The first was a small technical issue that he had actually already answered himself but just wanted confirmation that he had done the right thing. He had, so we moved on to his second question. That one was a little harder to answer..

“So how come you never told me about this? This is great software!”

Hmmm. Yes, it is great software. It’s powerful, it’s easy to use. I have customers using it and they like it a lot. So why don’t I push it? Why aren’t I talking it up?

Well, I guess I just haven’t found the right way to present this to people. In the past, I have mentioned this now and then, and the response almost always has been “Naaw, we’ll use a hardware router. That’s a lot cheaper and easier”.

Well, yeah, hardware routers can be cheaper and easier. You do need to dedicate a PC to WinRoute, and that cost alone would buy a pretty good router. Add the software cost of Winroute to that, and you are getting up into pretty expensive territory (relative to hardware routers of course).

But really it isn’t all that bad: a fifty user Kerio Winroute with all the bells and whistles runs about $2,400.00 initially and renewing yearly support and updates is only around $1,000.00. That includes McAfee antivirius scanning of SMTP, POP3, HTTP and FTP, remote VPN clients and content filtering. A hardware router with similar features is likely to be just as expensive, but again you can argue that a hardware appliance is easier.

But is it? While some of my clients have bought spare routers to cover hardware failure, most don’t, and it’s definitely a lot easier to find a PC and reinstall WinRoute than find your specific router – you won’t find an Enterprise class router down at your local Staples. There’s also the matter of upgrades: while hardware router manufacturers do release firmware upgrades, I’ve found customers tend to ignore those. Perhaps it’s because flashing a firmware upgrade can be more difficult than doing a software update on a PC, or maybe it’s just fear of the unfamiliar, but my experience shows that hardware appliances are more apt to be out of date. Understand that there’s no good reason or excuse for that, but that’s still what I see in the field.

Customers also tell me that the Winroute Administration Console is much easier to understand and use than the hardware appliance they used previously. There’s also the matter of support: if you buy WinRoute Firewall from me you are entitled to telephone and email support from both me and Kerio.

OK, really I should push this more than I do. It’s an excellent product. You can download a 30 day demo from Kerio (and I can get the demo extended if you need more time). I’m happy to help you set this up – I think you’ll agree that it really can be better than a dedicated appliance.

*Originally published at APLawrence.com

A.P. Lawrence provides SCO Unix and Linux consulting services http://www.pcunix.com

The recent opening of the Great Firewall of China to Wikipedia, selectively by language, ISP and municipality seems ripe with contradiction. The GFC is obviously not part of the One China policy. The revolutionary risk has always been a widening gap between hypergrowth cities and forgotten rural hinterland. One has to wonder if selective filtering against open information is a purposeful and protective measure, but dividing information always fails to conquer.

Or this could be seen as a positive, if not necessary step, not towards the political freedoms demanded at Tianamen, but economic necessity. The pattern of wealth creation, in it’s most current internet wave, is share control to create value. Market-Leninism fails to compete in a knowledge economy where markets are conversations. When the world’s greatest source of free knowledged cannot be accessed, the long term impact must be considerate.

See Also: Interview with Tim Starling via Angela.

Comments

Tag:

Add to Del.icio.us | Digg | Yahoo! My Web | Furl

Ross Mayfield is CEO and co-founder of Socialtext, an emerging provider of Enterprise Social Software that dramatically increases group productivity and develops a group memory.

He also writes Ross Mayfield’s Weblog which focuses on markets, technology and musings.

Dr Thierry Barsalou of Ipsen (all the way from Paris, France)

Rod Boothby who is creating an internal system for Ernst and Young.

Interestingly, both speakers said they did not ‘sell’ the idea as a blog.

Both made the point that we operate in an increasingly competitive environment, we have new ideas breathing down our necks and the only survival mechanism is knowing what others are doing, communicating better and faster and constant innovation.

Ipsen is using blogging as a reputation management and competitive intelligence tool. Sounds a lot like Brand Tracker.

