ISA Upgrade: Redirect URL - ISA Upgrade: Action - Permit access to the requested web page ISA Upgrade: Enabled - TRUEISA Upgrade: Applies to content method type - Rule applies to all typ
Trang 1ISA Upgrade: Redirect URL - ISA Upgrade: Action - Permit access to the requested web page ISA Upgrade: Enabled - TRUE
ISA Upgrade: Applies to content method type - Rule applies to all types of content ISA Upgrade: Applies to destination - All destinations
ISA Upgrade: Applies to method - All requests regardless of origin ISA Upgrade: Applies always - TRUE
ISA Upgrade: Upgraded successfully ISA Upgrade: Upgrade of ISA Server rules from Proxy2.0 domain filters succeeded ISA Upgrade: —-Upgrading dial-on-demand schedule
ISA Upgrade: No items to upgrade ISA Upgrade: —-Upgrading Routing Rules ISA Upgrade: No items to upgrade ISA Upgrade: —-Upgrading Publishing Rules ISA Upgrade: No items to upgrade
ISA Upgrade: —-Upgrading alerts ISA Upgrade: WARNING: Alert Disk Full was removed from ISA and is not migrated ISA Upgrade: Alert#1
ISA Upgrade: Enabled - TRUE ISA Upgrade: Event GUID - {FFFF8E96-94EC-11D2-AF53-00E02C069419}
ISA Upgrade: Description - IP packet was dropped according to specified policy.
ISA Upgrade: Server name - ISA Upgrade: Additional key - -1 ISA Upgrade: Events per second - 20 ISA Upgrade: Minutes before reraise - 5 ISA Upgrade: Events before raise - 0 ISA Upgrade: Name - IP packet dropped ISA Upgrade: User name -
ISA Upgrade: Alert action name - LogEvent ISA Upgrade: Alert action type - Log event to System Event Log ISA Upgrade: Alert action name - SendMail
ISA Upgrade: Alert action type - Send Mail message ISA Upgrade: SERVER=fredf
ISA Upgrade: TO=rb@fredf.com ISA Upgrade: CC=
ISA Upgrade: FROM=proxy@fredf.com ISA Upgrade: Upgraded successfully ISA Upgrade: Alert#2
ISA Upgrade: Enabled - TRUE ISA Upgrade: Event GUID - {FFFF8E97-94EC-11D2-AF53-00E02C069419}
ISA Upgrade: Description - A packet with invalid IP options was detected and the packet dropped.
ISA Upgrade: Server name - ISA Upgrade: Additional key - -1 ISA Upgrade: Events per second - 1 ISA Upgrade: Minutes before reraise - 1 ISA Upgrade: Events before raise - 0 ISA Upgrade: Name - IP Protocol violation ISA Upgrade: User name -
continues
Trang 2604 A p p e n d i x C I S A U P G R A D E L O G
ISA Upgrade: Alert action name - LogEvent ISA Upgrade: Alert action type - Log event to System Event Log ISA Upgrade: Alert action name - SendMail
ISA Upgrade: Alert action type - Send Mail message ISA Upgrade: SERVER=fredf
ISA Upgrade: TO=rb@fredf.com ISA Upgrade: CC=
ISA Upgrade: FROM=proxy@fredf.com ISA Upgrade: Upgraded successfully ISA Upgrade: Upgrade of alerts succeeded ISA Upgrade: -Upgrading packet filters ISA Upgrade: Packet Filter#1
ISA Upgrade: Name - DNS filter ISA Upgrade: Description - ISA Upgrade: Enabled - TRUE ISA Upgrade: All servers - TRUE ISA Upgrade: Server name - ISA Upgrade: Filter mode - Allow the packets to pass ISA Upgrade: Filter type - DNS lookup predefined static filter ISA Upgrade: Protocol number - 17
ISA Upgrade: Direction type - Send Receive directions (in and out) ISA Upgrade: Local port type - Any port
ISA Upgrade: Local port number - 0 ISA Upgrade: Remote port type - Fixed port (followed by port number) ISA Upgrade: Remote port number - 53
ISA Upgrade: ICMP type - Any ICMP type ISA Upgrade: ICMP type number - 0 ISA Upgrade: ICMP code - Any ICMP code ISA Upgrade: ICMP code number - 0 ISA Upgrade: Local host type - No host specified (default external IP address) ISA Upgrade: Local host IP address - 0.0.0.0
