Setting up ISA server or Forefront for Home

Posted on 2011-02-16
Last Modified: 2012-06-27
I noticed the other night on my Broadband Internet connection modem there was a lot of traffic.

No one was downloading or surfing. I have a Linux server on the network that displayed almost every second there were attacks from different usernames trying to get on my FTP server. i.e. Adam, Joe, John...from random IP's  (I only use my FTP server for me)
In speaking to someone they recommended ISA server... Can someone help me setup so its in front on my wireless router?
I have built a windows 2003 server with ISA installed...
If there is another solution please tell me...I have access to servers, desktops, and Enterprise Libraries.
Question by:camoIT
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 34911510
First of all I would suggest to change the password to something very complex.

Install ISA server, then create publish rule to publish th FTP site.

LVL 29

Expert Comment

ID: 34916750
ISA/TMG is not going to help anything with that.

They are not technically attacks,...they are login attempts.  Yes they may have negative intentions,...but from a technical perspective they are nothing more than login attempts.   Log in attempts are just going to keep trying to login because that is what login attempts do.  

When ISA/TMG Published an FTP Service it is nothing more than a typical Reverse-NAT.  So all it does is pass the connection back tot he FTP Server,...everything else from that point depends on the FTP Server which is no different than what you already are doing.

So you only protection is complex passwords,...nothing will change that.

If you are always connecting to the FTP Server yourself from the same IP# then you can restrict the connections to that particular source IP#,...but I seriously doubt you are always connecting to it yourself from the same IP.  If you are then ISA can do that,...but some can dozens of other cheaper solutions, you actually have $6000.00 to $10,000.00 to spend on a properly built ISA/TMG Server to protect a simple FTP Server?

What the heck is an Enterprise Library?
LVL 29

Expert Comment

ID: 34916774
I really wish this site had an Edit feature so we can go back and fix the typos!!!
To Patch or not to Patch? That is the question!

Don't get caught out like thousands of others around the world in the recent Ransomware Fiasco!
- Why it's not a good idea to wait before Patching
- Sensible approaches to Patching discussed
- Add your feedback, comments and suggestions


Author Comment

ID: 34916862
I really wish that some of the more experienced people on here would take a second and realize that their High Horse responses only accomplish 2 things:
1. Less comments and Questions posted on this site.
2. Another person without a general understanding  and/ or still without answers.

First of all...A colleague of mine had ISA server installed at home which he claimed "Protected him very well from spamming and intrusion prevention. My experience is..I had an Nokia Checkpoint Firewall in place - but the license has now expired.  I am back to Linksys and DD-WRT FW.
Enterprise License where I am employed let me use the EA agreement to download ISA/ Forefront for personal use.

The conclusion is - I wanted to know how to install it (Not just for FTP) to have better protection at home...or if I should even bother.

LVL 29

Expert Comment

ID: 34916878
One very major protection for an FTP Server is to make sure the "FTP Site" location is on a dedicated Drive Partition.  Then if it gets hacked and they create a gazzillion folders with illegal names that you can't delete (this is the most common thing that happens) you can simply reformat the partition and restore the data back again.  I have fixed hacked FTP Servers that were properly prepared this way in less than 30 minutes before.

But if you screw up and put the FTP Sites in the same partition as the OS then you have to format and reload the entire server from scratch or do a "bare-metal" restore from a full backup.
LVL 29

Expert Comment

ID: 34916973
I'm not on a High Horse.

But I have been working with ISA/TMG for 12 years.  I am not going to mislead you and am going to be completely honest with as I am with everyone else.  I am also forced to make assumptions about the situation based on what you asked,....and you  only asked about the FTP Server.

