ISA Server 2004 UNLEASHEDBy Table of Contents Copyright About the Author Acknowledgments We Want to Hear from You! Introduction The Target Audience of This Book The Organization of This Book Conventions Used in This Book Part I. Designing, Exploring, and Understanding ISA Server 2004 Chapter 1. Introducing ISA Server 2004 Understanding the Need for ISA Server 2004 Detailing the Additional Advantages of ISA Server 2004 Understanding the History of ISA Server 2004 Exploring the New Features of ISA Server 2004 Detailing Deployment Strategies with ISA Server 2004 Augmenting an Existing Security Environment with ISA Server 2004 Administering and Maintaining an ISA Server 2004 Environment Using ISA Server 2004 to Secure Applications Summary Best Practices Chapter 2. Installing ISA Server 2004 Reviewing ISA Server 2004 Prerequisites Procuring and Assembling ISA Hardware Building Windows Server 2003 as ISA''s Operating System Determining Domain Membership Versus Workgroup Isolation Installing the ISA Server 2004 Software Performing Post-Installation ISA Updates Securing the Operating System with the Security Configuration Wizard Summary Best Practices Chapter 3. Exploring ISA Server 2004 Tools and Concepts Exploring the ISA Server 2004 Management Console Configuring Networks with ISA Console Network Wizards and Tools Exploring Firewall Policy Settings Navigating the Monitoring Node Options Working with the Virtual Private Networks Node Examining the Cache Node Settings Configuring Add-ins Exploring the ISA General Node Summary Best Practices Chapter 4. Designing an ISA Server 2004 Environment Preparing for an ISA Server 2004 Design Upgrading Existing ISA Server 2000 Systems to ISA Server 2004 Determining the Number and Placement of ISA Servers Prototyping a Test ISA Server Deployment Piloting an ISA Server Deployment Implementing the ISA Server Design Designing ISA Server 2004 for Organizations of Varying Sizes Summary Best Practices Part II. Deploying ISA Server 2004 Chapter 5. Deploying ISA Server 2004 as a Firewall ISA as a Full-Function Security Firewall Multi-networking with ISA Server 2004 Defining ISA Firewall Networks Reviewing and Modifying Network Rules Understanding Firewall Policy Rules Examining Advanced ISA Firewall Concepts Summary Best Practices Chapter 6. Deploying ISA Server Arrays with ISA Server 2004 Enterprise Edition Understanding ISA Server 2004 Enterprise Edition Deploying the Configuration Storage Server (CSS) Setting Up Enterprise Networks and Policies Creating and Configuring Arrays Installing and Configuring ISA Enterprise Servers Configuring Network Load Balancing and Cache Array Routing Protocol (CARP) Support Summary Best Practices Chapter 7. Deploying ISA Server as a Reverse Proxy in an Existing Firewall DMZ ISA Server 2004 as a Security Appliance Deploying Unihomed ISA Server 2004 Security Appliances Configuring Existing Firewalls to Utilize ISA Server 2004 Reverse Proxy Publishing and Securing Services in an Existing DMZ Understanding Advanced ISA Security in Enterprise Environments Summary Best Practices Chapter 8. Deploying ISA Server 2004 as a Content Caching Server Understanding the Acceleration Component of the Internet Acceleration Server 2004 Designing ISA Server 2004 Caching Solutions Enabling ISA Server 2004 as a Web Caching Server Configuring Proxy Clients Summary Best Practices Chapter 9. Enabling Client Remote Access with ISA Server 2004 Virtual Private Networks (VPNs) Examining ISA Server 2004 VPN Capabilities and Requirements Designing an ISA Server 2004 VPN Infrastructure Enabling VPN Functionality in ISA Server Utilizing RADIUS Authentication for VPN Connections Configuring ISA for Point-to-Point Tunneling Protocol (PPTP) VPN Connections Creating Layer 2 Tunneling Protocol (L2TP) VPN Connections with ISA Creating a Public Key Infrastructure (PKI) for L2TP with IPSec Support Using the Connection Manager Administration Kit (CMAK) to Automate VPN