Escolar Documentos
Profissional Documentos
Cultura Documentos
19/06/2013
Secure access to the Internet also means that the users actions comply with the organizations security or Internet usage policy.
19/06/2013
19/06/2013
19/06/2013
19/06/2013
19/06/2013
19/06/2013
19/06/2013
19/06/2013
1. A client application, such as a Web browser, makes a request for an object located on a Web server. The client application checks its Web proxy configuration to determine whether the request destination is on the local network or on an external network. 2. If the requested Web server is not on the local network, the request is sent to the proxy server. 3. The proxy server checks the request to confirm that there is no policy in place that blocks access to the requested content. 4. If caching is enabled, the proxy server also checks if the requested object exists in its local cache. If the object is stored in the local cache and it is current, the proxy server sends the object to the client from the cache. If the page is not in the cache or if the page is out of date, the proxy server sends the request to the appropriate server on the Internet.
10
19/06/2013
5.The Web server response is sent back to the proxy server. The proxy server filters the response based on the filtering rules configured on the server. 6. If the content is not blocked and it is cacheable, ISA Server saves a copy of the content in its cache and the object is then returned to the client application that made the original request.
11
19/06/2013
12
19/06/2013
1. A user on the Internet makes a request for an object located on a Web server that is on an internal network protected by a reverse proxy server. The client computer performs a DNS lookup using the fully qualified domain name (FQDN) of the hosting server. The DNS name will resolve to the IP address of the external network interface on the proxy server. 2. The client application sends the request for the object to the external address of the proxy server
13
19/06/2013
3.The proxy server checks the request to confirm that the URL is valid and to ensure that there is a policy in place that allows access to the requested content. 4. The proxy server also checks whether the requested object already exists in its local cache. If the object is stored in the local cache and it is current, the proxy server sends the object to the client from the cache. If the object is not in the cache, the proxy server sends the request to the appropriate server on the internal network. 5. The Web server response is sent back to the proxy server. 6. The object is returned to the client application that made the original request
14
19/06/2013
15
19/06/2013
16
19/06/2013
17
19/06/2013
18
19/06/2013
19
19/06/2013
Protocols
User Sets
defines a group of one or more users to which a rule will be explicitly applied, or which can be excluded from a rule. provides common content types to which you may want to apply a rule. allows you to designate hours of the week during which the rule applies . allows you to create sets of computers to which a rule
Network Objects
20
19/06/2013
21
19/06/2013
22
19/06/2013
23
19/06/2013
24
19/06/2013
25
19/06/2013
26
19/06/2013
In ISA server
27
19/06/2013
28
19/06/2013
In ISA server:
29
19/06/2013
Network Sets:
A network-set rule element represents a grouping of one or more networks Ex:All Protected Networks
30
19/06/2013
Address Ranges:
An address range is a set of computers represented by a continuous range of IP addresses Ex:All DCs (IP Address Range: 192.168.1.10 192.168.1.20).
31
19/06/2013
Computer Sets:
A computer set includes a collection of computers identified by their IP addresses, a subnet object, or an address-range object Ex:All DCs and Exchange Servers
32
19/06/2013
33
19/06/2013
34
19/06/2013
Digest authentication:
Digest authentication passes authentication credentials through a process called hashing. Hashing creates a string of characters based onthe password but does not send the actual password across the network, ensuring that no one can capture a network packet containing the password and impersonatethe user.
35
19/06/2013
36
19/06/2013
37
19/06/2013
Firewall Clients When ISA Server authenticates a Firewall client, it uses the credentials of the user making the request on the computer running the Firewall client
38
19/06/2013
39
19/06/2013
40
19/06/2013
41
19/06/2013
42
19/06/2013
43
19/06/2013
44