Configuration and Evaluation of Some Microsoft and Linux Proxy Servers, Security, Intrusion Detection, AntiVirus and AntiSpam Tools

Overview:

The book consists from three parts:

Part A: Configuration of Microsoft ISA Proxy Server and Linux Squid Proxy Server

Part B: Evaluation of Some Windows and Linux Intrusion Detection Tools

Part C: Quick Configuration of Postfix Mail Server to Support Anti Spam and Anti Virus Using Two Methods

I. Part A: Configuration of Microsoft ISA Proxy Server and Linux Squid Proxy Server.

Part A concerns about basic Microsoft ISA server and Linux Squid Server configuration  As a lot of  technicians switch between ISA server and Squid server, I decided to write this paper to present some reference when configuring ISA and Squid. There a lot of issues that not covered, and you can go to the manual of ISA server and Squid server for detailed configuration of ISA and Squid. The paper is composed from two parts

Microsoft ISA server 2004 Configuration

Linux Squid Server Configuration

II. Part B: Evaluation of Some Windows and Linux Intrusion Detection Tools

Part B evaluates some the security tools. Top security tools can be found in http://sectools.org/. Most important vulnerabilities in Windows and Linux can be found in www.sans.org/top20/. The paper covers the installation and configuration of the following security tools:

III. Part C: Quick Configuration of Postfix Mail Server to Support Anti Spam and Anti Virus Using Two Methods

In Part C, I configured the Postfix mail server that support the Anti-Spam and Anti-Virus, using two methods, for sake of evaluation and realizing which method can be considered to be the best,

Part A: Configuration of Microsoft ISA Proxy Server and Linux Squid Proxy Server

By

Dr. Hidaia Mahmood Alassouli

[email protected]

A.1. Introduction to Part A: Configuration of Microsoft ISA Proxy Server and Linux Squid Proxy Server

This part concerns about basic Microsoft ISA server and Linux Squid Server configuration  As a lot of  technicians switch between ISA server and Squid server, I decided to write this paper to present some reference when configuring ISA and Squid. There a lot of issues that not covered, and you can go to the manual of ISA server and Squid server for detailed configuration of ISA and Squid. The paper is composed from two parts

Microsoft ISA server 2004 Configuration

Linux Squid Server Configuration

Note that, this work was done without proper simulation, because of the lack of resources, as testing firewall configuration requires many computers, with one of them should have many network cards. Also the ISA server is not used in the computer center now.

A.2. Microsoft ISA Server 2004

A.2.1. Main operation:

All of the network rules and access rules make up the firewall policy. The firewall policy is applied in the following way:

1. A user using a client computer sends a request for a resource located on the Internet.

2. If the request comes from a Firewall Client computer, the user is transparently authenticated using Kerberos or NTLM if domain authentication is configured. If the user cannot be transparently authenticated, ISA Server requests the user credentials. If the user request comes from a Web proxy client, and the access rule requires authentication, ISA Server requests the user credentials. If the user request comes from a SecureNAT client, the user is not authenticated, but all other network and access rules are still applied.

3. ISA Server checks the network rules to verify that the two networks are connected. If no network relationship is defined between the two networks,

the request is refused.

4. If the network rules define a connection between the source and destination networks, ISA Server processes the access rules. The rules are applied in order of priority as listed in the ISA Server Management interface. If an allow rule allows the request, then the request is forwarded without checking any additional access rules. If no access rule allows the request, the final default access rule is applied, which denies all access.

5. If the request is allowed by an access rule, ISA Server checks the network rules again to determine how the networks are connected. ISA Server checks the Web chaining rules (if a Web proxy client requested the object) or the firewall chaining configuration (if a