Microsoft ISA Server 2006 Unleashed [Unleashed Series]

Author: Michael Noel

ISBN-10: 0672329190

ISBN-13: 9780672329197

Category: Web Programming / Development

Search in google:

ISA Server 2006 is a robust application layer firewall that provides organizations with the ability to secure critical business infrastructure from the exploits and threats of the modern computing world. ISA’s ability to act as an edge firewall, a Virtual Private Networking solution, a reverse proxy server, or a content caching device give it unprecedented flexibility and position it as a valuable security tool for many types of organizations. ISA Server 2006 Unleashed provides insight into the inner workings of the product, as well as providing best-practice advice on design and implementation concepts for ISA. In addition to detailing commonly requested topics such as securing Outlook Web Access, deploying ISA in a firewall DMZ, and monitoring ISA traffic, this book provides up-to-date information about the new enhancements made to the 2006 version of the product. The author draws upon his experience deploying and managing enterprise ISA environments to present real-world scenarios, outline tips and tricks, and provide step-by-step guides to securing infrastructure using ISA.

IntroductionIntroduction\ It is rare to run into that one product that impresses technical audiences in the way that ISA Server has managed to. As I prepared to write this book, what surprised me was not ISA's ability to wow and charm Microsoft-centric environments, but its ability to impress the Microsoft-skeptic crowds as well. These are the ones who have been skeptical of anything coming out of Redmond with "Security" in its title—for good reason in many cases. So, from its release, ISA faced a seemingly insurmountable uphill battle for acceptance, which makes its success even more impressive.\ I have had the luxury of working closely with several of the best technologies Microsoft has produced: Active Directory, SharePoint, Exchange, and SQL Server. It therefore takes a powerful product for me to be impressed, and ISA Server 2006, and its closely related predecessor, ISA Server 2004, really has done that. ISA functionality is broad, with VPN, reverse-proxy, firewall, content-caching, and protocol- filtering capabilities. Marketing slogans are one thing, but this product really does live up to its billing. I have deployed, administered, and tested ISA Server at organizations of many sizes and functions, from city governments to banks to law firms to technology firms, and have had great success with the product. The breadth and depth of functionality that ISA provides makes my job designing security for these types of environments that much easier.\ This book is the result of my experience and the experiences of my colleagues at Convergent Computing in working with ISA Server Standard and Enterprise versions, in the beta stages and in deployment.I wrote this book to be topical, so that you can easily browse to a particular section and follow easy-to-understand step-by-step scenarios. In addition, if you are looking for a good overview on ISA, the book can be read in sequence to give you a good solid understanding of the higher levels of security and functionality ISA can provide.The Target Audience of This Book\ This book is geared toward information technology professionals who have moderate to high levels of exposure to firewall, security, and network technologies. It is ideal for those administrators who need a good in-depth knowledge of how ISA works and how it can be used to perform common tasks. In addition, this book is ideal for security administrators who are looking to deploy ISA as an additional layer of security in an existing environment, particularly for securing Outlook Web Access, websites, and other internal services.The Organization of This Book\ This book is divided into four parts, as follows:\ \ \ Part I: Designing, Exploring, and Understanding ISA Server 2006—This section covers the basics of ISA Server 2006, including an overview of the technology, a walkthrough of the tools and features, and specific installation steps. In addition, design scenarios for ISA deployment are presented and analyzed, and migration steps from ISA 2000 are given.\ \ \ Part II: Deploying ISA Server 2006—This section covers the deployment of ISA technologies, discussing multiple common scenarios for which ISA is often used. Discussion surrounding ISA firewall, content caching, reverse proxy, and Enterprise version deployment is discussed, and step-by-step deployment guides are illustrated. In addition, detailed analysis of Virtual Private Network support, including both client and site-to-site VPN, is covered.\ \ \ Part III: Securing Servers and Services with ISA Server 2006—Part III focuses on the specifics of securing protocols and services using the built-in HTTP, FTP, RPC, and other filters in ISA Server 2006. Specific instructions on how to use ISA to secure Microsoft Exchange Outlook Web Access (OWA), including the common scenario of deploying ISA within the DMZ of an existing firewall, are outlined in depth. In addition, securing techniques for SharePoint sites, web servers, Outlook MAPI traffic, and other common scenarios are explained.\ \ \ Part IV: Supporting an ISA Server 2006 Infrastructure—The nuts and bolts of administering, maintaining, and monitoring an ISA Server 2006 environment are explained in this section, with particular emphasis on the day-to-day tasks that are needed for the "care and feeding" of ISA. Critical tasks that are often overlooked, such as automating ISA Server Configuration backups and documenting ISA Server rules, are presented and analyzed. Throughout this section, tips and tricks to keep ISA well maintained and working properly are outlined.\ \ \ Conventions Used in This Book\ The following conventions are used in this book:\ \ Caution - Cautions alert you to common pitfalls that you should avoid.\ \ \ Tip - Tips are used to highlight shortcuts, convenient techniques, or tools that can make a task easier. Tips also provide recommendations on best practices you should follow.\ \ \ Note - Notes provide additional background information about a topic being described, beyond what is given in the chapter text. Often, notes are used to provide references to places where you can find more information about a particular topic.\ \ \ Sidebar - A sidebar provides a deeper discussion or additional background to help illuminate a topic.\ \ If you are like many out there recently tasked with an ISA project or simply looking for ways to bring security to the next level, this book is for you. I hope you enjoy reading it as much as I enjoyed creating it and working with the product.\ \ © Copyright Pearson Education. All rights reserved.

Table of Contents Introduction 1 Part I Designing, Exploring, and Understanding ISA Server 2006 1 Introducing ISA Server 2006 7 2 Installing ISA Server 2006 33 3 Exploring ISA Server 2006 Tools and Concepts 65 4 Designing an ISA Server 2006 Environment 113 Part II Deploying ISA Server 2006 5 Deploying ISA Server 2006 as a Firewal 135 6 Deploying ISA Server Arrays with ISA Server 2006 Enterprise Edition 157 7 Deploying ISA Server as a Reverse Proxy in an Existing Firewall DMZ 185 8 Deploying ISA Server 2006 as a Content Caching Server 199 9 Enabling Client Remote Access with ISA Server 2006 Virtual Private Networks (VPNs) 221 10 Extending ISA 2006 to Branch Offices with Site-to-Site VPNs 277 11 Understanding Client Deployment Scenarios with ISA Server 2006 297 Part III Securing Servers and Services with ISA Server 2006 12 Securing Outlook Web Access (OWA) Traffic 315 13 Securing Messaging Traffic 345 14 Securing Web (HTTP) Traffic 381 15 Securing RPC Traffic 413 Part IV Supporting an ISA Server 2006 Infrastructure 16 Administering an ISA Server 2006 Environment 433 17 Maintaining ISA Server 2006 451 18 Backing Up, Restoring, and Recovering an ISA Server 2006Environment 469 19 Monitoring and Troubleshooting an ISA Server 2006 Environment 487 20 Documenting an ISA Server 2006 Environment 515 Index 539