Scribd Logo
Upload

Welcome to Scribd!

  • Han Che Truy Cap Internet

    Uploaded by

    Đặng Xuân Thùy
    73 views63 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    73 views63 pages

    Han Che Truy Cap Internet

    Uploaded by

    Đặng Xuân Thùy

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 63

    P6: XY DNG V CU HNH ISA 2006

    Th by - 06/11/2010 14:54

    P6: XY DNG V CU HNH ISA 2006 Khi kt ni h thng mng ni b giao dch vi Internet ,cc Cng ty thng c yu cu nh : - Kim sot cc giao dch thc hin gia mng ni b v Internet - Ngn chn cc tn cng, thm nhp tri php t Internet A - M HNH

    B- GII THIU Khi kt ni h thng mng ni b giao dch vi Internet ,cc Cng ty thng c yu cu nh : Kim sot cc giao dch thc hin gia mng ni b v Internet Ngn chn cc tn cng, thm nhp tri php t Internet Gii php thch hp cho cc nhu cu trn l s dng cc Firewall (bc tng la). Bi Lab ny gii thiu vic ci t v trin khai phn mm Firewall ca Microsoft : Internet Security and Acceleration 2006 (ISA-2K6) C- CC BC TRIN KHAI Pht trin t h thng Domain ca bi Lab-5, bi Lab ny s dng thm 1 my tnh c lp ,dng Windows Server 2003 trin khai ISA-2K6 Cc bc trin khai bao gm : Cu hnh thng s TCP/IP v ci t ISA-2K6 Cu hnh cc ISA-Clients trong mng ni b Khai bo trn ISA-2K6 cc thnh phn trong mng ni b nh :VIP, USER, SERVER Thit lp cc Access Rules, Application Filer trn ISA-2K6 kim sot cc giao dch Cu hnh ISA-2K6 nhn bit v ngn chn cc tn cng t bn ngoi Internet Thc hin thng k, bo co v cc giao dch thng qua ISA-2K6 D- TRIN KHAI CHI TIT I. Chun b Bi lab gm 5 PC: Server,VIP,Users,Router v ISA 1. Nng cp Domain Controller trn my Server

    B1.t IP Address Interface Name Lan-3 IP Address 192.168.3.2 Subnet Mark 255.255.255.0 Default Gateway 192.168.3.1 Preferred DNS 192.168.3.2

    B2.StartRun:DCPROMO Domain Name:nhatnghe.local

    2. Cu hnh Routing trn my Router B1.t IP Address cho cc Interface Interface Name Cross Lan-2 Lan-3 Lan-4 IP Address 192.168.5.2 192.168.2.1 192.168.3.1 192.168.4.1 Subnet Mark 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 Default Gateway Trng Trng Trng Trng Preferred DNS Trng Trng Trng Trng

    B2.Enable Lan Routing

    StartProgramsAdministrative ToolsRouting and Remote Access

    B3.To Static Route

    3. Join domain cc my VIP,USERS vo nhatnghe.local B1. IP Address PC VIP Users IP Address 192.168.2.2 192.168.4.2 Subnet Mark 255.255.255.0 255.255.255.0 Default Gateway 192.168.2.1 192.168.4.1 Preferred DNS 192.168.3.2 192.168.3.2

    B2.My ComputerPropertiesTab Computer NameClick Change Member Of Domain: nhatnghe.local

    II. Ci t ISA Server 2006 trn my ISA 1.Cu hnh Route trn my ISA B1.t IP Address Interface Name Cross Lan IP Address 192.168.5.1 192.168.1.2 Subnet Mark 255.255.255.0 255.255.255.0 Default Gateway Trng Trng Preferred DNS 192.168.3.2 Trng

    B2. To cc route Start\Run:CMD. *Nhp cc lnh to route sau: Route add p 192.168.2.0 mask 255.255.255.0 192.168.5.2 metric 1 Route add p 192.168.3.0 mask 255.255.255.0 192.168.5.2 metric 1 Route add p 192.168.4.0 mask 255.255.255.0 192.168.5.2 metric 1 Route add p 0.0.0.0 mask 0.0.0.0 192.168.1.1 metric 1 * xem Routing Table, nhp lnh route print

    2.Ci t ISA Server T Source ISA2006 chy file:ISAAutorun.exe

    3.Ci t Firewall client trn ccmy SERVER,VIP,USERS T source ISA2006ClientChy file: ISACient.exe

    III.Cu hnh Access Rules 1.Cho phn gii tn min DNS

    2. Cho PC VIP v Users c gi nhn mail t internet B1.nh ngha VIP,Users

    B2.To Access rule

    3. Cho PC Users oc truy cp trang nhatnghe.com trong gi lm vic (8hAM-4hPM t Th 2 n Th 6) B1.nh ngha Trang nhatnghe.com

    B2.nh ngha Gi lm vic

    B3.To Access Rule

    4. Cho PC VIP truy cp internet khng hn ch.

    5. Cho Users truy cp internet khng hn ch trong gi gii lao(10hAM-2hPM) B1.nh ngha Gi gii lao

    B2. To Access Rule

    B3. Properties Rule Gio giai lao

    6. Ch cho Users c ch, khng cho xem hnh,xem phim,nghe nhc

    7. Cm tt c users truy cp trang ngoisao.net,nu users truy cp trang ny th redirect v trang nhatnghe.com. B1.nh ngha URL ngoisao.net ToolboxNetwork ObjectNew URL Set

    B2.To Access Rule

    B3.Properties Rule Cam Ngoisao.net

    IV.Cu hnh HTTP Filter Nhm cm user chat YM,cm gi mail bng phng thc POST,cm download file exe,vbs

    V.Cu hnh Intrusion Detection nhn bit v ngn chn cc tn cng t bn ngoi Internet

    B1.Enable Intrusion Detection

    B2:Thit lp Action

    VI.Report -Thc hin thng k, bo co v cc giao dch thng qua ISA-2K6 Chn MonitoringTab ReportsClick Generate a New Report

    You might also like