In part one of our ISA Server Security checklist series, we talked about how to secure the operating system and network interfaces on the ISA Server. In part 2 we'll focus on ISA Server specific configuration issues that you can use to optimize security.
It is important to have some sort of authentication method when using clients to access a resource through ISA, not doing so could result in unauthorized access to resources in or outside of your network. ISA has various methods of authenticating clients, I have discussed this in a previous tutorial (Understanding ISA’s different Authentication types). I will tutor you on how to configure various authentication types best suited for your ISA server. While showing you in five easy steps, how to configure the various authentication types, I will not go into too much detail on each authentication type. For more comprehensive on authentication types information please refer to my previous tutorial (Understanding ISA’s different Authentication types).
A common issue that pops up on the www.isaserver.org web boards is how to configure a DMZ segment on a trihomed ISA Server. Setting up a trihomed ISA Server with a directly attached segment acting as a DMZ is fairly simple.
This tutorial was made to enable you to understand why a firewall client is used and also to understand it’s limitations and advantages over other ISA clients. Please NOTE: this tutorial is not here to describe how to configure the firewall client in detail.
I get a lot of questions about how can ISA Server be used to block dangerous applications. What is a dangerous application?
As part of monitoring, it is vital that you get alerted when there is an intrusion or an attack taking place on your network. ISA has methods of identifying when an attack is attempted or taking place on your network. ISA Server compares network traffic and log entries to well-known attack methods that are used by hackers. ISA also has the capability of taking actions when these attacks are taking place.
ISA Server can be used to prevent the spread of the Code Red worm and its current (as of August 24, 2001) variants (such as Code Red and Code Red II). This has not been tested against the new Code Red.d variant.
ISA Server supports both distributed and hierarchical caching. In distributed caching, the ISA Server cache is distributed among array members. In hierarchical caching, different ISA Servers or arrays can connect to other ISA Servers or arrays for cached data access, or eventual access to the Internet. The array closest to the Internet is considered the "upstream" array while the array that is most far from the Internet is considered the "downstream" array. Aside from caching, a chained configuration can provide authentication functions as well.
All ISA Server clients can use the Web Proxy service. SecureNAT, Firewall and Web Proxy clients can have access to it. However, the way these different ISA Server clients access the Web Proxy service differs. These differences are important because they impact how you approach securing and monitoring of web content.
I've noticed a lot of people are having problems with setting up ISA Server to take inbound VPN calls. ISA Server supports VPN connections from external clients on the Internet. Virtually any computer that is able to act as a PPTP or L2TP/IPSec client can connect to your network through the ISA Server. However, everything has to be set up right in order to make this work.