They use RSS Feeds to pull in data and scan blogs, forums, news etc. Then the team of editors analyzes the info and writes 10 – 20 articles each day based on their findings.

They are getting a wider and wider audience reading the blog and using the data to produce better results.

E&Y are using what they call “pages” and internal teams working on clients and projects use the system to collaborate and share knowledge.

There is a real need for collaboration and knowledge management in organizations today. A secure hosted blog system like Myst Technology’s Blogsite is one solution that could work well.

If it has to be behind the firewall then installing WordPress, with all the latest plug ins like tagging, would be a good solution.

Add to | DiggThis | Yahoo! My Web

Technorati:

Sally is the author of Website Content Strategy blog: Information about the shifts in media consumption and the use of
technology in marketing and PR so business can stay in touch with
their rapidly moving audiences.

As is, its something that needs to be changed by the time the product goes gold.

Like any blanket security-bypass rule, these default settings are a bad idea, said Mark Curphey, vice president at vulnerability management specialist Foundstone, a part of McAfee.

“Any firewall, any security device should have a default deny,” Curphey said in an interview Tuesday. “Any door should always be closed.”

Note the company the “source” works for. Not to say he isn’t right, although my install of OneCare has no rules for the VM, as I don’t have one installed. Just that a reporter can find a better primary source than a VP at a competitor.

Nathan Weinberg writes the popular InsideGoogle blog, offering the latest news and insights about Google and search engines.

Visit the InsideGoogle blog.

It’s quite a jump from the CCNA to the CCSP (Cisco Certified Security Professional), and Cisco has made that leap more manageable by adding Specialist certifications. These certifications can give quite a boost to both your resume and your skill set, and act as a great “stepping stone” to the CCSP.

At present, Cisco offers four VPN/Security certifications, those being Cisco Firewall Specialist, Cisco IPS Specialist, Cisco VPN Specialist, and Cisco VPN/Security Sales Specialist. Since every WAN engineer has contact with Cisco firewalls on a regular basis, we’ll take a closer look at this popular certification first. (And those who want to be WAN engineers had better learn something about firewalls, too!)

At the writing of this article (October 21, 2005), Cisco is offering an option for each of the two exams you’ll need to pass to earn this certification. For the first exam, you can take either the 642-551 SND (Securing Cisco Network Devices) or 642-501 SECUR (Securing Cisco IOS Networks). The final day to register for the SECUR exam is December 19, 2005.

For either, you’ll need to be able to answer questions regarding the proper use of Cisco security devices; how to configure security on a Cisco switch and on a router, including syslog logging, AAA, ACLs, and security for router services and interfaces.

The choices for the second exam are the 642-522 SNPA (Securing Network with PIX and ASA) and 642-521 CSPFA. Topics for these exams include , IPSec, NAT, firewalls, AAA, and policy mapping. (As always, you should check for the latest exam blueprints at Cisco’s website. Click “Learning And Events” on the main page, www.cisco.com).

The only prerequisite for this certification is that you must hold a valid CCNA certification.

As always, getting some hands-on experience is the best way to prepare for your Cisco exams. (Your employer is going to get a little upset if you practice your configs on his or her PIX. It would be a good idea to have a good lawyer, too.) There are online rack rental services that include Cisco security devices in their pods.

Cisco certifications are a great way to help protect your career as well as your network. The more you know, and the more varied your skills, the more valuable you are to your present and future employers. Use your CCNA as a foundation, and keep building on your skills!

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage (www.thebryantadvantage.com), home of FREE CCNA and CCNP tutorials and daily exam questions, as well as The Ultimate CCNA and CCNP Study Packages.

For a FREE copy of his latest e-books, “How To Pass The CCNA” or “How To Pass The CCNP”, and for free daily exam question, visit the website and download your copies!

In this article, we’ll provide an overview of ALF technology, take a look at some ways in which it’s implemented in today’s security products, and help you understand the benefits – and the limitations – of this component of a fully functional multi-layer filtering solution.

What Layer(s) Are You Filtering?

