| | |  | Computer Security | Home » » Dr. Tom Shinder's Configuring ISA Server 2004 | | | | | | | Product Promotions: | | | | | Description: | | Dr. Tom and Debra Shinder have become synonymous with Microsoft's flagship firewall product ISA Server, as a result of Tom's prominent role as a member of the beta development team, and Tom and Deb's featured placement on both Microsoft's ISA Server Web site and ISAserver.org. Tom and Deb's book on the first release of the product "Configuring ISA Server 2000" dominated the ISA Server 2000 book market having sold over 40,000 copies worldwide, and the ISA Server community is eagerly awaiting Tom and Deb's book on ISA Server 2004, which is the dramatically upgraded new release from Microsoft.
Dr. Tom and Debra Shinder have become synonymous with Microsoft's flagship firewall product ISA Server, as a result of Tom's prominent role as a member of the beta development team, and Tom and Deb's featured placement on both Microsoft's ISA Server Web site and ISAserver.org. Tom and Deb's book on the first release of the product "Configuring ISA Server 2000" dominated the ISA Server 2000 book market having sold over 40,000 copies worldwide, and the ISA Server community is eagerly awaiting Tom and Deb's book on ISA Server 2004, which is the dramatically upgraded new release from Microsoft. This book will be featured prominently on the ISAserver.org home page as well as referenced on Microsoft TechNet and ISA Server Web pages. Tom and Deb's unparalleled technical expertise combined with prime on-line marketing opportunities will make this the #1 book again in the ISA Server market.
* This book will provide readers with unparalleled information on installing, confiuguring, and troubleshooting ISA Server 2004 by teaching readers to: * Deploy ISA Server 2004 in small businesses and large organizations.
* Learn how to configure complex DMZ configurations using ISA Server 2004's new network awareness features and built-in multinetworking capabilities.
* Learn how to take advantage of ISA Server 2004's new VPN capabilities! | | | Product Details: | | | Author:
| Thomas W. Shinder | | Paperback:
| 1024 pages | | Publisher:
| Syngress | | Publication Date:
| August 01, 2004 | | Language:
| English | | ISBN:
| 1931836191 | | Product Length:
| 9.0 inches | | Product Width:
| 7.0 inches | | Product Height:
| 2.3 inches | | Product Weight:
| 4.15 pounds | | Package Length:
| 9.06 inches | | Package Width:
| 7.01 inches | | Package Height:
| 2.05 inches | | Package Weight:
| 3.22 pounds | | Average Customer Rating:
|  based on 20 reviews |
| | | | Customer Reviews: | |
Average Customer Review:
 ( 20 customer reviews )
Write an online review and share your thoughts with other customers.
Most Helpful Customer Reviews
55 of 58 found the following review helpful:
 ISA 2004 maximized.Feb 06, 2005
By Steven L. Umbach
ISA 2004 is Microsoft's latest and greatest entry into the firewall market and make no mistake as that is what it is - a high performance, sophisticated, deep application filtering, enterprise class, but easy to configure firewall with the ability to be a VPN server, produce boatloads of reports and logging, and integrate with Active Directory for user authentication, even if not a domain member, via IAS/radius and also cache web content - whew! It is a very significant upgrade from ISA 2004 and in my opinion much easier to configure. The author and his community groups were very involved in helping Microsoft to develop ISA 2004 with real world user feedback and wants.
From reading the book Tom Shinder is obviously very enthusiastic about ISA 2004. This is not a book with a bunch of copy and pastes from the help files and Microsoft white papers. The authors are very familiar with ISA 2004 and network security and how to implement it in a number of different scenarios. There are many of the author's tricks and traps in configuration that can save you a lot of time setting up your ISA server. Each chapter ends with a summary "Solutions Fast Track" that are multi sentence main points of the chapter content followed by some helpful FAQ. Throughout the book are many references to Microsoft relevant articles and links to the author's website that is a great resource for any version of ISA. The focus of the book is not just on ISA 2004 but also the required network and client configuration to get everything working in harmony.
