RE: Help me and my ISA server

From: Christian Hampson (champson@hampsonservices.com)
Date: 06/10/02 

From: "Christian Hampson" <champson@hampsonservices.com>
To: <miloskv1@netscape.net>, <focus-ms@securityfocus.com>
Date: Mon, 10 Jun 2002 10:19:29 -0700

Milos:

It would appear that you have an ISA server that is (practically) set up
only as a proxy server. From what you have described, your external
router is translating addresses and proiding any security you may have.
On the plus side, however, anyone who manages to gain control of your
ISA server will have no more power than they did before.

I personally would find it necessary to add a NIC, move translation to
the ISA server and place the ISA server between the router and your
internal network. Otherwise your company has wasted whatever money they
spent on ISA.

Christian Hampson, MCSE, CISSP

-----Original Message-----
From: miloskv1@netscape.net [mailto:miloskv1@netscape.net]
Sent: Monday, June 10, 2002 05:03
To: focus-ms@securityfocus.com
Subject: Help me and my ISA server

I've just got a job as a system administrator in one company which have
ISA 2000 server in it. When I look at the configuration of my isa server
I saw that it has only one network adapter connected to the public range
of IP adressess on my network. Internal client are comming from my
private range (192.168.x.x) through win2000 router 192.168.x.x /
194.x.x.x and comming to my ISA server one and only NIC 194.x.x.140.
Something like this

192.168.0.0-192.168.0.254--------router(192.168.0.5 /
194.X.X.139)------ISA(194.X.X.140)---------Zyxell (194.X.X.141)

I saw that lot of people use my ISA server as their proxy (people from
internet). I went to microsoft web site and saw that minimal
requirements for ISA 2000 (In integrated mode) are two network adapters
(one for private one for public). So I think LAT table in my case is
useless... Am I Right???? I want to know if this is real problem (My ISA
is exploited becouse of stupidity of an ex-administrator (guy before me
who installed ISA2000) Any help will be great and any questions or
suggestions will help me a lot. Thanks for your time and everything you
have allready done for me and my knowledge.

Milos K. V. , System Administrator
Belgrade, Yugoslavia

__________________________________________________________________
Your favorite stores, helpful shopping tools and great gift ideas.
Experience the convenience of buying online with Shop@Netscape!
http://shopnow.netscape.com/

Get your own FREE, personal Netscape Mail account today at
http://webmail.netscape.com/

Relevant Pages

  • RE: Need U R Help ***
    ... Q:Can I configure ISA Server with only one network adapter? ... In cache only mode, only Web Proxy clients are supported. ... If you install ISA Server in integrated mode with only one network adapter, ...
    (microsoft.public.isaserver)
  • Re: Creating additional Internal Network for anonymous access
    ... When you install ISA Server on a computer with a single network adapter, ...
    (microsoft.public.isa.configuration)
  • Packet Dropped
    ... Hi, im having a problem with my isa server, i have two ISA server with one ... array, both with your own Configuration Storage server for fault tolerance. ... The routing table for the network adapter LAN includes IP ... address ranges that are not defined in the array-level network Internal, ...
    (microsoft.public.isa)
  • Re: Internet failover using second public IP
    ... ISA Server Does Not Support Multiple External Interfaces ... the same network adapter, or on different adapters. ... Do not configure more than one default gateway on that adapter. ...
    (microsoft.public.isa.configuration)
  • RE: Help me and my ISA server
    ... the LAT is only for people that are in your "private" space. ... address can proxy off of your ISA server. ... I saw that it has only one network adapter connected to the public range ...
    (Focus-Microsoft)