In its most rudimentary form, a firewall is designed to keep specified types of traffic from passing from the external network (typically the Internet) to the internal network. This allows administrators to control what enters the local network and keep undesirable data out. In addition to filtering this inbound traffic, a firewall can also keep specified types of traffic from passing from the internal network to the external (outbound traffic), thus preventing internal users from sending various types of data, or sending data to particular destinations.

The traditional firewall uses packet filtering, which works at the network layer of the OSI networking model. Modern firewalls use an improved version called stateful packet filtering. This technology works at the network and transport layers. Thus such packet filters make it possible for you to allow or deny traffic based on source or destination IP address and other header information such as source and destination TCP and UDP port numbers, as well as the connection state. Dynamic packet filtering makes it possible to open and close ports on the firewall as needed, in comparison to static packet filtering, in which ports must be manually opened and closed.

Packet filtering lets you set several different criteria by which a data packet can be allowed or rejected:

Because different applications use “well known” ports for their communications, you can use packet filtering to block, for example, FTP communications (by blocking port 20) or Telnet (by blocking port 23) or SMTP (by blocking port 25).

Another level of filtering is done by circuit level gateways. Circuit filtering examines information exchanged during the TCP handshake to evaluate its legitimacy.

What you can’t do with packet filtering or circuit filtering is examine the actual contents of the data and block messages based on those contents. For that, you need to filter at the application layer. In other words, you need ALF.

What ALF Does

Application layer filtering goes beyond packet filtering and allows you to be much more granular in your control of what enters or exits the network. While packet filtering can be used to completely disallow a particular type of traffic (for example, FTP), it cannot “pick and choose” between different FTP messages and determine the legitimacy of a particular FTP message.

ALF, a more “intelligent” technology, can do just that. It can be used to look for abnormal information in the headers of a message and even within the data itself, and it can be set to look for specific character strings (words or phrases) within the message body and block messages based on that information. Thus, you can use ALF to prevent network attacks, or even to prevent internal users from sending particular sensitive information outside the network.

Advantages of ALF

Let’s look at how that plays out in practice. We’ll use spam prevention as an example. Your firewall can be a first line of defense against spam (in conjunction with a good server-based spam filtering program and/or client-side anti-spam utilities). With a traditional packet filtering firewall, you need to know the source addresses of all spammers, or block all messages using the e-mail protocol that the spammers use. Neither of these solutions is very practical.

With ALF, you can actually block messages at the firewall level according to keywords (character strings), making your firewall a much more powerful component in your spam control strategy. By performing the preliminary filtering at the firewall level, you can take some of the processing load off the server on which your primary spam filtering software is installed (the mail server or a separate server).

NOTE: When you use ALF to block keywords, be very judicious to avoid false positives (messages blocked as spam that are not really spam). You might wish to do most keyword filtering at the server or client level, where sophisticated anti-spam software will let you set up white lists of senders whose messages should always be allowed through even if they contain “spam” keywords. Keyword filtering at the firewall should be limited to those words/strings that never appear in legitimate messages.

What else can you do with ALF? Most importantly, by examining the content of data an application layer filtering firewall can prevent attacks that rely on the application layer protocols, including:

ALF can examine specific commands within the application layer protocols. For example, the HTTP:GET command could be blocked, while the HTTP:POST command is allowed.

Application layer filtering, used in conjunction with filtering at the lower layers, provides for the highest possible level of security.

Disadvantages of ALF

The primary disadvantage of application layer filtering is its effect on performance. Examining the contents of packets requires time and thus slows down processing. ALF requires more powerful hardware resources than a traditional packet filtering firewall.

Another undeniable disadvantage is administrative overhead. Because ALF adds complexity, there is a potential for misconfiguration leading to access problems. As with any security solution, if it is improperly implemented ALF can block communications that you never intended to block.

Where Do You Get ALF?