Client Deployment Enabling ISA Server 2004 VPN Quarantine Summary Best Practices Chapter 10. Extending ISA 2004 to Branch Offices with Site-to-Site VPNs Understanding Branch-Office Deployment Scenarios with ISA Server 2004 Preparing ISA Servers for Site-to-Site VPN Capabilities Configuring a Point-to-Point Tunneling Protocol (PPTP) Site-to-Site VPN Between Two Remote Offices Configuring a Layer 2 Tunneling Protocol (L2TP) Site-to-Site VPN Connection Between Two ISA Servers in Remote Sites Configuring ISA 2004 to Integrate with Third-Party VPN Tunnel Products Configuring Network and Firewall Rules Between ISA Site Networks Summary Best Practices Chapter 11. Understanding Client Deployment Scenarios with ISA Server 2004 Outlining Client Access with ISA Server 2004 Preparing an ISA Environment for the Firewall Client Installing the ISA Firewall Client Working with the ISA Firewall Client Summary Best Practices Part III. Securing Servers and Services with ISA Server 2004 Chapter 12. Securing Outlook Web Access (OWA) Traffic Enabling Secure Sockets Layer (SSL) Support for Exchange Outlook Web Access Securing Exchange Outlook Web Access with ISA Server 2004 Summary Best Practices Chapter 13. Securing Messaging Traffic Understanding the Need for Secure Mail Access Configuring ISA Server 2004 to Support OMA and ActiveSync Access to Exchange Configuring ISA Server to Secure RPC over HTTP(S) Traffic Securing Exchange MAPI Access Securing POP and IMAP Exchange Traffic Managing and Controlling Simple Mail Transport Protocol (SMTP) Traffic Summary Best Practices Chapter 14. Securing Web (HTTP) Traffic Outlining the Inherent Threat in Web Traffic Publishing and Customizing Web Server Publishing Rules Configuring SSL-to-SSL Bridging for Secured Websites Securing Access to SharePoint 2003 Sites with ISA 2004 Summary Best Practices Chapter 15. Securing RPC Traffic Understanding the Dangers of Remote Procedure Call (RPC) Traffic Securing RPC Traffic Between Network Segments Publishing RPC Services with ISA Server 2004 Using Network Monitor for Custom RPC Creating Server Publishing Rules Summary Best Practices Part IV. Supporting an ISA Server 2004 Infrastructure Chapter 16. Administering an ISA Server 2004 Environment Defining the Role of the ISA Administrator Deploying a Role-Based Access Control Model for ISA Server 2004 Delegating and Customizing Administrative Access to the ISA Console Administering an ISA Server Remotely Working with ISA Server 2004 Lockdown Mode Performing Advanced ISA Administration Summary Best Practices Chapter 17. Maintaining ISA Server 2004 Understanding the Importance of a Maintenance Plan for ISA Updating ISA''s Operating System Performing Daily Maintenance Performing Weekly Maintenance Performing Monthly Maintenance Performing Quarterly Maintenance Summary Best Practices Chapter 18. Backing Up, Restoring, and Recovering an ISA Server 2004 Environment Understanding ISA Server''s Backup and Recovery Capabilities Exporting ISA Settings for Backups Importing ISA Settings for Restores Automating ISA Server Export with Custom Scripts Using Traditional Backup and Restore Tools with ISA Server 2004 Summary Best Practices Chapter 19. Monitoring and Troubleshooting an ISA Server 2004 Environment Outlining the Importance of ISA Monitoring and Logging Configuring ISA Logging and Monitoring Logging ISA Traffic Monitoring ISA from the ISA Console Generating Reports with ISA Server Monitoring ISA Server 2004 Health and Performance with Microsoft Operations Manager (MOM) Summary Best Practices Chapter 20. Documenting an ISA Server 2004 Environment Understanding the Benefits of ISA Server Documentation Documenting the ISA Server 2004 Design Developing Migration Documentation Creating Administration and Maintenance Documentation for ISA Preparing Disaster Recovery Documentation Understanding the Importance of Performance Documentation Writing Training Documentation Summary Best Practices