ISA Server 2004 UNLEASHED [Electronic resources] نسخه متنی

Best Practices

• If the existing security configuration cannot be changed, consider ISA Server 2004 for reverse-proxy configuraiton in the DMZ of existing firewalls.

• Use the Enterprise version of ISA Server 2004 if redundancy and failover of ISA functionality is needed.

• Never install any IIS components (except the SMTP service) directly on an ISA server.

• Use the SMTP Screener service on a unihomed ISA server to secure SMTP mail flow to and from the Internet.

• Use RADIUS or SecurID authentication when the ISA server is not a domain member.

• Use a hosts file on the ISA server to properly resolve the FQDN of SSL-encrypted web pages, and use the full name in the ISA rule.

• If needing a pre-built, pre-configured security solution for reverse proxy capabilities, consider the ISA Server 2004 appliances provided by third-party vendors.

• Follow the securing procedures outlined in the other chapters of this book, only changing the listener network to point to All Networks when ISA is deployed as a unihomed server.