Configuring alerts to notify the administrator through email





You are able to shutdown your services startup other services run applications and scripts and also send e-mail. In this exercise I will be showing you how to send an e-mail to the administrator. Although this is a fairly simple procedure, if this has not been done yet, how are you being notified that attackers are attempting to intrude? It is vital that you know that people are trying to port scan or violate your systems. As it is well known in the hackers underground world that good port scanner is worth a thousand passwords.


Alerting is a part of ISA server that is often overlooked and because of this the professional that setup the ISA server intrinsically gives the intruder the upper hand as the professional has no other immediate way of knowing that the ISA server or protected network is being attacked.  Such a simple solution will thwart attack yet 905 of consultation with client’s reveals that Alerts have not been set and if they have been set administrators often ignore or do not know what reaction to apply.


 


In this day of constant attacks and intrusions it becomes increasingly difficult to respond to all threats and intrusion attempts and this is why you need ISA’s built in Alerting functionality to be operational as it can shut down services if the professional is not at the station.  Alert notification configuration follows:


To start the configurations please follow the steps below:


1.




Click on your ISA server then click Monitoring and configuration then click Alerts.


2.




In the details pane, right click the alert of your choice, and click Properties the alert object you have chosen


3.




In the Alert Properties dialog box, click the Actions tab


4. Remember to select an SMTP server that allows the ISA server to relay messages.  Some servers do not allow relays and this in turn will cause the messages not to reach the administrator.


5. Make sure the alert is enabled. You can do this by checking in the details pane if there is a down red arrow on the alert or not.



 Enabled


 Disabled


ISA Alert information


 


Microsoft ISA Server has many alerts already configured within the alerts tab that you can enable and these alerts will notify the administrator if thresholds are breached. For example, if there is an Intrusion attempt, and the applicable art has been enabled the administrator will be notified. Alerts have comprehensive trigger mechanisms that help when a situation arises and no human interaction is available.  A good example is if there is an intrusion and there is no administrator around to respond ISA can be configured to stop services.  You should think of Alerts like a house alarm and the administrator as the armed response company in place that will be called to the scene if the alarm is triggered.  If an administrator has not been schedule to be around at ood hours when intrusions take place it should be noted that no reaction may be taken and then it may be advisable to shutdown certain services.


 


Logging


 


It is important to understand logging of these alerts and where they are stored and how important it is for constant central monitoring of these logs. 


 


Note: ISA logging can be done to the local hard disk into a text based file or redirected onto a database for future manipulation and report writing.


 


Summary


 


I strongly recommend that you implement the method of alerting shown above if you have no other way or knowing that you are being attacked. Many companies are blind to the outside world, they have an understanding that there is no one out to get them and that they are safe. I have very unsettling news. There are hundreds of people out there with no jobs and an internet connection and some of these people have curious minds. These self proclaimed hackers port scan and try every exploit they know on systems and if they find a few ports open they keep searching. People that are not aware that they are being scanned are in more danger than those that are aware because of the latent problem, the people that know of the scan can protect themselves against these malicious cyber terrorists. You can set up your ISA server to alert you by SMS on your cellular phone. You can do this by finding a service provider in your country that has an e-mail gateway that converts normal SMTP e-mails in to a 160 character SMS in this way you can always be alerted that someone out there is trying his/her luck with you network.

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top