More and more firewall and VPN product vendors are incorporating ALF into their products. These integrated products are often referred to as stateful multilayer inspection firewalls. They include the major firewall solutions such as CheckPoint, Cisco and Microsoft’s Internet Security and Acceleration (ISA) Server. ISA Server, in particular, offers a reasonably priced full featured ALF solution for today’s businesses. For a detailed description of how ALF works in ISA Server 2000, see the ISA Server 2000 Application Layer Filtering Kit at http://www.isaserver.org/articles/spamalfkit.html.

*This article originally appeared at WindowSecurity.com.

DEBRA LITTLEJOHN SHINDER, MCSE, is a technology consultant, trainer and writer who has authored a number of books on computer operating systems, networking, and security. These include Scene of the Cybercrime: Computer Forensics Handbook, published by Syngress, and Computer Networking Essentials, published by Cisco Press. She is co-author, with her husband, Dr. Thomas Shinder, of Troubleshooting Windows 2000 TCP/IP, the best-selling Configuring ISA Server 2000, and ISA Server and Beyond. Deb is also a tech editor, developmental editor and contributor to over 15 books on subjects such as the Windows 2000 and Windows 2003 MCSE exams, CompTIA Security+ exam and TruSecures ICSA certification. She formerly edited the Brainbuzz A+ Hardware News and currently edits Sunbelt Softwares WinXP News, and is regularly published in TechRepublics TechProGuild and Windowsecurity.com. Deb currently specializes in security issues and Microsoft products and writes product documentation and marketing material for Microsoft. She lives and works in the Dallas-Ft Worth area and occasionally teaches computer networking and security courses at Eastfield College (Mesquite, TX). Her personal web site is at www.shinder.net.

WindowSecurity.com: WindowSecurity.com provides Windows security news,
articles, tutorials, software listings and reviews for information
security professionals covering topics such as firewalls, viruses,
intrusion detection and other security topics.

For many of us our computers are our business. We keep in contact with customers and clients via email, do extensive internet research, and transmit important files electronically.

We know what to do to protect our bodies from viruses. There are some simple strategies, and even free precautions we can take to protect our businesses by keeping our PCs virus free.

Adopting the following six checkpoints will help keep your computer healthy and your business uninterrupted.

Use a Firewall

At its most basic level a firewall is a software security system that acts as a barrier between your computer and the outside world (the internet) by monitoring all incoming network traffic. A more advanced firewall will also monitor outgoing traffic. How you use your computer will determine whether basic or advanced firewall protection is needed.

What a firewall does is make your computer invisible while on the Internet. If hackers can’t see you, they cannot attack you.

Windows XP has this software installed; however, it may need to be enabled. If you have XP and would like to enable the firewall, directions are on the Microsoft website.

For non XP users, firewall software can be purchased. McAfee and Zone Alarm are two very popular products. Zone Alarm has a free downloadable firewall, basic version, available on their website, www.zonealarm.com.

Before installing a firewall, you may be interested in learning your computer’s vulnerability. This is something that can be checked for free and in just a few minutes. Visit the website of Gibson Research Corporation, www.grc.com, and under Hot Spots, click on Shields UP. It takes a little bit of scrolling to get to but is well worth the extra seconds. In minutes your PC is scanned and its vulnerability rated.

Antivirus Software

Antivirus software is the “shot” after the epidemic. This software protects your computer from known threats. Many PCs come with antivirus software already installed. Some of the more popular versions are Norton, PCCillin and McAfee.

If you have it pre installed or have purchased it, great. Please be sure to keep it constantly updated with the latest virus definitions. This is important because these definitions are formed in response to the latest viruses. If you don’t have this protection, please consider getting it.

Once this software is installed on your computer, you will be automatically notified when new virus definitions are available. Then it is just a matter of a few clicks to download the new definitions.

Likewise you will be notified when your antivirus software is about to expire. The software needs to be updated annually. The initial purchase, renewal, updates and installation can all be done online.

Spyware Eliminator

Why am I getting all of these pop ups? Certain websites that you visit or free software (shareware) that you download, and, in some cases, hardware purchased from major manufacturers will also install tracking devices on your computer (spyware). Spyware is annoying but not illegal.

