IN THIS CHAPTER
Internet Security and Acceleration Server 2004 (ISA) is an advanced firewall designed specifically with the protection of Microsoft products in mind. Exchange, Microsoft Office, Outlook Web Access, SharePoint, Internet Information Server, Routing and Remote Access, Active Directory, Outlook Mobile Access, Remote Web Workplace, and Outlook over the Internet (http over RDP) are all protected best by Microsoft's own firewall. Because of the unique position of having all these applications running on a single server, using the best firewall protection is imperative. Although you'll get some push back from "hardware" firewall aficionados, when the talk turns to protecting Active Directory, using Exchange RDP, and inspecting SSL and VPN tunnels, the "hardware is better" guys quickly fall silent, unless they've spent many thousands of dollars acquiring and properly configuring a high-end enterprise firewall. ISA allows the SBS administrator to protect the network using sophisticated inspection and detection technologies at a fraction of the cost and administrative effort.
Note Making sure that your SBS network is secure is an ongoing process, and it doesn't stop with ISA Server. No discussion on any security topic can be complete without a mention of keeping client PC operating systems and applications fully patched; spyware, adware, malware, and viruses off your network; and wireless networks secure. By any measure ISA isn't an easy product to master. Just as other components of SBS, such as Exchange Server, warrant an investment in training on your part, so does ISA. Enterprise IT administrators spend their whole careers mastering Exchange or ISA. If you're an SBS admin, you're expected to know both and more, so it's best to admit right from the get go that you probably won't have all the information that you need at all times already in your skill set or stored in your brain for ready access. Fortunately, some excellent free resources are available for troubleshooting, configuring, and learning ISA 2004. (See the sidebar "Free Resources for ISA Learning.") Handy built-in templates and wizards also are available, which we'll point out along the way and show a few tweaks you may want to make. This chapter focuses on things in ISA specific to or at least significant in the default configuration of SBS.
|