1 Understanding how reverse-proxy servers work.
7
That said, many organizations are not willing to simply throw away existing security infrastructure,
such as packet-filter firewalls, VPN solutions, intrusion detection equipment,
and the like. The real advantage in ISA??™s case is that it is not necessary to replace anything
currently in place. Deploying ISA as a dedicated reverse-proxy security appliance simply
adds a layer of security to an environment, and the only configuration required to existing
firewalls in this deployment scenario is creating rules for the type of traffic (such as
HTTP or HTTPS) needed to process the request.
One of the key points to this type of deployment scenario is that it removes the ???religious???
debates about Microsoft products from the conversation. It no longer becomes
necessary to try to convince skeptical security personnel that the keys to the entire organization
should be held by a Microsoft product. Instead, ISA is deployed and governed by
the rules set forth by the existing security infrastructure. This also keeps Exchange frontend
servers and other types of application servers and their need for ???swiss-cheese??? firewall
rules out of the DMZ.
Pages:
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346