📊

Monitoring and reporting

Intrusion detection

notion image
Windows out-of-band - Win 96/98/NT packet marked as urgent, pointer out of packet
Land - spoofing, tcp 3 way handshake
Ping of death - large number of pings
IP half scan - port scan but doesn’t fully establish a session to avoid detection
UDP bomb - like a ping on well known ports
Port scan - search for all open ports
notion image
DNS host name overflow - request for dns name too long
DNS length overflow - entry longer that 32 bits
DNS zone transfer - internal dns server sends full lists of server names and IP addresses

Monitoring Configuration

Alerts

notion image
Alerts = Events
Can create custom alerts
notion image
notion image
notion image
By default report to Windows application event log

Logs

notion image
Packet filters - all packets going though ISA
Firewall service - all firewall client
Web proxy and caching
notion image
Scripts to create table are on the install cd
notion image
By default only logs denied packets
By default stored in the ISALogs folder

Report

Log file summaries needed to create reports, disabled by default
Created at 12:30 at night
notion image
 
notion image
Summary Report
notion image
Security Report
notion image

Performance Monitor

 
notion image