Announcement

Collapse
No announcement yet.

ISA 2006 Enterprise Blacklist

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ISA 2006 Enterprise Blacklist

    Guys,

    I am trying to setup a blacklist within ISA2006. Is there a simple way of importing a list into my enterprise version? I tried to download a list from a website, that did not work. I assume that this is not a simple task?

    Kind Regards,

    Dave

  • #2
    Re: ISA 2006 Enterprise Blacklist

    Which list where you trying to download?
    Which websites do you want to block?
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: ISA 2006 Enterprise Blacklist

      Originally posted by Dumber View Post
      Which list where you trying to download?
      Which websites do you want to block?

      I actually tried it from here, http://www.tacteam.net/isaserverorg/...blocklists.zip

      Comment


      • #4
        Re: ISA 2006 Enterprise Blacklist

        Originally posted by au010900 View Post

        also trying to block gambling, porn etc.

        Comment


        • #5
          Re: ISA 2006 Enterprise Blacklist

          hmmm although I think you're better off with something like websense those XML shouldn't give you a problem to import it into ISA server.
          Where is it going wrong?
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: ISA 2006 Enterprise Blacklist

            Originally posted by Dumber View Post
            hmmm although I think you're better off with something like websense those XML shouldn't give you a problem to import it into ISA server.
            Where is it going wrong?

            I think the issue may be, the black list I downloaded might be for a Isa standard edition. I am running ent edition. I have now worries finding the file and trying to import, it just won't work at all.

            Regards,

            David

            Comment


            • #7
              Re: ISA 2006 Enterprise Blacklist

              Has the computerset or url set been populated?
              Marcel
              Technical Consultant
              Netherlands
              http://www.phetios.com
              http://blog.nessus.nl

              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
              "No matter how secure, there is always the human factor."

              "Enjoy life today, tomorrow may never come."
              "If you're going through hell, keep going. ~Winston Churchill"

              Comment


              • #8
                Re: ISA 2006 Enterprise Blacklist

                Originally posted by au010900 View Post
                I think the issue may be, the black list I downloaded might be for a Isa standard edition. I am running ent edition. I have now worries finding the file and trying to import, it just won't work at all.

                Regards,

                David

                not quite sure as to how to actually populate that.

                Comment


                • #9
                  Re: ISA 2006 Enterprise Blacklist

                  Ok..
                  Have you read this one?
                  http://www.isaserver.org/articles/20...blocklist.html
                  Marcel
                  Technical Consultant
                  Netherlands
                  http://www.phetios.com
                  http://blog.nessus.nl

                  MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                  "No matter how secure, there is always the human factor."

                  "Enjoy life today, tomorrow may never come."
                  "If you're going through hell, keep going. ~Winston Churchill"

                  Comment


                  • #10
                    Re: ISA 2006 Enterprise Blacklist

                    Originally posted by Dumber View Post
                    I have no worries in creating the url set to be populated, it is the blocklist that wont work. I just cant import the file. Any ideas?

                    Comment


                    • #11
                      Re: ISA 2006 Enterprise Blacklist

                      I think I found it...
                      Please hold, I'll check it out for you.
                      Marcel
                      Technical Consultant
                      Netherlands
                      http://www.phetios.com
                      http://blog.nessus.nl

                      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                      "No matter how secure, there is always the human factor."

                      "Enjoy life today, tomorrow may never come."
                      "If you're going through hell, keep going. ~Winston Churchill"

                      Comment


                      • #12
                        Re: ISA 2006 Enterprise Blacklist

                        Ok cool, I found it....
                        I'm note sure if you use SP1 or not but that's a small modification in the string: fpc4:Build.
                        I know there are some "small" differences between the files but I didn't know it anymore on top of my head.

                        What I did was modifiying the xml file.
                        The file is outdated (created for ISA 2004) and for ISA 2006 some headers needed to be changed.