An internet search will reveal the many choices available for spyware elimination software. The important thing is to get one and use it consistently. Spybot and PestPatrol are popular choices.

I really like Spybot Search and Destroy. Besides the fact that it is free, once spyware is identified, the software will provide a detailed description of just what it is. This is helpful just in case it identifies something that you don’t want to get rid of.

Backup, Backup, Backup

How often do you backup? What files/programs do you backup? What media do you backup to?

We all know the importance of backing up our information yet so many of us don’t do it. There may be a ton of reasons why it’s not done but the one reason it should be done on a regular basis is that it can be a timesaver, possibly a business saver if your computer system is corrupted for any reason.

If you happen to be using Windows XP Professional, the backup procedure is quite simple. For users of XP Home Edition, it is a bit more involved. Complete instructions, however, are on the Microsoft website.

Typically, data files are what most people need to back up and having well organized files will certainly simplify the process.

Whether you backup to disk, zip disk, DVD, writeable CDs, external file drive or utilize one of the online services, it is important to get into the habit of backing up on a regular basis.

Weekly Updates of Windows

Windows users are automatically notified of current updates for the Windows operating system when your computer is turned on. With just a few clicks your operating system is updated.

However, when certain patches become available for your particular applications software (XP, 2000, NT, etc), as was/is the case with the recent worm viruses, a visit to Microsoft’s website is necessary.

Once there, Microsoft will scan your computer, tell you what updates are available, and you then have the option of installing them on your system. In some cases, you will need your installation CDs to complete the download.

With the recent run of viruses and with more expected, it is imperative to check for these updates weekly on the Microsoft website as well as do the automatic updates.

Be Careful of Email Attachments

Email is such a widely accepted method of communication, and this has not gone unnoticed by hackers who use email as a means of mass virus spread.

For this final checkpoint, your due diligence is the only software required.

Always delete any email from unknown senders and be very careful of any attachments you are not expecting from any known senders. As we have seen, hackers can quite easily access Outlook address books to spread viruses.

By the way, including a fake email address in your address book will not prevent your PC from spreading viruses. This is an urban legend. If you’re interested in the full story, check out this link: www.snopes.com/computer/virus/quickfix.htm

When it comes to the health of our computers, an ounce of prevention is worth a pound of cure. Effective prevention software along with plain old common sense, used consistently, can keep you protected.

*Previously published at ArticleCity.com

Roxie Hickman, Virtual Assistant (VA), is the owner of The Virtual Connection. The Virtual Connection (www.thevirtualconnection.net) specializes in working with the sucstressed (successful professionals who are stressed because theyve been doing it alone). The Virtual Connection provides offsite executive, administrative, and personal assistance (virtual assistance).
roxie@thevirtualconnection.net

A number of issues have to be addressed when we are responsible for designing and implementing or overseeing the installation of a firewall. Vendors offer different products for specific environments. Firewalls vary in their manageability, level of protection and features. And costs have to be adapted to the corporate financial situation.

On the other hand, from the technical point of view several evaluations have to be made. The amount of traffic that our network is exposed to might increase in a short-term period. If one server becomes unavailable, other servers must perform the firewall protection functions or our network will be exposed. Fault-tolerance, scalability and ease of administration are very important technical considerations. Finally, it is important to evaluate firewalls not only in terms of what they cost now, but the continuing costs such as technical support and version upgrades.

Microsoft ISA Server Firewall Design

Microsoft ISA Server can implement server “arrays”. An array is a computer running Microsoft ISA Server, that shares a collection of most recent web pages and requests made by internet clients (the cache). The ISA Server cache can be distributed and shared by multiple computers in arrays or chain of arrays. This helps internet clients obtain content from the ISA Server cache closest to them, and retrieve web pages faster.

Caching and hits requirements are very important technical considerations. ISA Server can be deployed as a caching server, which keeps a cache of frequently requested objects and pages accessed by clients. In this scenario, it is very important to consider the amount of internal web clients the server is going to support.

When planning for hits requirements, for example you might want to place an ISA Server computer between the corporate network and a Human Resources intranet application. The more hits that web application has, the more powerful hardware will be needed.

