Home > Articles > Home & Office Computing > The Web/Virtual Worlds/Social Networking

  • Print
  • + Share This
This chapter is from the book

This chapter is from the book

Augmenting an Existing Security Environment with ISA Server 2006

One of the major steps forward for ISA Server was the change in focus from an assumption of ISA in a Microsoft-only environment to a focus where ISA is an additional layer of security to existing security technologies. ISA Server is being deployed more often recently to supplement security in many organizations, and this capability to "play well" with other firewalls and security applications is a welcome improvement.

Utilizing ISA Server 2006 in Conjunction with Other Firewalls

A common deployment scenario for ISA Server 2006 systems has been as a reverse proxy or dedicated VPN server that sits as a unihomed (single network card) server in the Perimeter (DMZ) network of an existing firewall. This is where the integration of ISA with other security devices really shines. The advantage to deploying ISA in this method is that it serves as an additional layer of security in an existing environment, improving the environment's overall security. Security works best in layers because it is more difficult to compromise a system that has multiple mechanisms that must be defeated before an unauthorized user is able to gain access.

To this end, ISA is proving to be a commonly used security tool that satisfies specific needs, rather than a whole host of needs at once. For example, a large number of ISA deployments serve a single purpose: to secure traffic to Outlook Web Access servers or other web-related servers while sitting in the DMZ of an existing packet-layer firewall, similar to what is shown in Figure 1.5. Of course, ISA can do more, but it is this capacity to do specific jobs very well that bodes well for ISA's acceptance among the overall security industry.

Figure 1.5

Figure 1.5 Deploying ISA in the DMZ of an existing firewall to secure OWA traffic.

For additional reading on this concept, see Chapter 7.

Deploying ISA Server 2006 in a RADIUS Authentication Environment

ISA Server 2006 supports authentication and logging against a Remote Authentication Dial-In User Service (RADIUS) environment, allowing for security integration in environments with an existing investment in RADIUS technologies. By providing this support, ISA also allows for scenarios where the ISA server is not a Windows NT/AD Domain Member. This decreases the overall threat associated with deploying an ISA server in certain circumstances, such as when it is deployed in the DMZ network of an existing firewall.

  • + Share This
  • 🔖 Save To Your Account