Anil John - Tivo behind an ISA Server 2004

Subscribe via E-Mail

About Me | Contact Me

Latest Tweet

follow me on Twitter

Resources

Want ABAC? Across Organizations? Start with Policy!

Federal ICAM Support for Identity Federation Flows

Future of Identity Management is… Now!

NIST SP 800-73-3 and PIV-I

SAML2 Profiles for PIV Subjects and Backend Attribute Exchange

Reality of XACML PEP-PDP Interoperability

Authentication, PKI and SAML

SAML 2.0 Assertion Syntax

Guidelines for XML Schema Design to Improve Web Services Interoperability

:: Complete Archive ::

Disclaimer & Copyright

The entries in my blog are solely my opinions and do not represent the thoughts, intentions, plans or strategies of any third party, including my employer, except where explicitly stated.

Needless to say, a blog is a snapshot in time. As I interact with the community at large, and learn more about various topics, my thoughts and opinions are subject to change. As such you should not consider out of date posts to reflect my current thoughts and opinions.

Tags/Categories

My blog has moved and can now be found at http://blog.aniljohn.com

No action is needed on your part if you are already subscribed to this blog via e-mail or its syndication feed.

Sunday, July 17, 2005

« XSDObjectGen - New Release | Main | Oyster Docking Station & Toshiba M200 Ta... »

Tivo behind an ISA Server 2004

I spent some time yesterday upgrading my SBS2003 home network to SP1. The document written by the SBS MVP’s on “How to Install Service Pack 1 for SBS 2003” was very helpful in this regard. Thank You!

I currently have a networked Tivo in my home network which I moved to a land line some time ago, primarily so that I could beef up the security on my wireless network. The Tivo firmware STILL does not support anything more than WEP and I most definitely was not comfortable with the “security” of WEP. The key point with having the Tivo on the home network is that, if you want it to use the network to connect to the Tivo service, you need to set it up as a SecureNAT client.

In ISA Server ~~2004~~ 2000, in addition to setting it up as a SecureNAT client, I had to open the out-bound TCP ports 1026, 4006 and 8080 for the Tivo to connect to the service. The great thing in ISA 2004 was that I could get rid of all of those extra items that I needed to set up.

In ISA Server 2004:

Internet Access Firewall Policy: Tivo => External Network
External network is predefined in ISA and I added the Tivo as a Computer Network Object
Protocol == All Out-bound Traffic
Condition == All Users
All Users group includes both authenticated and unauthenticated users. The SecureNAT client is an unauthenticated user.
Go into the HTTP Protocol and disable the “Web Proxy” Application Filter.

The above limits unauthenticated users to the Tivo box which is now on a closed land line network which I physically control. All other machines in the network require authentication and utilize the ISA 2004 Firewall client.

Tags:: Security

7/17/2005 1:16 PM Eastern Daylight Time | Comments [3] | Disclaimer | Permalink

Thursday, July 28, 2005 7:36:36 PM (Eastern Daylight Time, UTC-04:00)

Ran across your blog while researching backup plans and security for a home network. From what I have read it appears that we have similiar setups. Mine is minus the deticated server. Do you have a backup plan for your network? I have two users on four machines and I am trying to come up with a nice automated procedure.

Keep up the good work.

Bill

Thursday, July 28, 2005 8:56:24 PM (Eastern Daylight Time, UTC-04:00)

Bill -- Absolutely. First of all, all of my client machines have their My Documents folder redirected to the server and I have "trained" my family :-) to not put any of their documents outside of the My Documents structure. (Since they run as local user's and not as a power user or administrator, they really don't have the permissions to write to the local file system anyway). I have a base machine snapshot of the OS that I can use to quickly restore their machines if I need to flatten and rebuild their machines. My personal machines (desktop and laptop) are backed up to to the server using NT backup on a nightly basis.

My server is configured with hardware RAID 1 (Mirrored) and is running off a big UPS. SBS has a very nice back up scheme using the built in backup softare that actually backs up my exchange, Sharepoint, file system and more. That backup is done every other night to an external USB 2.0 hard disk. I also replicate the client back-ups to the USB drive at the same time. I usually take the USB drive back and forth with me to work just to have it off-site when I am not at home.

All in all, I use a combination of the built in back up software and some batch files running using windows scheduler. I've been pretty happy with it so far.

Anil John

Monday, November 28, 2005 7:02:09 AM (Eastern Standard Time, UTC-05:00)

If you need a reliable Outlook Express backup program to secure your data. While standard OE backup methods are time-consuming and require advanced technical knowledge about the system, we offer a simple solution you can use on a daily basis - Outlook Express Backup Tiger.

outlook express backup software

Comments are closed.

My blog has moved and can now be found at http://blog.aniljohn.com No action is needed on your part if you are already subscribed to this blog via e-mail or its syndication feed.

My blog has moved and can now be found at http://blog.aniljohn.com

No action is needed on your part if you are already subscribed to this blog via e-mail or its syndication feed.