I’ve posted links to a good number of articles done by Yuri Diogenes. There’s a good reason for that. Yuri does a great job at giving the community the “inside information” about how the ISA firewall, and Windows networking in general, works under the hood. Yuri shares information in his blog (and in other venues) that you just can’t find anywhere else!
So, if you can get a chance to hear Yuri talk in person, you should take advantage of that opportunity. Well, here’s your chance! If you happen to be traveling to Brazil in October, you should make it a point to attend TechEd Brazil 2008. Yuri will be presenting two sessions. For more information, check out:
http://blogs.technet.com/yuridiogenes/archive/2008...8.aspx
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
As you might already know, Network Monitor 3.2 has been released and represents a major upgrade and improvement in Microsoft’s free network monitoring and packet sniffing tool. If you haven’t had a chance to check out the new Network Monitor, you can go to http://blogs.technet.com/netmon/archive/2008/09/17...d.aspx to get more information and links to download.
As good as NetMon 3.2 is, it can always be made better. That’s the goal of the new Network Monitor Wizard. Using the new Network Monitor Wizard, you can easily schedule captures that will start and stop based on specific parameters you set in the wizard. You can also control what protocols and what source and destination host communications are captured in the scheduled capture.
For more information about the new Network Monitor wizard, check out Yuri Diogenes’ blog at http://blogs.technet.com/yuridiogenes/archive/2008...d.aspx
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
The ISA 2006 firewall won the WindowSecurity.com Reader’s choice award for “software” firewall. I’ll abstain from going off on the issue of “hardware” versus “software” firewalls and just say GREAT! The ISA firewall beat some stiff competition to win this award. The ISA firewall beat down the Astaro Security Gateway, the Check Point VPN-1 UTM, Kerio WinRoute Firewall, BlueCoat WinProxy (which isn’t a firewall, so I’m not sure why it was included), and other impressive contestants.
This is a testament to the community’s understanding of the exceptional level of security that the ISA 2006 firewall provides, and an acknowledgement that the ISA 2006 firewall has no current or past security vulnerabilities. This is an amazing feat, and props go to the mad skills of the ISA firewall dev, test and support teams. Three cheers for the ISA firewall organization and their ceaseless efforts to make the ISA firewall the most secure firewall on the market today.
Read more about the ISA firewall’s win at http://www.windowsecurity.com/news/WindowSecurity-...8.html
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
Info Security magazine is one of my favorite security magazines. They always have a collection of great articles and cover areas that include Microsoft and other technologies. So, it’s great to see that the Microsoft Firewall solution, ISA 2006, received a “Global Excellence in Firewall Solutions” award from Info Security Magazine. Something to keep in mind when the “hardware” firewall guys start their well-worn drone on “but it’s a ’software’ firewall. 
Check out http://www.microsoft.com/forefront/prodinfo/awards...t.mspx for more details.
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
While the ISA firewall is quite secure right out of the box, there are plenty of things you can do to make it less secure. What you need to know, before you break the default high security of the ISA firewall is to know security best practices when dealing with the firewall. That way, you won’t create rules or run software on the firewall that could lower the exceptional level of security the ISA firewall provides.
The best way to get up to speed on what you need to know to keep your ISA firewall secure is to read the ISA 2006 Security Guide. You can find it at http://technet.microsoft.com/en-us/library/bb794718.aspx
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
“On managed environments, one of the main goals is to keep the computer secure from threats. The security usually imposes barriers between what is considered trusted, untrusted, and limited traffic. The untrusted traffic usually is incoming requests from the Internet that are filtered by the firewall where the limited traffic usually comes from a place called perimeter network (also known as DMZ, demilitarized zone, and screened subnet).
Computers located on the perimeter network should not be considered unmanaged because of the fact that they are not joined to the internal domain. Those computers need special attention and same or higher level of care then the internal ones. One important point when we are addressing security on those computers is the installation and maintenance of the antivirus software.
The goal of this article is to explain some of the most common scenarios for deployment of Microsoft Forefront Client Security (FCS) on computers that are located on a perimeter network and are not joined to the production domain, also called the internal domain.”
Check out http://technet.microsoft.com/en-us/library/cc752954.aspx for the rest of the article and the details.
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
“The Terminal Server Session Broker Load Balancing feature allows to evenly distribute the session load between servers in a load-balanced terminal server farm. With TS Session Broker Load Balancing, new user sessions are redirected to the terminal server with the fewest sessions”
For complete details on how to publish the TSG Session Broker from behind an IAG 2007 VPN server, check out http://209.34.241.68/edgeaccessblog/archive/2008/0...7.aspx
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
Yes! You should installed ISA 2006 SP1 on your IAG 2007 SSL VPN gateways.
Check out this post by Dan Watson from Microsoft for the details.
http://blogs.technet.com/edgeaccessblog/archive/20...t.aspx
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
The next version of the ISA firewall has been officially released! That’s right. The King is Dead, Long Live the King! There will be no more ISA firewalls in your future, but don’t fear. A new and more powerful ally will come to your side to protect your networks better than ever before. That new firewall is the Forefront Threat Management Gateway (Forefront TMG).
The first version of the Forefront TMG to hit the streets is in fact not a standalone product, but an a key component of the integrated Essential Business Server suite of products. This version of the Forefront TMG firewall is called Forefront Threat Management Gateway, Medium Business Edition (Forefront TMG MBE). The Medium Business Edition of the Forefront TMG firewall is configured for you by the sophisticated installation wizard included with EBS. When installation is complete, the Forefront TMG firewall has all the Publishing and Access Rules in place to secure your EBS network right out of the box.
Forefront TMG, Medium Business Edition adds to the security provided by the old ISA firewall by adding UTM capabilities. There is now an integrated Web anti-malware scanner, so that you no longer need a third party product to block malware. There are a couple of other new features that you’ll be interested in, and I’ll cover those in future articles on the Forefront TMG MBE here on the ISAserver.org.
Let’s welcome the release of the new Forefront TMG! For more information check out David Cross’s announcement at https://blogs.technet.com/isablog/archive/2008/09/...n.aspx
Check out a useful demo of the new EBS product suite at http://www.microsoft.com/ebs/en/us/demos.aspx
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
An oldie but goodie. If you have been wondering how to intelligently scope out the hardware for your firewall arrays, here’s the place to go:
http://www.microsoft.com/isaserver/capacityplanner.swf
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