ISA Upgrade: Local host IP mask - ISA Upgrade: Remote host type - Any host possible ISA Upgrade: Remote host IP address - 0.0.0.0 ISA Upgrade: Remote host IP mask -
ISA Upgrade: Log matching packets - FALSE ISA Upgrade: Upgraded successfully
ISA Upgrade: Packet Filter#2 ISA Upgrade: Name - ICMP outbound ISA Upgrade: Description - ISA Upgrade: Enabled - TRUE ISA Upgrade: All servers - TRUE ISA Upgrade: Server name - ISA Upgrade: Filter mode - Allow the packets to pass ISA Upgrade: Filter type - ICMP outbound predefined static filter ISA Upgrade: Protocol number - 1
ISA Upgrade: Direction type - Out direction ISA Upgrade: Local port type - Any port ISA Upgrade: Local port number - 0 ISA Upgrade: Remote port type - Any port ISA Upgrade: Remote port number - 0 ISA Upgrade: ICMP type - Any ICMP type ISA Upgrade: ICMP type number - 0
continued
Trang 3ISA Upgrade: Log matching packets - FALSE ISA Upgrade: Upgraded successfully
ISA Upgrade: Packet Filter#3 ISA Upgrade: Name - ICMP ping response (in) ISA Upgrade: Description -
ISA Upgrade: Enabled - TRUE ISA Upgrade: All servers - TRUE ISA Upgrade: Server name - ISA Upgrade: Filter mode - Allow the packets to pass ISA Upgrade: Filter type - ICMP ping response predefined static filter ISA Upgrade: Protocol number - 1
ISA Upgrade: Direction type - In direction ISA Upgrade: Local port type - Any port ISA Upgrade: Local port number - 0 ISA Upgrade: Remote port type - Any port ISA Upgrade: Remote port number - 0 ISA Upgrade: ICMP type - Fixed ICMP type ISA Upgrade: ICMP type number - 0 ISA Upgrade: ICMP code - Fixed ICMP code ISA Upgrade: ICMP code number - 0 ISA Upgrade: Local host type - No host specified (default external IP address) ISA Upgrade: Local host IP address - 0.0.0.0
ISA Upgrade: Local host IP mask - ISA Upgrade: Remote host type - Any host possible ISA Upgrade: Remote host IP address - 0.0.0.0 ISA Upgrade: Remote host IP mask -
ISA Upgrade: Log matching packets - FALSE ISA Upgrade: Upgraded successfully
ISA Upgrade: WARNING: ICMP Ping Query packet filter is not migrated by design ISA Upgrade: Packet Filter#4
ISA Upgrade: Name - ICMP timeout in ISA Upgrade: Description -
ISA Upgrade: Enabled - TRUE ISA Upgrade: All servers - TRUE ISA Upgrade: Server name - ISA Upgrade: Filter mode - Allow the packets to pass ISA Upgrade: Filter type - ICMP timeout predefined static filter ISA Upgrade: Protocol number - 1
ISA Upgrade: Direction type - In direction ISA Upgrade: Local port type - Any port ISA Upgrade: Local port number - 0 ISA Upgrade: Remote port type - Any port ISA Upgrade: Remote port number - 0 ISA Upgrade: ICMP type - Fixed ICMP type ISA Upgrade: ICMP type number - 11 ISA Upgrade: ICMP code - Any ICMP code ISA Upgrade: ICMP code number - 0 ISA Upgrade: Local host type - No host specified (default external IP address) ISA Upgrade: Local host IP address - 0.0.0.0
ISA Upgrade: Local host IP mask - ISA Upgrade: Remote host type - Any host possible
Trang 4ISA Upgrade: Enabled - TRUE ISA Upgrade: All servers - TRUE ISA Upgrade: Server name - ISA Upgrade: Filter mode - Allow the packets to pass ISA Upgrade: Filter type - ICMP unreachable predefined static filter ISA Upgrade: Protocol number - 1
