Add SSL Tunnel Ports


Https websites are used by many banks and other financial institutions to provide secure transmission of data. By default the only SSL port that is allowed is 443. This means that ISA only allows secure socket layer communications to happen on this port. This is the standard port used by https websites. Some administrators have varied from the standard port and are using other ports for secured communication. If you find that you are unable to access an https website, the first step is to call the administrator of the website and ask which port is being using for SSL. For the purposes of our example we'll say that the website requires port 5443.

The SSL port designations held in the Registry are a little difficult to modify directly. Fortunately, the website http://isatools.org, which is known for housing many useful ISA scripts, has one that makes adding, removing, and displaying your SSL ports easy. The script can be downloaded at http://isatoools.org/ISA_tpr.js.

After you have downloaded the script, simply double-clicking on it causes it to display which SSL ports are currently installed on your server. However, running it from the command prompt is where the power is. Enter /? After the filename and press Enter to view the available switches and syntax for this script.

To allow SSL communications on port 5443 enter the following at the command prompt after navigating to the folder where you have saved the script. We'll call the port bankport5443. Type Isa_tpr.js /add bankport5443 5443 and press Enter. (see Figure 24.12) After the command has processed, a Windows Script Host box pops up and reminds you to restart the Web Proxy service; click OK. Another series of script boxes appear that display the new port information.

Figure 24.12. Using the script to create a new port for SSL also confirms that it was successful.


Nonstandard SSL Ports

Many financial institutions and ecommerce stores use SSL to secure data transmissions. The standard port for these communications is 443, but some locations use other ports, sometimes for security by obscurity reasons, sometimes for other internal reasons. ISA restricts SSL communications to port 443. SSL communications are encrypted, and many firewalls cannot determine what is contained within the packet. If you are hosting an SSL website, ISA has the capability to look into the packet, inspect the contents, encrypt it again, and let it continue on its way. ISA uses SSL Bridging to achieve this. In this way, Trojans, viruses, or other malformed contents can't make their way into the network simply because they are in an SSL tunnel. When adding an SSL port to ISA the same protection is afforded to these additional ports.





Microsoft Small Business Server 2003 Unleashed
Microsoft Small Business Server 2003 Unleashed
ISBN: 0672328054
EAN: 2147483647
Year: 2005
Pages: 253

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net