Memory is dependent of the size of the content you are caching. All content should fit in memory with additional 256 MB of room for server operations. For every additional 150 hits add an additional server according to the content being published.

Microsoft Internet Secuirity and Acceleration Server Features

ISA Server offers several security and firewall features. Access policies based on user information or IP addresses can be applied throughout the network. Unauthorized access or malicious content and web sites can be deployed centrally to prevent branch administrators to change the corporation firewall rules or information security policies. ISA Server includes several security options:

IP Packet Filters and Publishing Rules. Site and content publishing rules can be defined to control how and which internal clients access internet. Protocol rules and filters can be applied to manage inbound and outbound communication.

Application Specific Filters. Session information can be accessed to analyze specific application rules and filters. Application level protocols and packets can be examined to provide an extra layer of security. Virus checking filters are commonly used.

Intrusion Detection. This feature helps identify when and who is trying to attack your network. Alerts and actions can be configured to inform a security office in case of an attack.

VPN Support. ISA Server can be used to encapsulate private data over a public network. A VPN Server is often used to provide internal applications access over the internet, or to securely communicate with branch offices (Bank Scenario).

Sorry But…Extend The Schema

ISA Server modifies the Windows 2000 schema, if we want to set up an array chain. An extension to Active Directory must be installed in the ISA Server domain. Before performing this action, it is recommended to analyze how this might impact your network and directory services replication. You can also install ISA Server as a stand-alone server where all the configuration is saved to the registry.

In order to expand the schema of Active Directory, you must be an Administrator in the local computer. You must also be a member of the Enterprise Admins and Schema Admins group. This process copies the ISA Server schema information to Active Directory. And it is irreversible.

To import Microsoft ISA Server schema into Active Directory:

1. Click Start, and then Click Run. The Run… dialog box appears.

2. In the Run… dialog box, type driveISAi386msisaent. Where drive is the Microsoft ISA Server CD Drive.

3. You can run msisaent -q to expand the schema without having to click or answer any prompts.

Warning: This process is irreversible because Active Directory does not support deletion deletion of classes.

Using an array chain has several advantages. You can use “array policies” to create security rules to apply to a specific group of servers. “Enterprise Policies” go to higher level rules that can be applied to any array chain. In a bank scenario, this allows Security Officers to define corporate wide security policies and branch administrators to further restrict access (by not changing the corporate restrictions).

Selecting the Features

During the setup process, you can select between different modes: firewall, cache and integrated. Depending on the mode selected different features are available.

Selecting between different installation modes:

1. Click Start, and then Click Run. The Run… dialog box appears.

2. In the Run… dialog box, type driveISASetup.exe. Where drive is the Microsoft ISA Server CD Drive.

3. Follow the on-screen instructions and select the installation Mode.

ISA Server Services are always installed to perform firewall functions. You can also install different components including ISA Server Management and ISA Server Extensions. If you are going to use remote administration, you can install ISA Management tools to manage one or more arrays of servers. Terminal server can also be used to manage a remote stand alone server. ISA Server Extensions are default application filters provided by Microsoft. A Message Screener is provided to filter and secure e-mail communications and a H.323 Gatekeeper service protocol filter to manage audio-visual applications and allow conferencing applications.

Leonard Loro, MCSE, MCSD, ISS, MCT, CCNA, is a recognized e-Business specialist. His experience includes engaging, managing and implementing large consulting projects for government agencies and companies like Microsoft, Nissan as well as other Fortune 500′s. Leonard can be reached at Leonardo.loro@enresource.com.

You can’t afford to have a computer without any protection. Windows XP shipped with several advanced security tools to help users resolve these common problems. Internet security and protecting internet connections is critical. Fast connections and wireless access make users even more vulnerable. Nowadays, everyone has a wireless router in their home. If you want to protect your financial data and personal files, this article will help secure your desktop computer and share the security configuration with other computers.

