Best Practices

  • If the existing security configuration cannot be changed, consider ISA Server 2004 for reverse-proxy configuraiton in the DMZ of existing firewalls.

  • Use the Enterprise version of ISA Server 2004 if redundancy and failover of ISA functionality is needed.

  • Never install any IIS components (except the SMTP service) directly on an ISA server.

  • Use the SMTP Screener service on a unihomed ISA server to secure SMTP mail flow to and from the Internet.

  • Use RADIUS or SecurID authentication when the ISA server is not a domain member.

  • Use a hosts file on the ISA server to properly resolve the FQDN of SSL-encrypted web pages, and use the full name in the ISA rule.

  • If needing a pre-built, pre-configured security solution for reverse proxy capabilities, consider the ISA Server 2004 appliances provided by third-party vendors.

  • Follow the securing procedures outlined in the other chapters of this book, only changing the listener network to point to All Networks when ISA is deployed as a unihomed server.

    Microsoft Internet Security and Acceleration ISA Server 2004 Unleashed
    Microsoft Internet Security and Acceleration (ISA) Server 2004 Unleashed
    ISBN: 067232718X
    EAN: 2147483647
    Year: 2005
    Pages: 216
    Authors: Michael Noel

    Similar book on Amazon © 2008-2017.
    If you may any questions please contact us: