Microsoft Internet Security and Acceleration (ISA) Server 2004 Unleashed [Paperback]

Michael Noel (Author)

Book Description

ISBN-10: 067232718X | ISBN-13: 978-0672327186 | Publication Date: September 3, 2005

A detailed look into best practice design, deployment, and maintenance of an ISA Server 2004 Environment.  Written by industry expert Michael Noel, of Convergent Computing, ISA Server 2004 Unleashed provides guidance for ISA deployment scenarios, including step by step guides for configuring ISA to secure Exchange Outlook Web Access, deploying ISA Server 2004 Enterprise edition arrays, setting up Site to Site VPNs, deploying ISA as a reverse proxy in the DMZ of a firewall, and much more.  This book covers ISA in great detail, with emphasis on real-world situations and labor-saving scripts that help administrators take control of an ISA environment and leverage its full potential to provide unprecedented levels of security to an environment.

Editorial Reviews

About the Author

Michael Noel (CISSP, MCSE:Security) has significant experience in the computer industry, and has worked with the ISA Server product since its infancy. In addition to his writings on ISA and other security products, Michael has authored Windows Server 2003 Unleashed, Exchange Server 2003 Unleashed, and SharePoint 2003 Unleashed. Currently a Senior Consultant at Convergent Computing in the San Francisco Bay Area, Michael's writings leverage his real-world experience designing, deploying, and administering ISA Server environments.

Excerpt. © Reprinted by permission. All rights reserved.

Introduction

It is rare to run into that one product that impresses technical audiences in the way that ISA Server 2004 has managed to. As I prepared to write this book, what surprised me was not ISA's ability to wow and charm Microsoft-centric environments, but its ability to impress the Microsoft-skeptic crowds as well. These are the ones who have been skeptical of anything coming out of Redmond with "Security" in its title—for good reason in many cases. So, from its release, ISA faced a seemingly insurmountable uphill battle for acceptance, which makes its success even more impressive.

I have had the luxury of working closely with several of the best technologies Microsoft has produced: Active Directory, SQL Server, SharePoint, and Exchange. It therefore takes a powerful product for me to be impressed, and ISA Server 2004 really has done that. ISA functionality is broad, with VPN, reverse proxy, firewall, content caching, and protocol filtering capabilities. Marketing slogans are one thing, but this product really does live up to its billing. I have deployed, administered, and tested ISA Server at organizations of many sizes and functions, from city governments to banks to law firms to technology firms, and have had great success with the product. The breadth and depth of functionality that ISA provides makes my job designing security for these types of environments that much easier.

This book is the result of my experience and the experiences of my colleagues at Convergent Computing in working with ISA Server 2004 Standard and Enterprise versions, in the beta stages and in deployment. I wrote this book to be topical, so that you can easily browse to a particular section and follow easy-to-understand step-by-step scenarios. In addition, if you are looking for a good overview on ISA, the book can be read in sequence to give you a good solid understanding of the higher levels of security and functionality ISA can provide.

The Target Audience of This Book

This book is geared toward Information Technology professionals who have moderate to high levels of exposure to firewall, security, and network technologies. It is ideal for those administrators who need a good in-depth knowledge of how ISA works and how it can be used to perform common tasks. In addition, this book is ideal for security administrators who are looking to deploy ISA as an additional layer of security in an existing environment, particularly for securing Outlook Web Access, websites, and other internal services.

The Organization of This Book

This book is divided into four parts:.

• Part I: Designing, Exploring, and Understanding ISA Server 2004—This section covers the basics of ISA Server 2004, including an overview of the technology, a walkthrough of the tools and features, and specific installation steps. In addition, design scenarios for ISA deployment are presented and analyzed, and migration steps from ISA 2000 are given.

• Part II: Deploying ISA Server 2004—This section covers the deployment of ISA technologies, discussing multiple common scenarios for which ISA is often used for. Discussion surrounding ISA firewall, content caching, reverse proxy, and Enterprise version deployment is discussed, and step-by-step deployment guides are illustrated. In addition, detailed analysis of Virtual Private Network support, including both client and site-to-site VPN, are covered.

• Part III: Securing Servers and Services with ISA Server 2004—Part III focuses on the specifics of securing protocols and services using the built-in HTTP, FTP, RPC, and other filters in ISA Server 2004. Specific instructions on how to use ISA to secure Microsoft Exchange Outlook Web Access (OWA), including the common scenario of deploying ISA within the DMZ of an existing firewall, are outlined in depth. In addition, securing techniques for SharePoint sites, web servers, Outlook MAPI traffic, and other common scenarios are explained.

• Part IV: Supporting an ISA Server 2004 Infrastructure—The nuts and bolts of administering, maintaining, and monitoring an ISA Server 2004 environment are explained in this section, with particular emphasis on the day-to-day tasks that are needed for the "care and feeding" of ISA. Critical tasks that are often overlooked, such as automating ISA Server Configuration backups and documenting ISA Server rules, are presented and analyzed. Throughout this section, tips and tricks to keep ISA well maintained and working properly are outlined.

Conventions Used in This Book

The following conventions are used in this book:

---

Caution - Cautions alert you to common pitfalls that you should avoid.

---

---

Tip - Tips are used to highlight shortcuts, convenient techniques, or tools that can make a task easier. Tips also provide recommendations on best practices you should follow.

---

---

Note - Notes provide additional background information about a topic being described, beyond what is given in the chapter text. Often, notes are used to provide references to places where you can find more information about a particular topic.

---

---

Sidebars -

A sidebar provides a deeper discussion or additional background to help illuminate a topic.

---

If you are like many out there recently tasked with an ISA project or simply looking for ways to bring security to the next level, this book is for you. I hope you enjoy reading it as much as I enjoyed creating it and working with the product.

