This includes common
attack targets such as Outlook Web Access servers, SharePoint sites, and any other websites.
ISA Server 2006 contains preconfigured and intelligent rules that allow for the configuration
of reverse-proxy capabilities that scan, filter, and reprocess the traffic sent to web
servers, allowing for intelligent web filtering in addition to hard-to-find capabilities such
as end-to-end SSL processing. For those organizations that are not in a position to restructure
their existing security configuration, these capabilities provide them with an impressive
additional layer of security without making any fundamental changes to their
environment.
Best Practices
. If the existing security configuration cannot be changed, consider ISA Server 2006
for reverse-proxy configuration in the DMZ of existing firewalls.
. Use the Enterprise version of ISA Server 2006 if redundancy and failover of ISA functionality
is needed.
. Never install any IIS components (except the SMTP service) directly on an ISA server.
. Use RADIUS or SecurID authentication when the ISA server is not a domain member.
. Use a hosts file on the ISA server to properly resolve the FQDN of SSL-encrypted web
pages, and use the full name in the ISA rule.
Pages:
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363