Using Protocol Rules to Block Specific Protocol Access to Sites

In this tutorial I will cover how to block specific user accessing a resource related to a specific protocol on the internet. In most business environments it becomes important to have granular control on your domain users and your IP protocol stack. With this in mind you will find that you can use ISA to reduce specific protocol traffic at various times making more bandwidth available for other more productive activities.

In this tutorial lets create a company policy that states that guests may not download FTP based files at anytime.

1.   The diagram above shows where protocol rules can be found. Right click protocol rules then click new then click rule.

2.   Name your rule in this case I gave it a name I will be able to identify at a later stage Block FTP. Then click next.

3.   Select the deny radio button this will set the deny action in motion. Now click next.

4.   Click on the selected protocols this screen is the start of granular control.

5.   Now select your protocol. I have selected ftp download only and I have checked that box. Now click next

6.   Now you need to set the time that the rule will apply. I have selected always because of the policy. This is selecting an existing schedule that you can crate and edit. In this example I have used the default schedule. Select always and then click next.

7.   You are now presented with this screen with this screen. Select specific users and groups as you want to apply this rule to only the guest accounts. Now click next.

8.   Click on add to select your users.

9.   For the purposed of this exercise I have selected the local guest account on the ISA server you can click on the dropdown box and normally see a list of connected domains and if trusts are in place when using NT4 you should be able to connect to the other domain and select users form that domain. In this example click on the local guest account local to the ISA server and click add and then ok.

10.  Now click on next if the displayed account is correct.

 

11.   Look through the summary information presented to you at the end of the rule creation process and read through it to verify that this is what you want to do. Caution: Miss configuring a protocol rule can result in you ISA server blocking traffic.

Summary

Knowing that you can use a protocol rules to have granular control over all your protocols results in understanding the power of ISA on a troubled network. Most of the time when your network traffic is analyzed you wonder how you would stop people from downloading those FTP files from unsolicited sites or how would stop other types of bandwidth hungry applications. Protocol rules are the answer to this reoccurring problem.

About Ricky M. Magalhaes

Ricky M Magalhaes is an International Information Security business specialist, author and consultant, working with a myriad of high profile organizations. He has been consulting in the information security field for over ten years and continues to promote information security best practice, strategic and compliance to many top international entities. He has trained the government agencies and other governmental entities on various information security disciplines and has often spoken at national and international conferences on behalf of Microsoft.

Click here for Ricky M. Magalhaes's section.

Share this article

Receive all the latest articles by email!

Get all articles delivered directly to your mailbox as and when they are released on WindowSecurity.com! Choose between receiving instant updates with the Real-Time Article Update, or a monthly summary with the Monthly Article Update.



Receive all the latest articles by email!

Receive Real-Time & Monthly WindowSecurity.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowSecurity.com member!

Discuss your security issues with thousands of other network security experts. Click here to join!

Community Area

Log in | Register

Solution Center

Readers' Choice

Which is your preferred Patch Management solution?