ISAserver.org - Monthly Article Update Hi ISAlist, New articles added to ISAserver.org last month: Title: Quick Fix: Block Installation of Bogus Toolbar from Fake Google Spam Author: Thomas Shinder Summary: A new spam mail purports to automatically download the Google toolbar for you. It even includes the Google logo. Unfortunately, the hapless user won't get the Google toolbar but instead gets a fetid piece of scumware. This article describes the exploit and points you to Jim Harrison's cool tool to stop the scumware from infecting your users' machines. Link: http://www.ISAserver.org/articles/2004fakegoogle.html Title: Using RADIUS Authentication with the ISA Firewall’s VPN Server (2004) Author: Thomas Shinder Summary: Like the ISA Server 2000 firewall, the ISA firewall (ISA Server 2004) supports RADIUS authentication for VPN clients. RADIUS authentication is most useful when the ISA firewall is not a member of the Internal network domain. Check out this article to find out how to make it all work. Link: http://www.ISAserver.org/articles/2004vpnradius.html Title: Publishing OWA Sites with a Unihomed ISA Firewall (2004) in Web Proxy Mode: Placing the Web Proxy ISA Firewall in a DMZ Segment Author: Thomas Shinder Summary: Are you forced to put the ISA firewall in a DMZ segment of your conventional stateful filtering firewall? Firewall politics getting you down? Don't worry! Even if they won't let you use the full firewall power of the ISA firewall, you can still squeeze out some significant stateful application layer inspection by using the unihomed ISA firewall in the "hardware" firewall's DMZ segment. This article has all the step by step info you need to get the job done. Link: http://www.ISAserver.org/articles/2004pixwebproxy.html Title: Configuring Multiple DMZs on the ISA Firewall (2004) - Part 2: Installing the ISA Firewall and Creating the DMZ Networks Author: Thomas Shinder Summary: In the first part of this series on DMZ networking with ISA firewalls (ISA 2004), we discussed the DMZ concept and the differences between a typical DMZ segment and a perimeter network segment. Included in the discussion was a description of a four NIC setup on the ISA firewall, where one NIC was attached to an external network, the second NIC was attached to the Internal network, the third NIC was attached to a DMZ segment and the fourth NIC was attached to a perimeter network segment. In this article we will look at the details of creating and configuring the DMZ and perimeter network segments. Link: http://www.ISAserver.org/articles/2004multdmzp2.html Title: Configuring Multiple DMZs on the ISA Firewall (2004) - Part 1: Example DMZ and Perimeter Network Configuration Author: Thomas Shinder Summary: The ISA 2004 firewall (ISA firewall) makes it easy to create multiple DMZ networks directly connected to the ISA firewall. In contrast to the ISA Server 2000 firewall, where you had a simple networking model of "internal versus external", the ISA firewall’s new multinetworking feature allows you to configure multiple network types, and create Access Rules and routing rules between those networks. The new ISA firewall’s networking capabilities put it on par with just about any other network firewall on the market today. There are many possible DMZ networking topologies you can create with the ISA firewall. One topology that has worked very well for us is shown in the figure below. The ISA firewall DMZ configuration includes two ISA firewalls and four security zones. Link: http://www.ISAserver.org/articles/2004multidmzp1.html Title: Publishing Terminal Servers with ISA Firewalls (2004) Author: Thomas Shinder Summary: Remote access via RDP (Terminal Services) connections is a popular pastime among ISA firewall administrators and users alike. In this article we tackle the task of publishing multiple RDP servers using a single IP address on the external interface of the ISA firewall. As a special promotion for today only, I've included a rant at the beginning of the article regarding the topic of HTTP tunneling. Please feel free to bypass the rant if you're only interested in publishing Terminal Services <g>. Link: http://www.ISAserver.org/articles/2004pubts.html Title: Establishing an IPSec site-to-site tunnel between an ISA 2004 Firewall and a D-Link DI-804HV IPSec VPN Router by Tiago de Aviz Author: Thomas Shinder Summary: Well, I worked this weekend with a D-Link DI-804HV VPN router to connect branch offices with an ISA firewall thru IPSec site-to-site tunnels. This D-Link router is a very cheap equipment to put on your remote locations, and very easy to configure as well. It can also function as a poor man’s firewall and it also allows inbound PPTP and L2TP/IPSec remote access VPN connections if you want to access your remote office from the comfort of your home! Check out this article for the step by steps on joining the ISA firewall to the DLink VPN router for a site to site VPN. Link: http://www.ISAserver.org/articles/2004isadlink.html Visit the Subscription Management (http://newsletter.isoftmarketing.com/) section to unsubscribe. ISAserver.org is in no way affiliated with Microsoft Corp. For sponsorship information, contact us at advertising@xxxxxxxxxxxxx Copyright © ISAserver.org 2004. All rights reserved.