ISA Upgrade: Direction type - In direction ISA Upgrade: Local port type - Any port ISA Upgrade: Local port number - 0 ISA Upgrade: Remote port type - Any port ISA Upgrade: Remote port number - 0 ISA Upgrade: ICMP type - Fixed ICMP type ISA Upgrade: ICMP type number - 3 ISA Upgrade: ICMP code - Any ICMP code ISA Upgrade: ICMP code number - 0 ISA Upgrade: Local host type - No host specified (default external IP address) ISA Upgrade: Local host IP address - 0.0.0.0
ISA Upgrade: Local host IP mask - ISA Upgrade: Remote host type - Any host possible ISA Upgrade: Remote host IP address - 0.0.0.0 ISA Upgrade: Remote host IP mask -
ISA Upgrade: Log matching packets - FALSE ISA Upgrade: Upgraded successfully
ISA Upgrade: Packet Filter#6 ISA Upgrade: Name - ICMP source quench ISA Upgrade: Description -
ISA Upgrade: Enabled - TRUE ISA Upgrade: All servers - TRUE ISA Upgrade: Server name - ISA Upgrade: Filter mode - Allow the packets to pass ISA Upgrade: Filter type - ICMP source quench predefined static filter ISA Upgrade: Protocol number - 1
ISA Upgrade: Direction type - In direction ISA Upgrade: Local port type - Any port ISA Upgrade: Local port number - 0 ISA Upgrade: Remote port type - Any port ISA Upgrade: Remote port number - 0 ISA Upgrade: ICMP type - Fixed ICMP type ISA Upgrade: ICMP type number - 4 ISA Upgrade: ICMP code - Fixed ICMP code ISA Upgrade: ICMP code number - 0 ISA Upgrade: Local host type - No host specified (default external IP address) ISA Upgrade: Local host IP address - 0.0.0.0
ISA Upgrade: Local host IP mask - ISA Upgrade: Remote host type - Any host possible
continued
Trang 5A p p e n d i x C I S A U P G R A D E L O G 607
ISA Upgrade: Packet Filter#7 ISA Upgrade: Name - Proxy2.0’s custom packet filter #1 ISA Upgrade: Description -
ISA Upgrade: Enabled - TRUE ISA Upgrade: All servers - TRUE ISA Upgrade: Server name - ISA Upgrade: Filter mode - Allow the packets to pass ISA Upgrade: Filter type - No predefined filter See the custom filter options ISA Upgrade: Protocol number - 6
ISA Upgrade: Direction type - Both directions (in and out) ISA Upgrade: Local port type - Fixed port (followed by port number) ISA Upgrade: Local port number - 21
ISA Upgrade: Remote port type - Any port ISA Upgrade: Remote port number - 0 ISA Upgrade: ICMP type - Any ICMP type ISA Upgrade: ICMP type number - 0 ISA Upgrade: ICMP code - Any ICMP code ISA Upgrade: ICMP code number - 0 ISA Upgrade: Local host type - No host specified (default external IP address) ISA Upgrade: Local host IP address -
ISA Upgrade: Local host IP mask - ISA Upgrade: Remote host type - Any host possible ISA Upgrade: Remote host IP address -
ISA Upgrade: Remote host IP mask - ISA Upgrade: Log matching packets - TRUE ISA Upgrade: Upgraded successfully
ISA Upgrade: Packet Filter#8 ISA Upgrade: Name - Proxy2.0’s custom packet filter #2 ISA Upgrade: Description -
ISA Upgrade: Enabled - TRUE ISA Upgrade: All servers - TRUE ISA Upgrade: Server name - ISA Upgrade: Filter mode - Allow the packets to pass ISA Upgrade: Filter type - No predefined filter See the custom filter options ISA Upgrade: Protocol number - 6
ISA Upgrade: Direction type - Both directions (in and out) ISA Upgrade: Local port type - Fixed port (followed by port number) ISA Upgrade: Local port number - 23
ISA Upgrade: Remote port type - Any port ISA Upgrade: Remote port number - 0 ISA Upgrade: ICMP type - Any ICMP type ISA Upgrade: ICMP type number - 0 ISA Upgrade: ICMP code - Any ICMP code ISA Upgrade: ICMP code number - 0 ISA Upgrade: Local host type - No host specified (default external IP address) ISA Upgrade: Local host IP address -