The Home Office and IT Administration Nightmare

Home offices and small networks are becoming part everyone’s way of life. Even my grandmo a has Windows XP running connected to her DSL connection and a couple other computers for my cousins. These tools are a little hidden for the average user, that’s why it’s difficult for users to implement this. History shows that, if you get used to protecting your files it will pay off unless you want to wait until your credit card company calls you or all of a sudden your online banking account has been hacked.

There are two exceptional tools in Windows XP to protect your connections. Internet Connection Firewall (ICF) can protect your home and small office network with a simple click. This tool verifies all the communications from the outside world to your computer. It allows and denies communications based on your selection.

The Security Configuration Manager is a management tool used for creating and configuring security rules for your computer. It lets you review the your individual security settings, user rights to access the computer, perform a security anaylisi and save your security settings so that you can apply that to other computers.

Internet Connection Firewall

As its name explains, Internet Connection Firewall (ICF) creates an additional protection layer between the Internet and your computer. If you have a network, ICF is enabled on the Internet connection of the workstation that is connected directly to the Internet. All connections that originate from the Internet are stopped by this tool unless an explict instruction is given to allow the message to enter the network.

To Enable the Internet Connection Firewall:

1. Click Start, and then point to Settings.
2. Click Control Panel, and then double-click Network Connections.
3. Right click on the connection, and select Properties. Go to Advanced.
4. Select Protect my computer and network by limiting or preventing access to this computer from the Internet.

Don’t enable ICF if you are currently using a firewall or proxy server in your network, or if you are not connected directly to the internet. You might loose the ability to share files, receive e-mails and connect to other internal computers. Also, be careful if you are running a software that requires automatic updates or special connectivity requirements because ICF will stop that connection.

Security Configuration Manager

The Microsoft Security Configuration Manager is a set of tools that you can use to configure security for your Windows XP Professional workstation. It also allows your to create periodic security tests to ensure that your system security configuration hasn’t been changed. Computer security profiles are provided as a point of reference to define your security requirements. Users can configure the templates with the Security Configuration and Analysis snap-in.

All security profiles are stored in the systemrootSecurityTemplates directory.

The most powerful feature is that once you configure a security profile you can apply it to other computers in your network by just using the Secedit.exe command or by importing the template with the Security Configuration and Analysis snap-in.

To Import a Security Template:

Microsoft Windows XP provides tools that can automatically configure rules and prevent unauthorized access to individual computers. The Security Configuration Manager can save you a lot of time by copying security configurations between computers. To protect external connections, Internet Connection Firewall does a great job stoping connections from unwanted users. Use these tools and you will be safe with little effort.

*Originally published at 2000Trainers.com

Click here to sign up for FREE Tech. newsletters from iEntry!

Leonard Loro, MCSE, MCSD, ISS, MCT, CCNA, is a recognized e-Business specialist. His experience includes engaging, managing and implementing large consulting projects for government agencies and companies like Microsoft, Nissan as well as other Fortune 500′s. Leonard can be reached at Leonardo.loro@enresource.com.

A firewall is a device or system that separates and provides access control between two networks. The operations of firewalls are performed by access control policies or “rules”. It is important to understand what kind of access we want to allow or deny into our network, or a firewall will not really help. Usually security specialists managing the connectivity and administration of firewalls have a heavy responsibility.

On this article series we will review the concept of firewalls, gateways and routers. Specifically, we will explore the installation, migration and administration secrets of Microsoft Internet Security and Acceleration Server (ISA) to provide an easy and hands-on approach for firewall implementers and security managers.

Types of Firewalls

Firewalls vary in their security protection and defense approach. Generally, they run in dedicated hosts or hardware devices that are directly connected to different network segments. A connection to the firewall is established each time a client wants to send data to a server on the separated network.

The main technical distinction between firewalls is the mechanism that they use to pass traffic from one segment to another. Lower-level firewalls perform operations on the first layers of the OSI model (Open Systems Interconnect) which usually makes them faster, while Higher-level firewalls usually analyze more information about the connection, such as a client connection to a specific site.