                        Ok, the original header;

                        Code:
                        <?xml version="1.0" encoding="UTF-8"?>
                        <fpc4:Root xmlns:fpc4="http://schemas.microsoft.com/isa/config-4" xmlns:dt="urn:schemas-microsoft-com:datatypes" StorageName="FPC" StorageType="0">
                        	<fpc4:Build dt:dt="string">4.0.2161.50</fpc4:Build>
                        	<fpc4:Comment dt:dt="string"/>
                        	<fpc4:Edition dt:dt="int">80</fpc4:Edition>
                        	<fpc4:ExportItemClassCLSID dt:dt="string">{AA2E238A-0B11-4EF8-9257-DA4864F87A5A}</fpc4:ExportItemClassCLSID>
                        	<fpc4:ExportItemStorageName dt:dt="string">{95AA0FC8-40A6-4B33-9441-30558D6359E0}</fpc4:ExportItemStorageName>
                        	<fpc4:IsaXmlVersion dt:dt="string">1.0</fpc4:IsaXmlVersion>
                        	<fpc4:OptionalData dt:dt="int">4</fpc4:OptionalData>
                        	<fpc4:Upgrade dt:dt="boolean">0</fpc4:Upgrade>
                        	<fpc4:Arrays StorageName="Arrays" StorageType="0">
                        		<fpc4:Array StorageName="{F61C8CA4-192F-481F-81D0-9D3D47BE5D47}" StorageType="0">
                        			<fpc4:Components dt:dt="int">-1</fpc4:Components>
                        			<fpc4:Name dt:dt="string"/>
                        the new header, the changes marked in red...

                        Code:
                        <?xml version="1.0" encoding="UTF-8"?>
                        <fpc4:Root xmlns:fpc4="http://schemas.microsoft.com/isa/config-4" xmlns:dt="urn:schemas-microsoft-com:datatypes" StorageName="FPC" StorageType="0">
                        	<fpc4:Build dt:dt="string">5.0.5720.100</fpc4:Build>
                        	<fpc4:Comment dt:dt="string"/>
                        	<fpc4:Edition dt:dt="int">32</fpc4:Edition>
                        	<fpc4:ExportItemClassCLSID dt:dt="string">{AA2E238A-0B11-4EF8-9257-DA4864F87A5A}</fpc4:ExportItemClassCLSID>
                        	<fpc4:ExportItemStorageName dt:dt="string">{95AA0FC8-40A6-4B33-9441-30558D6359E0}</fpc4:ExportItemStorageName>
                        	<fpc4:IsaXmlVersion dt:dt="string">5.30</fpc4:IsaXmlVersion>
                        	<fpc4:OptionalData dt:dt="int">12</fpc4:OptionalData>
                        	<fpc4:Upgrade dt:dt="boolean">0</fpc4:Upgrade>
                        	<fpc4:Arrays StorageName="Arrays" StorageType="0">
                        		<fpc4:Array StorageName="{F61C8CA4-192F-481F-81D0-9D3D47BE5D47}" StorageType="0">
                        			<fpc4:Components dt:dt="int">-1</fpc4:Components>
                        			<fpc4:DNSName dt:dt="string"/>
                        			<fpc4:Name dt:dt="string"/>
                        Ok, this worked for me on my ISA server.
                        For more information you can read it over here:
                        http://www.isaserver.org/tutorials/E...2004-2006.html

                        I'll attach the file in a moment, straight from my ISA server. If you import that file everything will be ok.
                        If you don't trust me with that file, you can easily replace the header and it will work.
                        If you have SP1 installed review the document or review your isa server version found in the console (arrays --> array name --> configuration --> servers --> rightclick server and there you find the version number)

                        edit: file attached, blocklist.zip, containing blocklist.xml and blocklist new.xml

                        Added;
                        After importing the blocklist, you should create an access rule and set the blocklist as the destination.
                        So create a new access rule, set it on deny, all outbound traffic, from the internal applicable networks, to the blocklist sources.
                        That should do it.
                        Attached Files
                        Last edited by Dumber; 23rd December 2008, 18:21.
                        Marcel
                        Technical Consultant
                        Netherlands
                        http://www.phetios.com
                        http://blog.nessus.nl

                        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                        "No matter how secure, there is always the human factor."

                        "Enjoy life today, tomorrow may never come."
                        "If you're going through hell, keep going. ~Winston Churchill"

                        Comment

                        Working...
                        X