Đang chuẩn bị liên kết để tải về tài liệu:
MCSE ISA Server 2000- P16

MCSE ISA Server 2000- P16: These books include a large amount and different kinds of information. The many different elements are designed to help you identify information by its purpose and importance to the exam and also to provide you with varied ways to learn the material. | Chapter 15 MONITORING NETWORK SECURITY AND USAGE 423 Introduction All your efforts to configure ISA Server to provide manageable and efficient Web access while preventing external access to your private network are meaningless if you don t understand how to monitor the security of your network and determine how it is really being used. Are you really blocking access What parts are open What are the potential sources of attack Is anyone attempting to breech your security Have they It s necessary to understand logging alerting and the tools that are available to assist you evaluating your security setup. There are two broad areas to cover Monitoring Security and Network Usage with Logging and Alerting Troubleshooting Problems with Security and Network Usage Monitoring Security and Network Usage with Logging and Alerting Monitor security and network usage by using logging and alerting. ISA logs and alerts can be used to monitor security and network usage. To do so you need to understand the information in them. Configuring intrusion detection is easy being sure you understand what you have done and how to use it is not. In order to understand the logs and how to use the intrusion detection facilities you need to learn about Configuring logs Configuring intrusion detection Configuring alerts Automating alert configuration Monitoring alert status 424 Part V MONITORING ANALYZING AND OPTIMIZING ISA SERVER FIGURE 15.1 Allowing allowed packets to be logged. Configuring Logs By default ISA Server logs information to three files in the ISALogs folder in the ISA Server installation folder. There are three logs IPPEXTDyyyykmmdd.log. Information on blocked by default and allowed if configured packets. To enable the logging of allowed packets check the Log Packets from Allow filters check box on the IP Packet Filters property page see Figure 15.1 . FWSEXTDyyyymmdd.log. Information on packets handled by the firewall service. WEBEXTDyyyymmdd.log. Information handled by the Web .