Educause Security Discussion mailing list archives

Re: Websites Published via MS ISA

From: Michael Behun <behun () BUFFALO EDU>
Date: Tue, 24 Apr 2007 09:35:31 -0400

From past experience, cautiously use Domain Name Servers DNS to change IP

address for a short outage.  DNS Time To Live (TTL) is not followed by all
ISP, and some campus name servers.  I have seen hours pass before DNS cache
is updated by external ISP.  The effect is that during your outage a person
using Cable modem would not be able reach server (old DNS cache).  When your
server is up, their DNS server now is pointing to the "down for service" web
server.

Since your ISA server is using your internal name servers, which you
control, then DNS changes can be very useful.  You may also want to consider
using a failover setup.  If X server is not available, then the ISA redirect
service to backup server or "down for service" web server.  This setup is
nice when a server fails unexpectedly.

mike behun

-----Original Message-----
From: Karen Duncanson [mailto:duncans2 () OAKLAND EDU]
Sent: Monday, April 23, 2007 4:31 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Websites Published via MS ISA

I once used spider to spider, then ftp an entire website (4 front end
servers) to a single server located elsewhere. Swung the DNS to point to
the other location. We worked on the actual webservers until satisfied,
then swung DNS back. No one knew there was an outage.

This only works if there is no database access or other information
gathering software involved. You could clearly use it to move static
websites easily and temporarily. No one would realize there was an outage.

---- Original message ----

Date: Mon, 23 Apr 2007 15:05:08 -0400
From: Charlie Prothero <Charlie.Prothero () KEYSTONE EDU>
Subject: [SECURITY] Websites Published via MS ISA
To: SECURITY () LISTSERV EDUCAUSE EDU

  Hi, all!  I have a question/puzzle for you today.  We have a number of
  websites published through our ISA server.  We take the web servers
  down periodically for backup, and would like to route visitors to a
  notification page that provides info on system status, etc, for the
  duration of the backup.  Has anyone figured out a clever way to do
  that?

  Thanks!

  - Charlie

  Charlie Prothero

  CIO

                             Keystone College

                 One College Green  o  La Plume, PA 18440

                               570-945-8015

Karen Duncanson, CISSP, CCNA
UTS/Network Security Analyst
www.oakland.edu/uts
248-370-2675

Current thread:

Websites Published via MS ISA Charlie Prothero (Apr 23)
- <Possible follow-ups>
- Re: Websites Published via MS ISA Karen Duncanson (Apr 23)
- Re: Websites Published via MS ISA Michael Behun (Apr 24)