ISA 2000 - Monitoring and reporting

ISA Server 2000 May 24, 2025

Intrusion detection

Intrusion detection settings
Intrusion detection settings
  • Windows out-of-band - Win 96/98/NT packet marked as urgent, pointer out of packet
  • Land - spoofing, tcp 3 way handshake
  • Ping of death - large number of pings
  • IP half scan - port scan but doesn’t fully establish a session to avoid detection
  • UDP bomb - like a ping on well known portsPort scan - search for all open ports
DNS intrusion detection settings
DNS intrusion detection settings
  • DNS host name overflow - request for dns name too long
  • DNS length overflow - entry longer that 32 bits
  • DNS zone transfer - internal dns server sends full lists of server names and IP addresses

Monitoring Configuration

Alerts

ISA Alerts
ISA Alerts

Alerts = Events, Can create custom alerts

Alert General
Alert General
Alert Events
Alert Events
Alert Actions
Alert Actions

By default report to Windows application event log

Logs

ISA Logs
ISA Logs
  • Packet filters - all packets going though ISA
  • Firewall service - all firewall client
  • Web proxy and caching
Log storage settings
Log storage settings

SQL scripts to create table are on the install cd

Log fields
Log fields
  • By default only logs denied packets
  • By default stored in the ISALogs folder

Report

Log file summaries needed to create reports, disabled by defaultCreated at 12:30 at night

Report job settings
Report job settings

 

ISA Reports
ISA Reports

Summary Report

Summary Report
Summary Report

Security Report

Security Report
Security Report

Performance Monitor

Performance Monitor
Performance Monitor

Tags

Craig Garnham

Recommended for you