If you want to use ISA/TMG for its designed purpose of being a Corporate Enterprise Firewall, then it is a great product and will serve you well.  I consider it to be the best firewall and the most secure firewall on the market.  However it is also expensive,...and is designed to run on Server hardware that typically may cost somewhere around $6000.00 depending on exactly what you buy.  I don't like to see people over-buying for their needs and getting products that may be too big and require too much expertise to operate,...or worse yet simply does not do what they actually thought it would do when they bought it.
LVL 29

Expert Comment

ID: 34917122
Personally I think it is way too complex for home use.   Parts of it just don't even work without a regular Active Directory Domain deployed on a separate server.

Author Comment

ID: 34917142
I have a server that hosts many services called a QNAP I am running the 539pro)

This NAS/Server shows me log on attempts and online users.The FTP is only an example of the attempts made into the box.
In your last response - I would like to explain that with some acquisitions the company has made, I have been offered many different DELL Power Edge Servers, with many configurations.
My intentions were this: 2 year old server - Free along with necessary software - Free...

Could we make something happen a little bit better??

When I had the Checkpoint firewall in place - I used to watch over 10k attempts/ spam / garbage denied per day.

I know your stand point is "its truely overkill" but my concern is my QNAP which hosts all my content, photos, music, documents.....

Should I or shouldn't I
LVL 29

Accepted Solution

pwindell earned 500 total points
ID: 34917491
If you have those resources available to you then yes, you can do it.    But for the moment this is hanging so open ended as a question that I don't really know what I am answering.  All I can do is make a few (almost random) comments.

1. A lot of what "attacks" you seen with Checkpoint were false positives.  That will still be true to a great extent with ISA as well (and any other product).  Much of this is because it is actually impossible to accuartely identify an attack.  There are gazzillions of assumption made by IDS products when they view traffic.  It is also in the best interest of the company selling you the product the scare the crap out of you with the most "evil" sounding alert descriptions to either justify their product's purchase or to sell you even more products

2. You protect Services by not letting them be reached from the internet.  That is the cold truth, is also not very useful if the Services need to be accessed from the internet.  When you make a Serivice available from the internet you have effectively stopped protecting it.  The FTP Server and SMTP (mail servers) are a perfect example of that.  Now ISA will add some protection to a Web Server because it can Pre-Authenticate Users if the site requires authentication,...and ISA will also demand that the HTTP Packets be RFC Compliant and can also examine the HTTP content in the Data and in the URL.  But this are not done with things like FTP & SMTP.  Web Publishing runs through the Web Proxy Service and that is what adds the extra abilities,...but all the others are just traditonal Reverse-NAT processes.

3. SPAM.  ISA (by itself) will do next to nothing to filter SPAM.  SPAM Filtering must be handled by an independ SPAM filtering product or by whatever rudimentary features may exist in your Mail Server itself.

4. IDS.  The Anti-flood protection of ISA I believe is a good thing.  But many of the other types intrusion alerts I usually don't even pay any attention to.  Many are false positives by misinterpreting normal network traffic, and many more are misinterpretations of packet behavor due to bad network design of the LAN (many spoofing alerts for example).  This of course in not politically correct of me to say this is any MS employees read this (with me being an MS MVP), but that is my honest opinion on that subject.   A huge number of so-called hacking attempts hitting the public side of the ISA are just in vain and a wasted effort, without any chance of ever being effective,...they won't get through the ISA, just ain't gonna happen.

These things probably still arent' what youo are asking for, you will have to be more specific in what you are asking about,...but I an a Technician,...I'm not a Sales Person.
LVL 29

Expert Comment

ID: 34917554
Guys,...let's get an edit feature so we can fix typos in the posts.  Sometimes the typos are so bad I can barely understand what I was saying,..and I wrote it.  Trying to type posts in Word or something else with a grammar checker to clean it up is a lot of hassle.

Author Closing Comment

ID: 35689412
thanks for the help!

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to grow in reach and sophistication, putting data everywhere at risk. Learn how to avoid being caught in its sinister clutches with these 11 key tips.
Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
Sending a Secure fax is easy with eFax Corporate ( First, just open a new email message. In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question