The book is well organized and you do not have to read the whole book to learn how to implement ISA 2004. There is a whole chapter just on features including comparison to ISA 2000 and another on comparing ISA 2004 to other enterprise firewalls such as CheckPoint, Cisco, and Netscreen to help you determine if ISA is right for you. The myth that a real firewall can not have a hard drive and only be configured by highly paid firewall consultants via the command line is debunked. Chapter 4 shows you how to configure and optimize your network for firewall protection. Gone is the LAT and now each network adapter can be configured separate from each other [including access rules between them] and allows the use of a DMZ. Proper dns configuration is frequently explained, including "split dns" as propers dns name resolution is crucial for a network to funtion and is often misunderstood. Chapter 5 goes into detail on the firewall clients - secure NAT, Firewall Client, and web proxy and how to determine which are best for you and how to implement and configure them in an automated fashion using Group Policy, DHCP, or DNS. Secure NAT is simply using the ISA server as the default gateway for the client which allows it to be used by any operating system. Web proxy and Firewall Client can be used to require user authentication in an access rule! Of course other chapters cover firewall rules [access rules], web and server publishing, installation, dns configuration including "split dns", configuring caching, VPN, using built in templates, how to implement ssl, backing up and restoring configuration, intrusion detection, running reports, configuring/viewing logs, IAS/radius integration, and more.
The chapter on VPN covers all the features including how to set up site to site VPN's using pptp, l2tp, or ipsec tunnel mode [for compatibility with third party devices]. ISA 2004 has the ability to create access rules to restrict what content the VPN users can access on the lan or internet and integrate with IAS/radius for user authentication. How to request and install certificates is shown for use with l2tp, ipsec, and web servers. The book is loaded with explicit step by step instructions such as for certificates so as not to leave the user scratching their head or trying to figure out exactly how to implement specific tasks. These step by step instructions will be of great help for the more novice ISA 2004 user. Publishing a web server and configuring it for ssl was covered in great detail for the various methods. Apparently this has been a problem point for ISA admins in the past [particualry proper certificate selection and installation] and the authors wanted to make sure users got it right.
Chapter 10 on stateful inspection and application layer filtering is of note. ISA 2004 has some very powerful abilities in this regard. They are not difficult for the most part to configure which the authors covered well but in addition they listed tables of specific recommendations of lists for particular HTTP security filters. For instance you can have an access rule and configure HTTP filtering for extensions to prevent users from downloading executeable content including .zip files. I tried to block .mp3 downloads via HTTP and it worked well for that also. Various methods were shown how to prevent users from using progamas like Kazaa and P2P applications with the various categories in HTTP filtering including headers and signatures. The same HTTP filtering can also be used when you publish a web server behind ISA 2004 for advanced protection from the internet. Numerous examples of using the built in netmon to capture network traffic to help show you how to spot entries to add to HTTP filters were given.
The logging and reports available with ISA 2004 give a great deal on information on what is going on with firewall access, intrusion detection, and user statistics. Chapter 12 shows you how to use the built in reports, create custom ones, and filter connected users and log views. It is easy to pull reports showing top websites visited, top web users, top protocols used, and top bandwidth users for instance. Most admins would find these reports very useful. It is easy to view currently connected users, including VPN, and what client they are using.
ISA 2004 is an impressive product that is relatively easy to use. Much more so than ISA 2000 in my opinion which helps lower it's TCO. Most users will be able to get up and running in no time at all and then be able to investigate the more advanced features which are numerous. Tom and Deb Shinder's book Configuring ISA Server 2004 will be of great help to anyone who wants to get the most out of ISA 2004 and explore all it's possibilities and implement them on their network for maximum network protection.
10 of 11 found the following review helpful:
None better; many tryJul 08, 2005
By J. Harrison
"JimmyJoeBob Alooba"
Dr. Shinder's ISA 2004 book is quite literally *the bible* for ISA Server planning, installation, configuration, management and troubleshooting. Literally no where else is there the amount and variety of steps, tips, tricks and external references available to the reader.
The book begins with a tour of comparative data for nearly every other firewall / proxy on th market at press time - I triple-dog-dare any other book to attempt this; much less get it right.
In simple terms - get this book.
