.X.139)------ISA(194.X.X.140)---------Zyxell (194.X.X.141)

I saw that lot of people use my ISA server as their proxy (people from
internet). I went to microsoft web site and saw that minimal
requirements for ISA 2000 (In integrated mode) are two network adapters
(one for private one for public). So I think LAT table in my case is
useless... Am I Right???? I want to know if this is real problem (My ISA
is exploited becouse of stupidity of an ex-administrator (guy before me
who installed ISA2000) Any help will be great and any questions or
suggestions will help me a lot. Thanks for your time and everything you
have allready done for me and my knowledge.

Milos K. V. , System Administrator
Belgrade, Yugoslavia

__________________________________________________________________
Your favorite stores, helpful shopping tools and great gift ideas.
Experience the convenience of buying online with Shop@Netscape!
http://shopnow.netscape.com/

Get your own FREE, personal Netscape Mail account today at
http://webmail.netscape.com/



Relevant Pages

  • Re: Routing Table & LAT Conflict
    ... Kamran Shaikh wrote: ... | I'm using 2000 server with ISA server and I'm new to both ... Check the routing table ... | and the LAT to find the source of the conflict. ...
    (microsoft.public.isa.configuration)
  • Re: Constructing LAT for ISA Server...
    ... Could you please tell me how to construct the LAT for ISA Server with accordance to the Windows routing table.. ... This event occurs when there is a conflict between the Local ...
    (microsoft.public.isaserver)
  • Re: Client FireWall ISA and Printer with Network card
    ... On the ISA Server? ... The firewall client is a piece of software that captures any tcp/udp traffic ... destination network is local, is to check if it's listed in the LAT. ...
    (microsoft.public.isa)
  • Re: Lots of event 14120 in log
    ... > The ISA Server services cannot create a packet filter ... > the Windows 2000 routing table. ... > and the LAT to find the source of the conflict. ...
    (microsoft.public.isaserver)
  • Re: Natting external IP Address
    ... concept of Reverse NAT. ... Understanding the ISA 2004 Access Rule Processing ... Microsoft ISA Server Partners: Partner Hardware Solutions ... I need to NAT an external IP address with a private one. ...
    (microsoft.public.isa)