ISA Upgrade: Local host IP mask - ISA Upgrade: Remote host type - Any host possible ISA Upgrade: Remote host IP address -
ISA Upgrade: Remote host IP mask - ISA Upgrade: Log matching packets - TRUE ISA Upgrade: Upgraded successfully
ISA Upgrade: Upgrade of packet filters succeeded ISA Upgrade: —-Upgrading log configuration ISA Upgrade: Log#1
ISA Upgrade: Component type - Firewall log
continues
Trang 6ISA Upgrade: Log database table name - Table1 ISA Upgrade: Log database user name - ISA Upgrade: Log file directory type - The directory of the log files is specified as full path ISA Upgrade: Upgraded successfully
ISA Upgrade: Log#2 ISA Upgrade: Component type - Web Proxy log ISA Upgrade: Log type - Logging W3C extended format to text log files ISA Upgrade: Log period - one file per day
ISA Upgrade: Log field selection - 3604407 ISA Upgrade: Log enabled - TRUE
ISA Upgrade: Log files compress - TRUE ISA Upgrade: Log file keep old - 0 ISA Upgrade: Log file directory - G:\WINNTNT\System32\msplogs ISA Upgrade: Log database data source - db1
ISA Upgrade: Log database table name - Table1 ISA Upgrade: Log database user name - ISA Upgrade: Log file directory type - The directory of the log files is specified as full path ISA Upgrade: Upgraded successfully
ISA Upgrade: Log#3 ISA Upgrade: Component type - Packet filters log ISA Upgrade: Log type - Logging W3C extended format to text log files ISA Upgrade: Log period - one file per day
ISA Upgrade: Log field selection - 895 ISA Upgrade: Log enabled - TRUE ISA Upgrade: Log files compress - TRUE ISA Upgrade: Log file keep old - 0 ISA Upgrade: Log file directory - G:\WINNTNT\System32\msplogs ISA Upgrade: Log database data source - db1
ISA Upgrade: Log database table name - Table1 ISA Upgrade: Log database user name - ISA Upgrade: Log file directory type - The directory of the log files is specified as full path ISA Upgrade: Upgraded successfully
ISA Upgrade: Upgrade of log configuration succeeded ISA Upgrade: -Upgrading SSL Port List
ISA Upgrade: Tunnel port range#1 ISA Upgrade: Name - Range1 ISA Upgrade: Tunnel low port - 443 ISA Upgrade: Tunnel high port - 443 ISA Upgrade: Upgraded successfully
ISA Upgrade: Tunnel port range#2 ISA Upgrade: Name - Range2 ISA Upgrade: Tunnel low port - 563 ISA Upgrade: Tunnel high port - 563 ISA Upgrade: Upgraded successfully
ISA Upgrade: Upgrading of SSL Port List succeeded
continued
Trang 7A p p e n d i x C I S A U P G R A D E L O G 609
ISA Upgrade: Object size limit - 1 ISA Upgrade: Server protection enable - TRUE ISA Upgrade: Server protect factor - 50 ISA Upgrade: Max protect time - 60 ISA Upgrade: Cache question URLs - FALSE ISA Upgrade: Max URL Size - 12800 ISA Upgrade: WARNING: Enable Active Cache is always disabled by design ISA Upgrade: Active caching policy - Avarege behavior
ISA Upgrade: FTP caching enabled - TRUE ISA Upgrade: FTP TTL value - 1440 ISA Upgrade: HTTP caching enabled - TRUE ISA Upgrade: Expiration policy - Avarege behavior ISA Upgrade: Age factor - 20
ISA Upgrade: Minimum Time-to-Live interval - 1 ISA Upgrade: Maximum Time-to-Live interval - 15 ISA Upgrade: Upgrade of cache configuration succeeded ISA Upgrade: WARNING: Socks are not migrated by design
continues
Trang 9back-to-back perimeter network A network uration in which two firewalls are used to create anexternal network, a midground network (between thetwo firewalls), and an internal network.
