Setting up ISA server or Forefront for Home

I noticed the other night on my Broadband Internet connection modem there was a lot of traffic.

No one was downloading or surfing. I have a Linux server on the network that displayed almost every second there were attacks from different usernames trying to get on my FTP server. i.e. Adam, Joe, John...from random IP's  (I only use my FTP server for me)
In speaking to someone they recommended ISA server... Can someone help me setup so its in front on my wireless router?
I have built a windows 2003 server with ISA installed...
If there is another solution please tell me...I have access to servers, desktops, and Enterprise Libraries.
Who is Participating?
pwindellConnect With a Mentor Commented:
If you have those resources available to you then yes, you can do it.    But for the moment this is hanging so open ended as a question that I don't really know what I am answering.  All I can do is make a few (almost random) comments.

1. A lot of what "attacks" you seen with Checkpoint were false positives.  That will still be true to a great extent with ISA as well (and any other product).  Much of this is because it is actually impossible to accuartely identify an attack.  There are gazzillions of assumption made by IDS products when they view traffic.  It is also in the best interest of the company selling you the product the scare the crap out of you with the most "evil" sounding alert descriptions to either justify their product's purchase or to sell you even more products

2. You protect Services by not letting them be reached from the internet.  That is the cold truth, is also not very useful if the Services need to be accessed from the internet.  When you make a Serivice available from the internet you have effectively stopped protecting it.  The FTP Server and SMTP (mail servers) are a perfect example of that.  Now ISA will add some protection to a Web Server because it can Pre-Authenticate Users if the site requires authentication,...and ISA will also demand that the HTTP Packets be RFC Compliant and can also examine the HTTP content in the Data and in the URL.  But this are not done with things like FTP & SMTP.  Web Publishing runs through the Web Proxy Service and that is what adds the extra abilities,...but all the others are just traditonal Reverse-NAT processes.

3. SPAM.  ISA (by itself) will do next to nothing to filter SPAM.  SPAM Filtering must be handled by an independ SPAM filtering product or by whatever rudimentary features may exist in your Mail Server itself.

4. IDS.  The Anti-flood protection of ISA I believe is a good thing.  But many of the other types intrusion alerts I usually don't even pay any attention to.  Many are false positives by misinterpreting normal network traffic, and many more are misinterpretations of packet behavor due to bad network design of the LAN (many spoofing alerts for example).  This of course in not politically correct of me to say this is any MS employees read this (with me being an MS MVP), but that is my honest opinion on that subject.   A huge number of so-called hacking attempts hitting the public side of the ISA are just in vain and a wasted effort, without any chance of ever being effective,...they won't get through the ISA, just ain't gonna happen.

These things probably still arent' what youo are asking for, you will have to be more specific in what you are asking about,...but I an a Technician,...I'm not a Sales Person.
Suliman Abu KharroubIT Consultant Commented:
First of all I would suggest to change the password to something very complex.

Install ISA server, then create publish rule to publish th FTP site.

ISA/TMG is not going to help anything with that.

They are not technically attacks,...they are login attempts.  Yes they may have negative intentions,...but from a technical perspective they are nothing more than login attempts.   Log in attempts are just going to keep trying to login because that is what login attempts do.  

When ISA/TMG Published an FTP Service it is nothing more than a typical Reverse-NAT.  So all it does is pass the connection back tot he FTP Server,...everything else from that point depends on the FTP Server which is no different than what you already are doing.

So you only protection is complex passwords,...nothing will change that.

If you are always connecting to the FTP Server yourself from the same IP# then you can restrict the connections to that particular source IP#,...but I seriously doubt you are always connecting to it yourself from the same IP.  If you are then ISA can do that,...but some can dozens of other cheaper solutions, you actually have $6000.00 to $10,000.00 to spend on a properly built ISA/TMG Server to protect a simple FTP Server?

What the heck is an Enterprise Library?
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

I really wish this site had an Edit feature so we can go back and fix the typos!!!
camoITAuthor Commented:
I really wish that some of the more experienced people on here would take a second and realize that their High Horse responses only accomplish 2 things:
1. Less comments and Questions posted on this site.
2. Another person without a general understanding  and/ or still without answers.

First of all...A colleague of mine had ISA server installed at home which he claimed "Protected him very well from spamming and intrusion prevention. My experience is..I had an Nokia Checkpoint Firewall in place - but the license has now expired.  I am back to Linksys and DD-WRT FW.
Enterprise License where I am employed let me use the EA agreement to download ISA/ Forefront for personal use.

The conclusion is - I wanted to know how to install it (Not just for FTP) to have better protection at home...or if I should even bother.

One very major protection for an FTP Server is to make sure the "FTP Site" location is on a dedicated Drive Partition.  Then if it gets hacked and they create a gazzillion folders with illegal names that you can't delete (this is the most common thing that happens) you can simply reformat the partition and restore the data back again.  I have fixed hacked FTP Servers that were properly prepared this way in less than 30 minutes before.

But if you screw up and put the FTP Sites in the same partition as the OS then you have to format and reload the entire server from scratch or do a "bare-metal" restore from a full backup.
I'm not on a High Horse.

But I have been working with ISA/TMG for 12 years.  I am not going to mislead you and am going to be completely honest with as I am with everyone else.  I am also forced to make assumptions about the situation based on what you asked,....and you  only asked about the FTP Server.

If you want to use ISA/TMG for its designed purpose of being a Corporate Enterprise Firewall, then it is a great product and will serve you well.  I consider it to be the best firewall and the most secure firewall on the market.  However it is also expensive,...and is designed to run on Server hardware that typically may cost somewhere around $6000.00 depending on exactly what you buy.  I don't like to see people over-buying for their needs and getting products that may be too big and require too much expertise to operate,...or worse yet simply does not do what they actually thought it would do when they bought it.
Personally I think it is way too complex for home use.   Parts of it just don't even work without a regular Active Directory Domain deployed on a separate server.
camoITAuthor Commented:
I have a server that hosts many services called a QNAP I am running the 539pro)

This NAS/Server shows me log on attempts and online users.The FTP is only an example of the attempts made into the box.
In your last response - I would like to explain that with some acquisitions the company has made, I have been offered many different DELL Power Edge Servers, with many configurations.
My intentions were this: 2 year old server - Free along with necessary software - Free...

Could we make something happen a little bit better??

When I had the Checkpoint firewall in place - I used to watch over 10k attempts/ spam / garbage denied per day.

I know your stand point is "its truely overkill" but my concern is my QNAP which hosts all my content, photos, music, documents.....

Should I or shouldn't I
Guys,...let's get an edit feature so we can fix typos in the posts.  Sometimes the typos are so bad I can barely understand what I was saying,..and I wrote it.  Trying to type posts in Word or something else with a grammar checker to clean it up is a lot of hassle.
camoITAuthor Commented:
thanks for the help!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.