Solved

Setting up ISA server or Forefront for Home

Posted on 2011-02-16
11
292 Views
Last Modified: 2012-06-27
I noticed the other night on my Broadband Internet connection modem there was a lot of traffic.

No one was downloading or surfing. I have a Linux server on the network that displayed almost every second there were attacks from different usernames trying to get on my FTP server. i.e. Adam, Joe, John...from random IP's  (I only use my FTP server for me)
In speaking to someone they recommended ISA server... Can someone help me setup so its in front on my wireless router?
I have built a windows 2003 server with ISA installed...
If there is another solution please tell me...I have access to servers, desktops, and Enterprise Libraries.
0
Comment
Question by:camoIT
  • 7
  • 3
11 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
First of all I would suggest to change the password to something very complex.

Install ISA server, then create publish rule to publish th FTP site.

0
 
LVL 29

Expert Comment

by:pwindell
Comment Utility
ISA/TMG is not going to help anything with that.

They are not technically attacks,...they are login attempts.  Yes they may have negative intentions,...but from a technical perspective they are nothing more than login attempts.   Log in attempts are just going to keep trying to login because that is what login attempts do.  

When ISA/TMG Published an FTP Service it is nothing more than a typical Reverse-NAT.  So all it does is pass the connection back tot he FTP Server,...everything else from that point depends on the FTP Server which is no different than what you already are doing.

So you only protection is complex passwords,...nothing will change that.

If you are always connecting to the FTP Server yourself from the same IP# then you can restrict the connections to that particular source IP#,...but I seriously doubt you are always connecting to it yourself from the same IP.  If you are then ISA can do that,...but some can dozens of other cheaper solutions,...do you actually have $6000.00 to $10,000.00 to spend on a properly built ISA/TMG Server to protect a simple FTP Server?

What the heck is an Enterprise Library?
0
 
LVL 29

Expert Comment

by:pwindell
Comment Utility
I really wish this site had an Edit feature so we can go back and fix the typos!!!
0
 
LVL 2

Author Comment

by:camoIT
Comment Utility
I really wish that some of the more experienced people on here would take a second and realize that their High Horse responses only accomplish 2 things:
1. Less comments and Questions posted on this site.
2. Another person without a general understanding  and/ or still without answers.

First of all...A colleague of mine had ISA server installed at home which he claimed "Protected him very well from spamming and intrusion prevention. My experience is..I had an Nokia Checkpoint Firewall in place - but the license has now expired.  I am back to Linksys and DD-WRT FW.
Enterprise License where I am employed let me use the EA agreement to download ISA/ Forefront for personal use.

The conclusion is - I wanted to know how to install it (Not just for FTP) to have better protection at home...or if I should even bother.

0
 
LVL 29

Expert Comment

by:pwindell
Comment Utility
One very major protection for an FTP Server is to make sure the "FTP Site" location is on a dedicated Drive Partition.  Then if it gets hacked and they create a gazzillion folders with illegal names that you can't delete (this is the most common thing that happens) you can simply reformat the partition and restore the data back again.  I have fixed hacked FTP Servers that were properly prepared this way in less than 30 minutes before.

But if you screw up and put the FTP Sites in the same partition as the OS then you have to format and reload the entire server from scratch or do a "bare-metal" restore from a full backup.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 29

Expert Comment

by:pwindell
Comment Utility
I'm not on a High Horse.

But I have been working with ISA/TMG for 12 years.  I am not going to mislead you and am going to be completely honest with as I am with everyone else.  I am also forced to make assumptions about the situation based on what you asked,....and you  only asked about the FTP Server.

If you want to use ISA/TMG for its designed purpose of being a Corporate Enterprise Firewall, then it is a great product and will serve you well.  I consider it to be the best firewall and the most secure firewall on the market.  However it is also expensive,...and is designed to run on Server hardware that typically may cost somewhere around $6000.00 depending on exactly what you buy.  I don't like to see people over-buying for their needs and getting products that may be too big and require too much expertise to operate,...or worse yet simply does not do what they actually thought it would do when they bought it.
0
 
LVL 29

Expert Comment

by:pwindell
Comment Utility
Personally I think it is way too complex for home use.   Parts of it just don't even work without a regular Active Directory Domain deployed on a separate server.
0
 
LVL 2

Author Comment

by:camoIT
Comment Utility
I have a server that hosts many services called a QNAP www.qnap.com( I am running the 539pro)

This NAS/Server shows me log on attempts and online users.The FTP is only an example of the attempts made into the box.
In your last response - I would like to explain that with some acquisitions the company has made, I have been offered many different DELL Power Edge Servers, with many configurations.
My intentions were this: 2 year old server - Free along with necessary software - Free...

Could we make something happen a little bit better??

When I had the Checkpoint firewall in place - I used to watch over 10k attempts/ spam / garbage denied per day.

I know your stand point is "its truely overkill" but my concern is my QNAP which hosts all my content, photos, music, documents.....

Should I or shouldn't I
0
 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
Comment Utility
If you have those resources available to you then yes, you can do it.    But for the moment this is hanging so open ended as a question that I don't really know what I am answering.  All I can do is make a few (almost random) comments.

1. A lot of what "attacks" you seen with Checkpoint were false positives.  That will still be true to a great extent with ISA as well (and any other product).  Much of this is because it is actually impossible to accuartely identify an attack.  There are gazzillions of assumption made by IDS products when they view traffic.  It is also in the best interest of the company selling you the product the scare the crap out of you with the most "evil" sounding alert descriptions to either justify their product's purchase or to sell you even more products

2. You protect Services by not letting them be reached from the internet.  That is the cold truth,...it is also not very useful if the Services need to be accessed from the internet.  When you make a Serivice available from the internet you have effectively stopped protecting it.  The FTP Server and SMTP (mail servers) are a perfect example of that.  Now ISA will add some protection to a Web Server because it can Pre-Authenticate Users if the site requires authentication,...and ISA will also demand that the HTTP Packets be RFC Compliant and can also examine the HTTP content in the Data and in the URL.  But this are not done with things like FTP & SMTP.  Web Publishing runs through the Web Proxy Service and that is what adds the extra abilities,...but all the others are just traditonal Reverse-NAT processes.

3. SPAM.  ISA (by itself) will do next to nothing to filter SPAM.  SPAM Filtering must be handled by an independ SPAM filtering product or by whatever rudimentary features may exist in your Mail Server itself.

4. IDS.  The Anti-flood protection of ISA I believe is a good thing.  But many of the other types intrusion alerts I usually don't even pay any attention to.  Many are false positives by misinterpreting normal network traffic, and many more are misinterpretations of packet behavor due to bad network design of the LAN (many spoofing alerts for example).  This of course in not politically correct of me to say this is any MS employees read this (with me being an MS MVP), but that is my honest opinion on that subject.   A huge number of so-called hacking attempts hitting the public side of the ISA are just in vain and a wasted effort, without any chance of ever being effective,...they won't get through the ISA,...it just ain't gonna happen.

These things probably still arent' what youo are asking for,..so you will have to be more specific in what you are asking about,...but I an a Technician,...I'm not a Sales Person.
0
 
LVL 29

Expert Comment

by:pwindell
Comment Utility
Guys,...let's get an edit feature so we can fix typos in the posts.  Sometimes the typos are so bad I can barely understand what I was saying,..and I wrote it.  Trying to type posts in Word or something else with a grammar checker to clean it up is a lot of hassle.
0
 
LVL 2

Author Closing Comment

by:camoIT
Comment Utility
thanks for the help!
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Join & Write a Comment

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now