config-backup connection If the primary connection isunavailable, the backup connection will be tried
bandwidth priorities Policy elements that give a ical indication of the relative amount of bandwidth
log-bandwidth rules Rules that indicate the bandwidthpriority available
Basic Authentication An authentication algorithmthat relies on the clear-text presentation of a password
or key Here credentials are encoded, not encrypted
bridging Requests from a Web client are bridgedacross the interface of the firewall In the case of SSLbridging, the client SSL connection ends with the fire-wall and a new SSL connection is made between thefirewall and the Web server
Cache Array Routing Protocol (CARP) The rithm used by ISA Server to perform distributedcaching
algo-Caching mode The ISA Server mode that providesWeb caching and Web hosting When the ISA Serverreceives a Web request, it first attempts to provide theresponse from its cache If the necessary pages are notavailable, the ISA Server makes the request for theclient and provides the response to the client as well asplacing the pages in its cache
configura-active caching When objects are preconfigured to beperiodically downloaded from Web sites without corre-sponding real-time requests they are said to be activelycached In active caching, the ISA Server refreshes thecache on its own before the object expires
Active Directory Schema The collection of classesand attributes available in the Active Directory This isthe metadata of the AD
alias A substitute friendly name for a networkaddress An email address can be an alias in a H.323registration database
all ports scan attack An attempt to access at morethan the configured number of ports (settable thresh-old)
allocation priorities When a limited amount ofresources (money, people) is available, necessary func-tions, upgrades, and repairs are prioritized andresources allocated accordingly
Array mode Array modes are similar to server lation modes The first array of the enterprise is created
instal-in the mode instal-in which is first member is Additionalarrays must choose an array mode: caching, firewall, orintegrated
array policy Policies set at the Array level
automatic discovery The process of finding the ISAServer computer either thorough broadcast or using theDHCP or DNS configuration
Trang 10612 A p p e n d i x D G L O S S A RY
destination sets A policy element that indicates agroup of IP addresses, which represent potential inter-nal or external destinations
DHCP Options DHCP can communicate to itsclients a number of options—pieces of informationsuch as router and WPAD location The ServerOptions page of the DHCP server console can be used
to specify these options
dial-on-demand A process that dials the numberconfigured when access to that location is necessary
dial-up entries Policy elements that define Windows
2000 dial-up networking elements available for use inISA Server
Digest Authentication An authentication protocolthat compares the results of two one-way encryptionsover the same string One of the digests is prepared bythe client, and one by the server Because the samealgorithm is used over the same data, the resultingdigests should match If they do, the client can beauthenticated With Digest Authentication, credentialsare encrypted, and a message digest is used to validatethe credentials
distributed caching The process of distributedcached Web pages across multiple caching servers in anarray
Distributed Component Object Model (DCOM)
A service that enables object communication across anetwork from one computer to another
distributed file system service A Windows 2000service that makes it easier for users to access files distributed across the network
distributed link tracking service A Windows 2000service that is used to track linked resources that mighthave been moved
capacity planning The process of using the past tory of a project or system to determine the necessarycapacity for the future
his-certificate A construct that can be used for cation It holds information that can validate or identi-
authenti-fy the owner Certificates are digital credentials that can
be used to prove trust and thus be used in digitalauthentication schemes independent of or in conjunc-tion with the passwords
Certificate Authority The certificate producing service of the PKI
chained authentication The process in whichauthentication credentials are passed from the down-stream ISA Server to the upstream ISA Server
chaining See hierarchical caching.
