This is particularly important for ISA servers that are not domain members because the
local accounts on the system provide the only access into the environment.
Audit the Security Infrastructure
Security is the cornerstone of ISA Server functionality, and it is critical to validate that an
ISA server is secure. This validation should be performed no less than every quarter, and
can also be useful in satisfying third-party IT environment audits that may be dictated by
governmental or industry compliance.
Security audits can be performed via traditional checks of security procedures and infrastructure,
such as the following:
. Who has administrative access
. The physical security of the servers
. The presence of procedural documentation
. Firewall policy based on role-based access controls
. Existence and maintenance of audit and firewall logs
In addition to validating security in this way, third-party hacking and intrusion tools can
be used to validate the effective security of an ISA server. These tools are constantly being
466 CHAPTER 17 Maintaining ISA Server 2006
used ???in the wild??? on the Internet, and it can be advantageous for an organization to use
the latest tools to test the robustness of the current ISA configuration.
Pages:
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730