Click Next to continue.
4. The next dialog box displayed offers the opportunity to modify Registry settings to
block communication with particular types of clients. It is generally advisable not to
skip this section, so the check box should not be checked. Click Next to continue.
The subsequent dialog box, shown in Figure 2.14, allows for the server to be locked down
to accept only Server Message Block (SMB) traffic, which is Microsoft??™s file and print
traffic, that has been digitally signed. Because most ISA server implementations do not
allow SMB traffic to reach the server, this setting becomes moot. However, if the Firewall
client share is configured, SMB traffic is allowed, and it is much more secure to force the
SMB traffic to be digitally signed, so as to avoid ???man in the middle??? types of exploits
against the ISA server.
Although it is true that enabling this option prevents downlevel clients (Windows 3.1,
Windows 95/98 without the Directory Services Client, Windows NT pre??“Service Pack 6a)
from connecting to the Firewall client share, they are not supported by the Firewall client,
so it is not desirable to grant them access.
Pages:
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171