???
197
7
Understanding Advanced ISA Security in Enterprise Environments
Monitoring and Intrusion Detection on ISA Servers in the DMZ
Monitoring an ISA server in a firewall??™s DMZ can prove to be particularly challenging. The
firewall itself is often configured to not allow remote access traffic over common ports,
such as the MMC console (RPC-based) access or Remote Desktop Protocol (RDP). For this
type of access to be allowed, the ISA server must first allow it, and then the firewall itself
must allow it as well. This involves opening the proper ports on the firewall from
management consoles to the ISA server itself. In worst-case scenarios, management of ISA
itself can take place only via the attached keyboard, mouse, and video connection on the
server itself.
For more information on monitoring an ISA server, see Chapter 19, ???Monitoring and
Troubleshooting ISA Server 2006.???
Summary
Although it doesn??™t take full advantage of all ISA Server 2006 has to offer, the deployment
scenario of an ISA server in the DMZ of an existing firewall is very common, and can be a
useful component of a broad security strategy. ISA Server 2006 is a relatively cost-effective
approach to maximizing the security of edge-facing web services.
Pages:
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362