Either the events fi re or they do not.
The IDS settings are not granular enough to allow administrators to confi gure a set
of IP addresses that are legitimate, and have ISA Server log an alert any time an IP not
in the set attempts a zone transfer.
Similarly, the other intrusion detection settings lack fl exibility. Other IDS systems
allow you to confi gure alerts for basically any event for which you can defi ne a rule.
Here, however, the administrator has the ability to select from six different attack types,
most of which are quite frankly a bit dated. Although the IDS capabilities in ISA Server
are better than nothing, it is hard to believe anyone who actually wanted to monitor
potential intrusions would fi nd this to be a suitable replacement for Snort or other
full-featured IDS solutions.
Confi guring IP Protection
The IP Protection function can be useful. By clicking Confi gure IP Protection,
you will open the IP Preferences dialog box shown in Figure 11.11.
Figure 11.11 Confi guring IP Protection
402 Chapter 11 ??? Confi guring Microsoft Internet Security and Acceleration Server 2006
The IP Options tab can be an effective deterrent for maliciously crafted packets.
IP packets have a fi eld for IP options, but these are generally not used a great deal for
legitimate use. Some of the options can, in fact, be used effectively for information
gathering so it is nice to be able to confi gure ISA Server to fi lter these types of packets.
Pages:
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398