circuit-level filtering The process of inspecting thesession level by looking at application requests usingthe Winsock and SOCKS protocols
client address sets A policy element that represents arange of IP addresses for client systems
computer browser service The service that casts the location of Windows computers
broad-Connection Initiator The tunnel endpoint that canrequest the connection
Connection Receiver The tunnel endpoint thatreceives the connection request
content groups Policy elements that include eithermime groups or file extensions
data pumping Another name for fast kernel mode
demilitarized zone (DMZ) An arrangement of nal, external and perimeter networks so as to create aprotected zone reachable from internal and externalnetworks Typically, two firewalls are used
Trang 11inter-A p p e n d i x D G L O S S A RY 613
DNS resource record A type of DNS record thatallows clients to locate a service on an IP network Theclient receives a FQDN of the host which provides theservice and then can use DNS lookup to resolve the IPaddress
Domain Filter Proxy Server 2.0 name for site andcontact access rules
E164 One of three possible alias forms, it specifies aphone number
E-Mail-ID One of three possible alias forms, itrequires a real email address
encoded Encoding is the application of a specific inition to data so that it meets some specification Thedata is obscured, and not in clear text, but it is notencrypted Anyone who knows the encoding standardcan easily reformat the data and read it
def-Enterprise Admin A Windows 2000 group
Membership in this group is required in order to modify the schema
Enterprise CA A CA that is integrated with theActive Directory
Enterprise policy A policy that details the tion of access policy for the forest Policies set at theEnterprise level affect how array level policy is imple-mented They can disallow any modifications or allowArray policies to further restrict Enterprise level policysettings
configura-enumerated port scan attack An attempt to countthe services running
external network The network on the outside of thefirewall—the public network
fast kernel mode When IP routing is enabled on theISA Server, secondary connections can be processed inkernel mode instead of requiring additional process forauthorization
fax service The service required to implement faxservices
firewall chaining The process of sending outboundrequests to an upstream SA Server for resolution
firewall clients Clients with the Firewall Client software installed
Firewall mode The ISA Server mode in which theserver is configured a as a firewall This installationmode provides firewall services, Web and server host-ing, and inbound and outbound access control
Firewall service The ISA Server service that managesinbound access control and works in concert withapplication filters to provide non-HTTP Web requestforwarding
forward caching The caching of Web requests
gateway-to-gateway demand-dial interface InRouting and Remote Access console, the representation
of a VPN
H.323 An ITU communications standard that fies how audio and video conferencing occur over an IPnetwork
speci-H.323 Gatekeeper A device that controls, and ages H.323 communication Provides registered clientswith call routing and directory services Works with theH.323 protocol to provide communication services
man-H.323 Gateway A device that translates H.323 munications between an IP network and the PSTN
com-H.323 Gateway Service A service that provides agement of public access to NetMeeting sessions on theprivate network
man-H.323 Protocol filters Protocol filters that restrictthe use of the H.323 protocol across the firewall
H.323 Proxy Allows the transfer of H.323 nications across firewalls
Trang 12commu-614 A p p e n d i x D G L O S S A RY
Internet Control Message Protocol (ICMP) Thisprotocol is used by TCP/IP hosts to provide informa-tion about the status of other hosts and communica-tions on the network
Internet Locator Server (ILS) A server that acts as aH.323 MCU
Internet Message Access Protocol 4 (IMAP4) Aprotocol used to download email from a mail server
Intrusion Detection The process of detecting anattack against a system and responding with some form
of logging or alerting or other activity
IP half scan attack Many attempts at connection to
a computer made, but no corresponding ACK packetscommunicated
IPSec A protocol that adds many security features toTCP/IP It is used in a VPN for encryption
ISA COM objects COM objects used by ISA Server.They must be registered in order to be used Thisprocess is done during installation
ISA Management The MMC console used toadminister ISA Server
L2TP A tunneling protocol used in Windows 2000VPNs
Land attack A TCP SYN packet sent with a spoofedsource IP address and port number matching the desti-nation IP address and port
Layer 2 Tunneling Protocol over IP Security (L2TP/IPSec) A combination of a tunneling proto-col (L2TP) and an encryption and security protocolthat is used to create and secure a VPN
