Abdullah, [EMAIL PROTECTED] wrote:
I have MS ISA 2004 Server running on MS Windows 2003 Server, and now I working for a security assessment for that server, could any one help me with a guide line or a document to complete this job.
ISA is a firewall product - many of the same rules apply when doing a security assessment of ISA as to any other firewall product, in addition to a range of ISA-specific rules and best-practices. The first thing I'd suggest, then, is to take a look at how ISA is performing for you as a firewall - ie. looking principally at the firewall architecture, ruleset, etc.
This is something that's going to involve a large amount of introspection, looking at what exactly your needs are in terms of traffic traversing your ISA Firewall and assessing how your ISA Ruleset meets those needs.
It's also something that's more complex than just asking "do I need this rule?" - ideally, you want to look at /every/ aspect of a rule and eliminate components of rules that you do need that are unnecessary or redundant, such as allowing DNS traffic through your ISA box from domain clients who use AD DNS Servers.
Lots of ISA-specific best practices and configurations creep in here too - you also want to be looking at some of the more complex and architectural aspects of your rulesets and architecture, such as the depth to which you're using publishing rules, or how you're firewalling VPN Connections.
ISA is also a software application running on top of Windows 2003 Server. The second thing you want to look at, then, is how it's setup in this context. What patchlevel is on the operating system, how it's locked down (group policy, security policy, filing system & registry permissions) how service accounts are configured, and probably other things such as capacity and hardware configuration. If your ISA box isn't a standalone, you have the added concerns of how AD is configured, too.
On this topic, I'd suggest the usual suspects; the windows 2003 security guide[1] and the ISA Security Guides for ISA 2004[2] and ISA 2006[3].
To adequately do a security assessment of ISA (or even provide advice on doing so) really needs a good knowledge both of ISA (and what it's capable of) and your infrastructure, as well as understanding of what's generally best practice for ISA deployments in whatever scenarios you have it deployed in, networking, and firewalling generally.
If you actually want to perform a serious security assessment, you want to very carefully consider whether or not you have (or can acquire) these understandings yourself. If you can't, consider hiring someone who knows what they're doing already.
If you can provide some more specific information on how you have ISA deployed, you may find you're given some more specific suggestions on what elements in particular you want to be looking at.
Hope that helps. - James. [1]http://go.microsoft.com/fwlink/?LinkId=14845 [2]http://www.microsoft.com/technet/isa/2004/plan/securityhardeningguide.mspx [2]http://www.microsoft.com/technet/isa/2006/security_guide.mspx -- James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org "All at sea again / And now my hurricanes Have brought down this ocean rain / To bathe me again" https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3 --
smime.p7s
Description: S/MIME Cryptographic Signature
