Configuring Alerting in ISA Server 2004
[LEFT][FONT=Times New Roman][SIZE=3]ISA Server alerts are a wonderful tool. How easy it is to be working away, checking joke emails from friends you never talk to anymore, not knowing that your firewall is under attack. Well, not that I am advocating getting wound up in joke emails, but ISA Server firewalls make use of their own monitoring and alert features which can recognize when intrusions or attacks are taking place. The nicest part about this feature is the ability of the ISA firewall to respond to these types of attacks. [/SIZE][/FONT]
[FONT=Times New Roman][SIZE=3]ISA Server alerts are a wonderful tool. How easy it is to be working away, checking joke emails from friends you never talk to anymore, not knowing that your firewall is under attack. Well, not that I am advocating getting wound up in joke emails, but ISA Server firewalls make use of their own monitoring and alert features which can recognize when intrusions or attacks are taking place. The nicest part about this feature is the ability of the ISA firewall to respond to these types of attacks. [/SIZE][/FONT]
[FONT=Times New Roman][SIZE=3]The monitoring of Alerts can be of critical benefit to your organization or network, therefore swift action or recognition is needed to keep problems from escalating.[/SIZE][/FONT]
[FONT=Times New Roman][SIZE=3]In ISA 2004, the Monitoring node has a few little features that should be used. The Dashboard is a snapshot of all the monitoring features running. The connectivity and reports tabs can be used to great effect and we won’t ever underestimate the importance or value of logging, will we?[/SIZE][/FONT]
[FONT=Times New Roman][SIZE=3]For the point of this document we will focus on the Alerts tab. You will notice on the right hand side we can configure "alert definitions". I have chosen to define what action should be taken in the case of IP Spoofing as an example. There are a few options, firstly, as I have demonstrated I use ISA 2004 to send an alert email to the firewall administrator, in this case me. All you need to do is specify the SMTP server. [/SIZE][/FONT]
[FONT=Times New Roman][SIZE=3]I also created a mailbox for [/SIZE][/FONT][EMAIL="firewall_alert@exchange.mine.nu"][U][FONT=Times New Roman][SIZE=3][COLOR=#0000ff]firewall_alert@exchange.mine.nu[/COLOR][/SIZE][/FONT][/U][/EMAIL][FONT=Times New Roman][SIZE=3] so it looks nice and pretty in my inbox. I recommend testing to see that your alerts will actually be delivered to the person; to do this hit the [B]Test[/B] button. As you can see, via the little outlook alert in the lower right corner of the screen, mine has worked fine. One further step is to create a firewall rule that allows the local host network to send SMTP mail (TCP port 25) to your mail server.[/SIZE][/FONT]
[FONT=Times New Roman][SIZE=3]As you can see there are a few other choices, running specified programs, reporting to the Event Logs, stopping and starting specified services. You will need to determine what sort of action you will perform for each task. Some are more frequently occurring than others and require special attention.[/SIZE][/FONT][/LEFT]
[FONT=Verdana][CENTER][LEFT][FONT=Times New Roman][SIZE=3][/SIZE][/FONT][/CENTER][/LEFT]
[/FONT][LEFT][FONT=Times New Roman] [/FONT]
[FONT=Times New Roman] [/FONT][/LEFT]