license logging service The service that logs licenseinformation
H.323-ID One of three possible alias forms, it canuse a email addresses and other types of addresses
hierarchical caching The process of chainingcaching server arrays so that arrays lower in the chainpoint to and refer Web requests to arrays higher in thechain At the top of the hierarchy, the array passesrequests to the Internet All arrays, from the first arrayrequesting the page all the way to the top-level arraywill cache the Web request result
Identd When a client operates behind a firewall itcannot respond to some types of requests for identifica-tion from Internet servers The Identd simulation ser-vice, when installed on an ISA Server, can respond tothe Internet server on behalf of the client
Integrated mode An installation mode for ISAServer, which provides both the features and benefits ofboth the Firewall mode and the Caching mode In thismode, the ISA Server is both a firewall and a cachingserver
internal network The network protected by the firewall
International Telecommunications Union (ITU) Astandards body
Internet Assigned Numbers Authority (IANA) Anorganization that controls the assignment of commonnumbering schemes, for example the assignment ofport numbers
Internet Connection Sharing A service of Windows
2000 that allows a connection to the Internet made onone computer to be shared with another This serviceshould not be available on the ISA Server Windows
2000 computer because to do so could compromise thenetwork by allowing traffic around the firewall or Webcaching server
Trang 13A p p e n d i x D G L O S S A RY 615
listener A computer interface that listens for a ular type of traffic on the external interface of the fire-wall
partic-Local Address Table (LAT) (1)The LAT is the list ofsubnets that are on the private network side of the ISAServer in Firewall or Integrated mode The LAT is used
by firewall clients to determine if they should send arequest to the ISA Server It is used by the ISA Server
to determine if it should forward a request to the private network (2)A table of IP address ranges thatrepresent ranges present on the internal or private network It is used by the firewall service to determinewhich requests it should forward to the Internet
Local Domain Table (LDT) A collection of thenames of domains that exist on the internal or privateside of the ISA Server
Locallat.txt If the client needs special configuration
of the LAT file, this should be done by creating a file
on the client and naming it locallat.txt The firewallclient then uses both the locallat.txt and the msplat.txtfiles
Message Digest The hashing of a string using a way algorithm (one that cannot be reversed)
one-Messaging Application Programming Interface (MAPI) An API that is used for communicationbetween clients and messaging servers—for example,between Microsoft Outlook and Microsoft ExchangeServer
Microsoft Certificate Services The service that can
be loaded on Windows 2000 Server or AdvancedServer and provide a Certificate Authority and otherelements of a Public Key Infrastructure
migration A process in which some features, but notall, are moved from one version of a product to another
MS_FWC.msi The msi installation file provided bythe ISA Server that can be used in Group Policy toassign installation to multiple client computers
msisaund.ini file The file used in an unattendedinstall of ISA Server to provide installation informationspecific to the current ISA install
mspclnt.ini The client configuration file which alsocontains a copy of the ISA Server Local Domain Table(LDT)
msplat.txt (1)The client copy of the ISA Server LocalAddress Table (LAT);(2)The firewall client copy of theLAT
Multipoint Control Unit (MCU) A conferencingserver
Network Address Translation (NAT) The process ofreplacing the client’s outgoing packet source IP addresswith the NAT server’s external IP address and substitut-ing the returned packets destination IP address with therequesting clients IP address
Network Load Balancing A software-basedWindows 2000 clustering solution Multiple computersrunning the same application can be linked
Network News Transfer Protocol (NNTP) A col used to provide news groups communication
proto-ODBC Data Source Name (DSN) The logical nection device between the database and another appli-cation
con-packet filtering The process by which the header of
a packet is inspected and the packet is accepted ordropped according to preset packet filtering rules
pass-through authentication The Web proxy client’scredentials are passed through the firewall and to theserver he wants to contact
Trang 14collec-Registration, Admission, and Status protocol (RAS)
The protocol that specifies how clients register theirnames in the H.323 registration database
Request for Comment (RFC) A device by which theInternet community formulates a standard for theInternet
reverse caching The caching of hosted Web sitepages
Root CA The first CA, the one from which trustemanates
schedule A policy element that expresses the time ofday and the days of a week
