Table of Contents
Table of Contents
Introduction 1
Part I Designing, Exploring, and Understanding ISA Server 2006
1 Introducing ISA Server 2006 7
2 Installing ISA Server 2006 33
3 Exploring ISA Server 2006 Tools and Concepts 65
4 Designing an ISA Server 2006 Environment 113
Part II Deploying ISA Server 2006
5 Deploying ISA Server 2006 as a Firewal 135
6 Deploying ISA Server Arrays with ISA Server 2006 Enterprise Edition 157
7 Deploying ISA Server as a Reverse Proxy in an Existing Firewall DMZ 185
8 Deploying ISA Server 2006 as a Content Caching Server 199
9 Enabling Client Remote Access with ISA Server 2006 Virtual Private Networks (VPNs) 221
10 Extending ISA 2006 to Branch Offices with Site-to-Site VPNs 277
11 Understanding Client Deployment Scenarios with ISA Server 2006 297
Part III Securing Servers and Services with ISA Server 2006
12 Securing Outlook Web Access (OWA) Traffic 315
13 Securing Messaging Traffic 345
14 Securing Web (HTTP) Traffic 381
15 Securing RPC Traffic 413
Part IV Supporting an ISA Server 2006 Infrastructure
16 Administering an ISA Server 2006 Environment 433
17 Maintaining ISA Server 2006 451
18 Backing Up, Restoring, and Recovering an ISA Server 2006 Environment 469
19 Monitoring and Troubleshooting an ISA Server 2006 Environment 487
20 Documenting an ISA Server 2006 Environment 515
Index 539
Forewords & Introductions
Introduction
It is rare to run into that one product that impresses technical audiences in the way that ISA Server has managed to. As I prepared to write this book, what surprised me was not ISA's ability to wow and charm Microsoft-centric environments, but its ability to impress the Microsoft-skeptic crowds as well. These are the ones who have been skeptical of anything coming out of Redmond with "Security" in its title—for good reason in many cases. So, from its release, ISA faced a seemingly insurmountable uphill battle for acceptance, which makes its success even more impressive.
I have had the luxury of working closely with several of the best technologies Microsoft has produced: Active Directory, SharePoint, Exchange, and SQL Server. It therefore takes a powerful product for me to be impressed, and ISA Server 2006, and its closely related predecessor, ISA Server 2004, really has done that. ISA functionality is broad, with VPN, reverse-proxy, firewall, content-caching, and protocol- filtering capabilities. Marketing slogans are one thing, but this product really does live up to its billing. I have deployed, administered, and tested ISA Server at organizations of many sizes and functions, from city governments to banks to law firms to technology firms, and have had great success with the product. The breadth and depth of functionality that ISA provides makes my job designing security for these types of environments that much easier.
This book is the result of my experience and the experiences of my colleagues at Convergent Computing in working with ISA Server Standard and Enterprise versions, in the beta stages and in deployment. Iwrote this book to be topical, so that you can easily browse to a particular section and follow easy-to-understand step-by-step scenarios. In addition, if you are looking for a good overview on ISA, the book can be read in sequence to give you a good solid understanding of the higher levels of security and functionality ISA can provide.
The Target Audience of This BookThis book is geared toward information technology professionals who have moderate to high levels of exposure to firewall, security, and network technologies. It is ideal for those administrators who need a good in-depth knowledge of how ISA works and how it can be used to perform common tasks. In addition, this book is ideal for security administrators who are looking to deploy ISA as an additional layer of security in an existing environment, particularly for securing Outlook Web Access, websites, and other internal services.
The Organization of This BookThis book is divided into four parts, as follows:
- Part I: Designing, Exploring, and Understanding ISA Server 2006—This section covers the basics of ISA Server 2006, including an overview of the technology, a walkthrough of the tools and features, and specific installation steps. In addition, design scenarios for ISA deployment are presented and analyzed, and migration steps from ISA 2000 are given.
- Part II: Deploying ISA Server 2006—This section covers the deployment of ISA technologies, discussing multiple common scenarios for which ISA is often used. Discussion surrounding ISA firewall, content caching, reverse proxy, and Enterprise version deployment is discussed, and step-by-step deployment guides are illustrated. In addition, detailed analysis of Virtual Private Network support, including both client and site-to-site VPN, is covered.
- Part III: Securing Servers and Services with ISA Server 2006—Part III focuses on the specifics of securing protocols and services using the built-in HTTP, FTP, RPC, and other filters in ISA Server 2006. Specific instructions on how to use ISA to secure Microsoft Exchange Outlook Web Access (OWA), including the common scenario of deploying ISA within the DMZ of an existing firewall, are outlined in depth. In addition, securing techniques for SharePoint sites, web servers, Outlook MAPI traffic, and other common scenarios are explained.
- Part IV: Supporting an ISA Server 2006 Infrastructure—The nuts and bolts of administering, maintaining, and monitoring an ISA Server 2006 environment are explained in this section, with particular emphasis on the day-to-day tasks that are needed for the "care and feeding" of ISA. Critical tasks that are often overlooked, such as automating ISA Server Configuration backups and documenting ISA Server rules, are presented and analyzed. Throughout this section, tips and tricks to keep ISA well maintained and working properly are outlined.
Conventions Used in This BookThe following conventions are used in this book:
Caution - Cautions alert you to common pitfalls that you should avoid.
Tip - Tips are used to highlight shortcuts, convenient techniques, or tools that can make a task easier. Tips also provide recommendations on best practices you should follow.
Note - Notes provide additional background information about a topic being described, beyond what is given in the chapter text. Often, notes are used to provide references to places where you can find more information about a particular topic.
Sidebar - A sidebar provides a deeper discussion or additional background to help illuminate a topic.
If you are like many out there recently tasked with an ISA project or simply looking for ways to bring security to the next level, this book is for you. I hope you enjoy reading it as much as I enjoyed creating it and working with the product.
Download