لطفا منتظر باشید ...
Understanding Advanced ISA Security in Enterprise Environments
In general, the larger the environment, the more likely it is that ISA will be deployed in an unihomed ISA configuration. This has less to do with deficiencies in ISA itself and more to do with the investment that these organizations have with their existing security infrastructure. For many, it is simply too difficult, time-consuming, or politically challenging to replace firewalls, SSL-VPNs, and other security infrastructure with a new system such as ISA Server 2004.What these organizations are finding, however, is that ISA as a reverse proxy is a valid option for them, and can be configured to secure and protect internal company resources. What happens in many cases is that ISA gets deployed in this scenario, and eventually finds its way into other layers of an organization's security infrastructure after ISA's features are gradually understood.Large organizations have specific special needs that aren't fully met by a standard ISA deployment. Fortunately, the Enterprise version of the product provides for these needs, above and beyond the capabilities of the Standard version.
Deploying ISA Security Appliances for Redundancy and Load Balancing
To achieve redundancy of ISA components requires either the use of a third-party load balancing solution, such as Cisco Content Switch, or the inclusion of an internal load balancing solution, such as Network Load Balancing.Chapter 6, "Deploying ISA Server Arrays with ISA Server 2004 Enterprise Edition."
Monitoring and Intrusion Detection on ISA Servers in the DMZ
Monitoring an ISA Server in a firewall's DMZ can prove to be particularily challenging. The firewall itself is often configured to not allow remote access traffic over common ports, such as the MMC console (RPC-based) access and/or Remote Desktop Prototocol (RDP). For this type of access to be allowed, the ISA server must first allow it, and then the firewall itself must allow it as well. This involves opening the proper ports on the firewall from management consoles to the ISA server itself. In worst-case scenarios, management of ISA itself can take place only via the attached keyboard, mouse, and video connection on the server itself.Chapter 19, "Monitoring and Troubleshooting an ISA Server 2004 Environment."