Schema Admin A Windows 2000 group
Membership is required in this group in order to modify the schema
Secure Sockets Layer (SSL) A protocol designed byNetscape Communications to provide encrypted com-munications between a client and a server on theInternet
SecureNAT An extension of Windows 2000 NAT toprovide access control
SecureNAT clients Clients that are not firewall orWeb proxy clients but who make requests for externalnetwork services through the ISA Server
Security Configuration and Analysis A Windows
2000 tool that allows the comparison of the currentcomputer security configuration to that of a template
Performance Monitor counters Measurable teristics of a system or hardware device
charac-Performance Monitor objects A logical collection ofcharacteristic (counters) related to some system orhardware device
Ping of death attack A large amount of information
is appended to an Internet Control Message Protocol(ICMP) echo request (ping) packet
Point-to-Point Tunneling Protocol A tunnelingprotocol that provides tunneling services for a VPN
policy elements In ISA Server, policy elementsdefine objects such as IP address ranges, schedules,bandwidth priorities, and so on These elements canthen be used in rules
Post Office Protocol 3 (POP3) A protocol used todownload email from a mail server
primary connection The first connection the ISAServer tries
primary network address The address of the cluster
private address ranges Address ranges assigned byIANA and published in RFC 1918 These addresses arenot to be used on the Internet but can be used by pri-vate networks
private network The internal network
protocol definitions Definitions of protocols thatinclude ports, protocol ids, and so on
protocol rules Rules that express the protocols thatcan be used to access objects
Public Key Infrastructure (PKI) The sum of theservices, utilities, and constructs that provide certificateservices to the enterprise
public network The external network
Trang 15A p p e n d i x D G L O S S A RY 617
server publishing rules Rules that are created topublish internal servers to the external network
single-path internetwork An internetwork in which
no two subnetworks have more than one path of access
to each other
site In Windows 2000, a collection of subnets at adistinct physical location The site is configured in theActive Directory
site and content rules Rules that express the tion sites and what types of data can be retrieved fromthem
destina-SMTP service A protocol used in mail delivery
SNMP A network management protocol required
by some network management products If it is not required in your network, it should not be implemented
SOCKS applications Unix and Macintosh tions that use the SOCKS protocol for communica-tions
applica-Standalone CA A CA that is not integrated with theActive Directory
Stateful Inspection Also known as dynamic packetfiltering, stateful inspection refers to the process thatallows ports to open on demand and only stay openuntil the communication is done This minimizes theexposure of ports in your environment
static routes Manually configured routes versus thoseconfigured automatically by some routing protocol
system hardening The process of applying securitypatches, modifying resource access permissions, remov-ing unnecessary services, files and permissions and anyother known security defense
T.120 An ITU communications standard that fies how data conferences occur over an IP network
speci-The Allow Rule A generic site and content rule iscreated during installation that allows access to all sites
three-pronged approach The use of three networkcards in a firewall to create three paths; one to theexternal , public network One to the internal, privatenetwork, and one to a perimeter network
tiered policy A policy that consists of Enterprise leveland Array level policies in a distributed environment.The Array policies modify the application of Enterpriselevel policy to provide a varied environment
trend analysis The process of taking measurementsover time to look for patterns in the changes
UDP bomb attack UDP packets constructed withillegal values in some fields are being sent
unreachable state A connection to a demand-dialrouter fails therefore the interface is in an unreachablestate
upgrade A process where new features and fixes areadded to a product
Virtual Private Networking The extension of a vate network by creating a protected path between twonetworks across a third The end result is the connec-tion is a “virtual” point-to-point connection
pri-Virtual Private Networks (VPNs) A logical tion between two networks over at least one other net-work The connection acts as if it were a physicalpoint-to-point connection although it is not
connec-VPN endpoint The termination point of a VPN
VPN pass-through A mode in which the ISA Serverallows a tunnel created between two endpoints, one onits internal network and one on its external network to
“pass-through.”
Web caching server An ISA Server that providesWeb caching services