© Copyright Pearson Education. All rights reserved.

Product Details

• Paperback: 576 pages
• Publisher: Sams (September 3, 2005)
• Language: English
• ISBN-10: 067232718X
• ISBN-13: 978-0672327186
• Product Dimensions: 9.2 x 7 x 1.3 inches
• Shipping Weight: 2 pounds
• Average Customer Review: 4.8 out of 5 stars  See all reviews (4 customer reviews)
• Amazon Best Sellers Rank: #641,224 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

7 of 7 people found the following review helpful:

4.0 out of 5 stars Well Leashed and Very Useful Installation Guide, May 29, 2006

By 

David Gurgel (Roseland, New Jersey United States) - See all my reviews
(VINE VOICE)    (REAL NAME)   

Amazon Verified Purchase

This review is from: Microsoft Internet Security and Acceleration (ISA) Server 2004 Unleashed (Paperback)

The book is poorly named. "Unleashed" suggests to me wild and wonderful things to do with complex features or even tricks and undocumented things. This is definitely a black Labrador on-the-leash kind of book, and it will get an administrator safely across the broad avenue that is an ISA installation. It's a great book in spite of the name.

I used "Unleashed" as a guide for installation of ISA Server 2004 (replacing ISA Server 2000) on the perimeter of a small office network that has ten servers on three different domains (including a web server and a mail server) and twenty workstations. I studied this book and Shinder's "Configuring ISA Server 2004" extensively before beginning the installation, and I had previous experience doing the installation and maintenance of the ISA 2000 installation that ISA 2004 replaced.

I preferred this book ("Unleashed") to the Shinder book as an installation guide, but I like Shinder as a reference because of its greater depth (twice as many pages). Both books promote ISA, but the Shinder books examines (in a defensive but very useful way) competing options to ISA more thoroughly. Shinder's book then would be more useful for those evaluating ISA versus competing products.

I also have the Microsoft MCSA/MCSE Training Kit. This book is the only ISA 2004 book that includes a 120-day trial version of ISA Server 2004. I have spent only two hours with this book but found the questions and answers at the end of each lesson helpful reflecting on key points. I did find a glaring error early on. It is not true that "the IP address assigned to the external interface [of the ISA server] must be routable ON [emphasis added] the Internet." The truth is that this IP address must be routable TO the Internet; and a private address (10.1.1.1 for example) will do just fine if there is (as in my case) a router with a public address between ISA and the Internet. Microsoft books are of coure authoratative and prep well for the exams in spite of an occasional error.

Our ISA server is connected on the Internet side with a private (nonroutable) IP address to an $89 Linksys router, which is configured with simple firewall filters. The Linksys router has a public IP address and connects to a Verizon DSL modem. A laptop in the DMZ between ISA and the router is used for testing ISA protection. The ISA server of course could be connected directly to the DSL modem; but we like the presence of the additional appliance (the Linksys router) as an additional level of defense. We run GFI (number one Exchange spam filter) on our Exchange server since ISA and most other firewall products only do token spam filtering.

"Unleashed" provided sufficiently detailed and accurate guidance for each step that I took: hardening the OS, installing ISA, configuring the networks attached to the ISA NICs, setting up firewall rules, publishing an IIS web server, publishing an Exchange mail server, and setting up Outlook web access. The total time required was only two hours even with a couple of errors.

ISA is a complex product with routing, caching proxy and reverse proxy servers, firewall (including stateful and advance application level inspection), VPN server, and simple spam filter. Michael Noel in "Unleashed" clearly shows how to use the greatly improved ISA administrative interface with its templates and wizards to configure my simple architecture and also more complex architectures that place servers in the DMZ as well as the limited single-homed topology with the ISA server in the DMZ. My company is not using VPN, but the book provides thorough coverage of VPN, which many be mission-critical to those with branch offices and road warriors.

Lastly, if you are new to ISA, be aware that ISA 2006 was released as a beta earlier this year. Many reviews suggest that ISA 2006 is not a major change. Microsoft says that upgrading from 2004 to 2006 will be supported. Amazon shows no titles as yet for ISA 2006. My guess is that the final release of 2006 will not come before the end of the year.

5 of 5 people found the following review helpful:

5.0 out of 5 stars Practical volume for assessing, designing and implementing ISA, November 12, 2005

By 

C. Wallace (Oakland, California) - See all my reviews
(REAL NAME)   

This review is from: Microsoft Internet Security and Acceleration (ISA) Server 2004 Unleashed (Paperback)

I found this book to be extremely helpful in understanding ISA architecture and how it might fit into our organization.

The book is well laid out, concise and readable. The first section lays out a high level view of ISA functions and provides a clear overview of how to assess which components are appropriate for solving specific network security issues. The section on deployment goes into more detail, explaining how to install and configure the various components of an ISA deployment. Part III on securing servers and services goes into the specific details of configuring ISA to protect messaging, web and RPC traffic.

Microsoft networking products continue to improve both in functionality and ease of use. Having guides like this make understanding and implementing new technology viable even for small organizations with limited budgets.

2 of 3 people found the following review helpful:

5.0 out of 5 stars Great book on a rising product!, November 27, 2005

By 

A. Lewis (Santa Clara, CA) - See all my reviews
(REAL NAME)   

This review is from: Microsoft Internet Security and Acceleration (ISA) Server 2004 Unleashed (Paperback)

This is THE book if you are looking to learn ISA 2004. It is structured in an easy-to-understand manner for windows admins who are familiar with Windows but may not have been exposed to ISA Server or are upgrading from ISA 2000. All in all this is the only book on the subject you'll need.