Through these
types of deployment configurations, as shown in Figure 15.2, ISA Server RPC filtering can
greatly limit the risk of RPC-based attacks.
417 Publishing RPC Services with ISA Server 2006
ISA
Firewall
RPC infection outbreak
stopped at ISA Server
Infected workstation
attempts to spread RPC
exploit to workstations and
servers on all networks
Server Network
Client Network 1
Client Network 2
FIGURE 15.2 Using ISA Server to secure network segments.
15
If a client becomes infected with an RPC-based virus or worm, or if an internal employee
uses an RPC exploit to attempt to ???hack??? a server, this type of deployment scenario effectively
contains both.
It is important to note that ISA is very flexible about the method in which it is deployed,
and certain other deployment scenarios can take advantage of ISA RPC filtering and other
server publishing scenarios. For example, in the scenario illustrated in Figure 15.3, ISA
servers are deployed to protect an Exchange server environment, allowing only MAPI and
OWA traffic from anywhere else on the network.
Obviously, many other deployment options are available, but it is important to understand
the limitations of RPC publishing, and when it is possible to use it or not.
Pages:
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668