Manually Patching an ISA Server
Given the fact that it is often not viable to automatically update and reboot a critical
system such as ISA, the most common approach to ISA Server Patch management involves
manually installing and patching an ISA server on a controlled basis. Given the large
number of server updates that Microsoft releases, this may seem like a rather onerous task.
In reality, however, only a small number of these patches and updates apply to ISA server
itself, so one of the tasks of the administrator is to validate whether an ISA server requires
a specific patch or not.
For example, a patch that addresses a WINS server vulnerability would not apply to an ISA
server that is not running that particular service. In reality, because ISA is locked down to
454 CHAPTER 17 Maintaining ISA Server 2006
not respond to any type of traffic other than those that are specifically defined, only a
small number of the patches that are produced need to be run on an ISA server.
In general, a patch may need to be applied on the ISA server if it addresses a vulnerability
in the following Windows components:
. The kernel of the operating system.
Pages:
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711