8 of 9 found the following review helpful:
DMZ, SIMPLICITY, BACK TO BACK, TRI-HOMEDJul 08, 2005
By cismic
"josephk"
I've have bought both ISA 2000 and ISA 2004 because I felt that Dr. Tom Shinder's books are a cut above the rest. I participate in ISA newsgroups, isaserver.org and isatools.org. While participating in those groups Thomas always gives advice freely in addition to the topics that the books have covered. Security, Firewalls and technology is dynamic in nature and the updates that Thomas provides for pre-review help keep me on my toes when it comes to ISA Server and firewall security in general. There are many possible types of configurations when utilizing ISA Server firewalls. ISA 2004 provides nice wizards to work with DMZ's, Perimeter, Internal and multiple subnets. But, I feel that you need to start with a fresh installation and not select a network type the first time through so you can see how all the network and access rules work together. Once you understand that use the wizards to your hearts content.
I prefer a back to back network with ISA boxes on both sides of the HONEYPOT DMZ, my internal ISA has 4 NICS. By using the books, visiting the news groups, and active participation with fellow ISA(ers), I've been very successful at working on my networks and clients networks.
Just because you think you know how to ride a bike doesn't mean you should not ask questions when starting down a new path. Or for safety's sake ware a helmet like the President. If you ask questions, buy the books and participate with ISA news groups setting up a tri-homed DMZ with public or private address is a breeze.
My advice is to start active participation with isaserver.org, isatools.org and join the lists.
If you don't have the book: BUY IT! Ok Thomas, (here's my free book plug to you!)
I have to say that my favorite chapter is 12 because I like to see the results of all my learned tweaks and settings! Monitoring, Logging and Reporting tools! Yeah baby!
7 of 8 found the following review helpful:
Rich, deep, and wonderfully practicalAug 08, 2005
By Bud Ratliff
I've been working with ISA Server for several years now, and Dr. Tom and Deb Shinder provide some of the clearest, most useful, and rich guidance in how to use this product.
Both Tom and Deb are steeped in ISA Server lore, and provide not just step-by-step instructions on how to use the product (though there is plenty of that), but also practical instructions that come from having used the product in many different situations, and from having helped many people from many different industries successfully implement ISA to meet their security needs.
The only suggestion I would make is that Syngress publish a second edition that includes information on ISA Server Enterprise Edition, which wasn't in production at the time this book was released. The ISA Community needs more from this fine pair of writers.
Simply put, if you plan to use ISA Server in your environment, you can't afford NOT to buy this book. As an ISA Server administrator, it's rare that I don't use it when I need to learn something new or refresh my memory on an existing process. I highly recommend this book!
6 of 7 found the following review helpful:
Too Much, Too Soon?May 22, 2006
By David Gurgel
Since the early ISA Server 2000 days, author Tom Shinder has been the undisputed king of the ISA Server world. (Small world, isn't it.) His great expertise is complimented by a nice professional writing style that can be understood by any serious system administrator. If ISA is a big part of your responsibilities, you will want to have this book.
However, if you just want to get ISA Server 2004 up and running for the first time, this 1,024-page book is too much. If you are sitting there with the CD in hand and want to be up and running in three or four hours, be aware that the first 300 pages are devoted to a discussion of new features and a lengthy defense and comparison of ISA to the lower-end firewall appliances (non-PC hardware with firmware). This was very interesting reading for me (with four years managing ISA on a small network with ten servers and twenty workstations), but it may be too much too soon if firewalls are not high on your list of interesting things.
I searched hard for other ISA books and bought "ISA Server Unleashed" as well. "Unleashed" is 552 pages and quickly gets to installation and then configuration, exactly what you may want to get up and running quickly. In addition to "Unleashed," there seem to be just two other books that may serve for installation guides. The first is Shinder's "How to Cheat at Installing ISA Server 2004" (according to another reviewer, a "just the facts" version of the larger book reviewed here). Lastly, there is the "Administrator's Pocket Consultant." (I have read only reviews for the "Cheat" and "Consultant" books.)
Don't misunderstand, Shinder covers just about everything before he is done; and if you want your ISA expert's badge, you need to have this big book. I'll use "Unleashed" during installation and use Shinder's book for guidance on best practices.
If your finances suggest just one book, do this big Shinder book if you have prior ISA experience. Otherwise check out the small number of other offerings. And don't forget to search for ISA Server and Shinder on the web. You'll find a website with many long articles by Shinder.
By the way, I share Shinder's view that ISA is a great product. My ISA 200 installation has run robustly for four years; but I was looking to offload to ISA some of the spam filtering burden that now rests on an Exchange Server plus GFI installation and decided to move up to the latest ISA version at the same time.
See all 20 customer reviews on Amazon.com
| | |
|
