Presentation is loading. Please wait.

Presentation is loading. Please wait.

Implementing a Secure ISA Server

Published byGilbert Merritt Modified over 6 years ago

Similar presentations

Presentation on theme: "Implementing a Secure ISA Server"— Presentation transcript:

1 Implementing a Secure ISA Server
Roberta Bragg

2 Read Step Ten before actually doing any of these steps!
Step One Read Step Ten before actually doing any of these steps!

3 Step Two – Planning What do you want? A firewall? A caching server? Both? Single server? DMZ? Array? Amount of traffic? What needs to pass through? Machine sizing

4 Step Three- Network Preparations
Network addresses Routers Insure internal DNS for internal network clients External DNS for ISA Server Changes required to network configuration? Clients?

5 Step Four – Install Clean W2K
Separate drives/partition system data from firewall Customization - Uncheck all options! Accessories IIS Custom networking – only TCP/IP External Card: Disable DNS automatic registration Disable windows networking Disable NetBIOS over TCP/IP Internal Card – as appropriate for your network Workgroup not domain*

6 Step Five – Pre-ISA Install
Edit %systemroot%\inf\sysoc.inf and remove the ‘hide’ keyword where it appears Use Add/Remove to remove Fax, Image View, Pinball, Word Pad – be careful here! Check Routing Table Clean Certificate Store – remove unnecessary certificates Disable services that get installed by default & are not needed Apply Service Pack/patches SO, what services do you need? DNS client Eventlog Logical disk manager Plug and play Protected storage Security accounts manager Telephony  And maybe : IPSec policy agent Network connections manager Remote procedure call Remote registry service Run as

7 Step Six – ISA Installation
Install only services you need Do not install H.323 unless going to use! Install onto other partition from OS If this is Enterprise select administrative array/enterprise policies as per your organization administrative policy only allow publishing if in DMZ Enable packet filtering Configure LAT so only has addresses in internal network

8 Step Seven – After Install Test Basic Connectivity
Ensure LAT only contains addresses from internal network Connection to Internet? Check default site and content rule Add Protocol rule REMOVE TEST!

9 Step Eight – Secure ISA Set file /folder/ share permissions
Mspclnt share: Authenticated Users Read Inheritance: not allowed from parent folder, apply settings to folder, subfolders, files Installation Directory, Clients directory, Urlcache: Administrators, Creator/Owner, System – Full Control Clients – Authenticated Users Read & Execute Tweak then apply security template Follow guidelines for secure configuration Of especial importance Limit accounts in local database Use strong passwords

10 Step Nine – Configure and Roll Out
Configure client access as per plan Configure packet filters/intrusion detection as per plan Do not enable ip routing unless –DMZ 3-homed firewall/mail server publishing Test Configure Reporting/Monitoring Install and Configure Clients

11 Step Ten Never, never, never accept on faith any advice from a security guru, government agency, book, Microsoft document, SearchWin2000 chat. Your network, server, use, requirements may differ TEST

Download ppt "Implementing a Secure ISA Server"

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.

Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.

By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Configuring a Secure Web Server COEN 351 David Papay.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Similar presentations

Ads by Google