There are two types of firewalls. Network Layer firewalls are commonly the traditional and simple routers. They make their decisions based on the source, destination addresses and ports in individual connections. These firewalls are not able to make decisions about what the connection contains and where it came from. Modern Network-layer firewalls now maintain internal information about the state of the connection and where it is coming from.

Application-level firewalls do not permit direct traffic between networks. They perform logging and auditing functions on each connection that passes through them. Proxy Servers are commonly used to perform logging and access control for applications between different networks. Application layer firewalls are also commonly used as network address translators. Applications use Application-level firewalls to mask the origin of their connection and transparently communicate with the separate network segment.

Internet Security and Acceleration (ISA) Server: A Corporate Firewall

Whether installed as a dedicated security component, or as an integrated firewall and caching server, ISA Server provides a multi-layered enterprise firewall that helps protect networks from hacker attacks. ISA Server provides several security technologies including: unified server management, packet filtering, intrusion detection and secure publishing. All these features built on top of Windows 2000, simplify network security management tasks and provide a complete and reliable firewall server.

Microsoft ISA Server Welcome Screen

In order to install and configure ISA Server you need a server with 300 megahertz (MHZ) or higher Pentium II-compatible CPU. For hard disk and memory requirements, you need 256 MB of RAM and 20 MB of hard disk space. One local hard disk partition with NTFS file system is also required. For the operating system, you must install Windows 2000 Server with Service Pack 1 or later, Windows 2000 Advanced or Datacenter Server. A network adapter is recommended for each network you are going to connect to. (For example, one for internet and one for your partner network and one for your internal corporate LAN)

To Check System Information with Device Manager:

1. Click Start, and then point to Settings.
2. Click Control Panel, and then double-click System.
3. Click the Hardware tab, and then click Device Manager.

What a Firewall Can’t Protect

ISA Server or any firewall can not protect network attacks that don’t go through the firewall. Many companies that connect to the Internet are very concerned about the insecurity of proprietary data leaking out through that route. Unfortunately the don’t realize that tape backups, disks and CD-Roms can just as effectively leak company information. Not to say, that they usually lack a policy about how dial-in and VPN connections should be protected.

To Backup and Update the Emergency Repair Disk (ERD) Before Installing ISA:

1. Click Start, and then Click Run. The Run… dialog box appears.
2. In the Run… dialog box, type ntbackup.
3. Select the Tools menu.
4. Select Create an Emergency Repair Disk.

A firewall can not protect you against stupidity. Users who reveal sensitive information over the telephone, or write their passwords on post-it notes are target for skilled and old-school hackers. An attacker may be able to break into your network by completely bypassing your firewall and all your security access control methods, if he can find the helpful employee inside who can provide him with access to the network.

Finally, a firewall must be a part of a consistent organizational security architecture. And that architecture has to be aligned to the organization’s business goals. Firewall policies must be realistic and reflect the level of security required by the organization. It is not the same to protect a top secret network with confidential data for a government institution, than to protect a web server for a commercial organization that holds a static site for internet presence purposes.

About This Section…

Whether you want to learn what network security is, how firewalls work, or how to script a program in C to manage Active Directory security, this section is designed to provide useful and easy to understand articles for all levels of Information Technology professionals. Rather than provide theoretical views and terms of security principles and systems, we will give you straightforward, real-life information to apply at work. Some of the topics that we will put in plain words in our section will be: How to Build a Firewall with Internet Security and Acceleration (ISA) Server, Analyzing and Monitoring Network Attacks with Windows 2000 and Using and Creating Advanced Windows 2000 Security Tools and Utilities with Simple Programs. As a final point, we will focus on providing the depth necessary to pass any Microsoft-related security exam.

This article originally appeared at 2000Trainers.com.

Leonard Loro, MCSE, MCSD, ISS, MCT, CCNA, is a recognized e-Business specialist. His experience includes engaging, managing and implementing large consulting projects for government agencies and companies like Microsoft, Nissan as well as other Fortune 500′s. Leonard can be reached at Leonardo.loro@enresource.com.