Professional Documents
Culture Documents
Th by - 06/11/2010 14:54
P6: XY DNG V CU HNH ISA 2006 Khi kt ni h thng mng ni b giao dch vi Internet ,cc Cng ty thng c yu cu nh : - Kim sot cc giao dch thc hin gia mng ni b v Internet - Ngn chn cc tn cng, thm nhp tri php t Internet A - M HNH
B- GII THIU Khi kt ni h thng mng ni b giao dch vi Internet ,cc Cng ty thng c yu cu nh : Kim sot cc giao dch thc hin gia mng ni b v Internet Ngn chn cc tn cng, thm nhp tri php t Internet Gii php thch hp cho cc nhu cu trn l s dng cc Firewall (bc tng la). Bi Lab ny gii thiu vic ci t v trin khai phn mm Firewall ca Microsoft : Internet Security and Acceleration 2006 (ISA-2K6) C- CC BC TRIN KHAI Pht trin t h thng Domain ca bi Lab-5, bi Lab ny s dng thm 1 my tnh c lp ,dng Windows Server 2003 trin khai ISA-2K6 Cc bc trin khai bao gm : Cu hnh thng s TCP/IP v ci t ISA-2K6 Cu hnh cc ISA-Clients trong mng ni b Khai bo trn ISA-2K6 cc thnh phn trong mng ni b nh :VIP, USER, SERVER Thit lp cc Access Rules, Application Filer trn ISA-2K6 kim sot cc giao dch Cu hnh ISA-2K6 nhn bit v ngn chn cc tn cng t bn ngoi Internet Thc hin thng k, bo co v cc giao dch thng qua ISA-2K6 D- TRIN KHAI CHI TIT I. Chun b Bi lab gm 5 PC: Server,VIP,Users,Router v ISA 1. Nng cp Domain Controller trn my Server
B1.t IP Address Interface Name Lan-3 IP Address 192.168.3.2 Subnet Mark 255.255.255.0 Default Gateway 192.168.3.1 Preferred DNS 192.168.3.2
2. Cu hnh Routing trn my Router B1.t IP Address cho cc Interface Interface Name Cross Lan-2 Lan-3 Lan-4 IP Address 192.168.5.2 192.168.2.1 192.168.3.1 192.168.4.1 Subnet Mark 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 Default Gateway Trng Trng Trng Trng Preferred DNS Trng Trng Trng Trng
3. Join domain cc my VIP,USERS vo nhatnghe.local B1. IP Address PC VIP Users IP Address 192.168.2.2 192.168.4.2 Subnet Mark 255.255.255.0 255.255.255.0 Default Gateway 192.168.2.1 192.168.4.1 Preferred DNS 192.168.3.2 192.168.3.2
II. Ci t ISA Server 2006 trn my ISA 1.Cu hnh Route trn my ISA B1.t IP Address Interface Name Cross Lan IP Address 192.168.5.1 192.168.1.2 Subnet Mark 255.255.255.0 255.255.255.0 Default Gateway Trng Trng Preferred DNS 192.168.3.2 Trng
B2. To cc route Start\Run:CMD. *Nhp cc lnh to route sau: Route add p 192.168.2.0 mask 255.255.255.0 192.168.5.2 metric 1 Route add p 192.168.3.0 mask 255.255.255.0 192.168.5.2 metric 1 Route add p 192.168.4.0 mask 255.255.255.0 192.168.5.2 metric 1 Route add p 0.0.0.0 mask 0.0.0.0 192.168.1.1 metric 1 * xem Routing Table, nhp lnh route print
3.Ci t Firewall client trn ccmy SERVER,VIP,USERS T source ISA2006ClientChy file: ISACient.exe
3. Cho PC Users oc truy cp trang nhatnghe.com trong gi lm vic (8hAM-4hPM t Th 2 n Th 6) B1.nh ngha Trang nhatnghe.com
5. Cho Users truy cp internet khng hn ch trong gi gii lao(10hAM-2hPM) B1.nh ngha Gi gii lao
7. Cm tt c users truy cp trang ngoisao.net,nu users truy cp trang ny th redirect v trang nhatnghe.com. B1.nh ngha URL ngoisao.net ToolboxNetwork ObjectNew URL Set
IV.Cu hnh HTTP Filter Nhm cm user chat YM,cm gi mail bng phng thc POST,cm download file exe,vbs
V.Cu hnh Intrusion Detection nhn bit v ngn chn cc tn cng t bn ngoi Internet
B2:Thit lp Action
VI.Report -Thc hin thng k, bo co v cc giao dch thng qua ISA-2K6 Chn MonitoringTab ReportsClick Generate a New Report