Chapter7.Deploying ISA Server as a Reverse Proxy in an Existing Firewall DMZ


Chapter 7. Deploying ISA Server as a Reverse Proxy in an Existing Firewall DMZ

IN THIS CHAPTER

  • ISA Server 2004 as a Security Appliance

  • Deploying Unihomed ISA Server 2004 Security Appliances

  • Configuring Existing Firewalls to Utilize ISA Server 2004 Reverse Proxy

  • Publishing and Securing Services in an Existing DMZ

  • Understanding Advanced ISA Security in Enterprise Environments

  • Summary

  • Best Practices

Although ISA Server can fit many roles within organizations, such as VPN server, Edge Firewall, Content caching device, and many more, it is not always used to fill these roles. In many deployment scenarios, ISA Server 2004 is used solely in its reverse proxy functionality. In these configurations, ISA is typically deployed in the perimeter (DMZ) network of an existing firewall, and protects web and related services such as Exchange Outlook Web Access (OWA) from external intrusion and attack. Although it does not take full advantage of ISA features, this is a perfectly valid deployment scenario, and a relatively common one at that.

Many organizations are finding that ISA Server 2004 provides for a relatively inexpensive solution to the problem of securing Internet-facing services. It doesn't require them to replace existing firewall or security infrastructure or make ISA a domain member. An ISA Server, deployed with a single NIC, looks and acts like the target web or OWA server, while instead acting as a proxy for the traffic, intercepting it and scanning it at the Application layer of the TCP/IP stack. Indeed, this is often how ISA first makes it into an organization: as security dictates an answer to the problems faced when services are exposed to the Internet.

This chapter focuses on the deployment scenarios involved with deploying ISA as a Security Appliance in the DMZ network of an existing firewall. Attention to the differences in setup and configuration between this model and the other ISA deployment models is outlined, and best practice configuration information on deploying ISA in this manner is provided, including such common tasks as securing OWA, SharePoint sites, and web servers.



    Microsoft Internet Security and Acceleration ISA Server 2004 Unleashed
    Microsoft Internet Security and Acceleration (ISA) Server 2004 Unleashed
    ISBN: 067232718X
    EAN: 2147483647
    Year: 2005
    Pages: 216
    Authors: Michael Noel

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net