RE: "OT: Quick book" Specially for Tom & Kenney
- From: brajeshranjan panda <brpanda23@xxxxxxxxx>
- To: "\[ISAserver.org Discussion List\]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 14 Apr 2004 09:14:38 -0700 (PDT)
Yeah Kenny for every person live example's are too usuful. Have u any live
experience on attack on any network and how the IDS work for that internally
and what can we do to enhence our production.....it may be a real time
inteligence work !! but if there are any type of story on this topics from u
guys like Tomm, Jimm, Greg. U and from the community it may be too helpful to
others.
I am realy wondering the working str. of Ms ISA and its IDS in different layers.
Kenny Mann <Kennymann@xxxxxxxxxxx> wrote:
http://www.ISAserver.org
Here is the URL to the forum:
http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=2;t=012688
About info on an IDS system, I didn't even think to add that, sounds like a
great idea.
Hmm, what in a case study, do you think would be helpful?
Kenny Mann
-----Original Message-----
From: Brajesh Ranjan Panda [mailto:brajesh@xxxxxxxxxxxxxxxxx]
Sent: Wednesday, April 14, 2004 9:37 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OT: Quick book
http://www.ISAserver.org
Hi Kenny, Tomm n Jim,
Can u publish some documents or give some links on IPChain/IPTables and MS
ISA's structure and working style of their respective IDS (Intrusion detection
system) ??
How can we improve the performance of their IDS system ??
Is their any case study with u all about IDS anlysis and reporting ??? Pls give
ref.
Thanks and Regards
Brajesh Ranjan Panda
----- Original Message -----
From: Thomas W Shinder
To: [ISAserver.org Discussion List]
Sent: Tuesday, April 13, 2004 9:21 PM
Subject: [isalist] RE: OT: Quick book
http://www.ISAserver.org
Hi Kenny,
I'd be happy to publish your Quick Book on ISAserver.org when you're done and
even help you with the editing prior to publishing it.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA 2004 Beta - Get it now!
http://www.microsoft.com/isaserver/beta/default.asp
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Kenny Mann [mailto:Kennymann@xxxxxxxxxxx]
Sent: Tuesday, April 13, 2004 10:45 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] OT: Quick book
http://www.ISAserver.org
Here is something I've written just becuase I'm tired of having to basically
say the same thing over and over... so instead of complaining I've decided to
do something about it and give people direction... (plus it's easier to give a
URL than type this whole thing up). This is only something I've written and a
couple more sections to come. I thought I would get yall's opinoin about it.
I've decided I don't want to write something huge or else people go cross eyed,
and some people just want to know what they are getting into before they jump
in.
Things I plan on having:
1. Firewalls * Only one done so far *
2. Mail Server *Plan on writting during lunch today; Will include Exchange
Server, AV, SendMail, Exim, POP/IMAP/Exchange concepts, will tie in with
firewall*
3. Web Server *Tonight; IIS, Apache, PHP/ASP+MySQL combo's, will tie in with
firewall*
4. Hosting your own domain (ties in with all of the above a little, but gives
the basic concept of the internet)
5. Some basic examples (going to include a full setup for Windows, Linux, and
OpenBSD -- and also give a basic checklist of what people will want to look for)
Anyone think I forgot something critical for the first little section?
//=========================================
Ok.. I've seen the question over and over on many mailing list asking "How do I
run my own firewall/email server/website/<insert service here>?". This little
article is here to give a very brief explanation of what is what and to give
you a general direction to take. If anyone has any questions, comments, flames,
or concerns feel free to email me at <insert public address here>
The goal of this little bit is so anyone can read it, and get a general clue.
If you don't understand a word, google it. That's how you learn in this field.
1. Firewalls
Firewalls are the first line of defense (of hopefully many) you have against
hackers. When I refer to hackers, I mean someone trying to do something to your
data that they shouldn't be. This could be someone in the internet or someone
in your own building. When a program needs to talk to another computer, it uses
"ports" to communicate. There are many ports commonly used to communicate. A
mail server usually has port 25 open, a web server usually has port 80 open,
IMAP and POP3 (these two services are common methods of getting your email and
putting it on your desktop) run on port 143 and 110. As an administrator, your
job is to choose what people can and can not do. The most suggestive method is
to deny everything, and allow only what you need. What this means, is lets
assume you only want your people to only be able to surf the internet. You
would only allow port 80 (there is another port for secure HTTP protocol, but
right now we are just going basic). This means that there
browser, Internet Explorer usually, but anything else will not such as FTP, or
email. This method is preferred becuase a user could install something on there
machine and that machine could try to send data to someone outside of your
network, assuming your firewall is setup to block everything excepyt certain
ports, this would hopefully stop that machine from going outside and if you
logging level is turn high enough, you will get reports of someone trying to do
something they weren't supposed to. IPTables, Microsoft ISA Server, and
ZoneAlarm are three different firewalls with the same goal. IPTables is used in
Linux, MS ISA Server and ZoneAlarm are used on Windows. ZoneAlarm is good to
use for personal use but not for business use becuase it rely's on the user to
answer the questions. I, personally, suggest using Microsoft ISA Server or one
of the Linux firewalls (IPChains, IPTables, etc) becuase of how stout they are.
If you are cheap, then go the Linux solution, if you have money
to spare (or have to use Windows) then I suggest MS ISA Server. MS ISA server
is signifigantly easier to setup than the Linux solutions, or at least that has
been my experiance. If you plan on hosting your own email, website, or anything
connected to the internet, I would always have a firewall on that computer.
It's commonly suggested to have a firewall directly connected to the internet
and have another computer behind that firewall which hosts your services, with
the logic that if something happens to your firewall the computer behind it is
OK or at least has a greater chance of being OK.
---------
Kenny Mann
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
brajesh@xxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
kennymann@xxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
brpanda23@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
---------------------------------
Do you Yahoo!?
Yahoo! Tax Center - File online by April 15th
Other related posts:
