isa server 2000 best practices from the field presenters: jim harrison - microsoft corp jim edwards...

ISA Server 2000ISA Server 2000 Best Practices from the Field Best Practices from the Field

Presenters:Presenters:Jim Harrison - Microsoft Corp Jim Harrison - Microsoft Corp

Jim Edwards - Microsoft CorpJim Edwards - Microsoft Corp

AgendaAgenda

Introduction (Jim Harrison)Introduction (Jim Harrison)

Security (Jim Harrison)Security (Jim Harrison)

Reliability (Jim & Jim)Reliability (Jim & Jim)

Performance (Jim Edwards)Performance (Jim Edwards)

Q&AQ&A

SecuritySecurityWindows ConfigurationWindows Configuration

Domain AssociationDomain Association

Perimeter Network ScenariosPerimeter Network Scenarios

ISA ConfigurationISA Configuration

ISA PoliciesISA Policies

ISA LogsISA Logs

ReferencesReferences

Windows ConfigurationWindows Configuration

PatchesPatches, , PatchesPatches, , PATCHES!PATCHES!

Security checklists on Security checklists on – TechnetTechnet– ISAServer.orgISAServer.org– NSANSA


ISA Service DependenciesISA Service Dependencies– ISA Server Packet Filter Extension (mspfltex)ISA Server Packet Filter Extension (mspfltex)– Remote Access Connection Manager Remote Access Connection Manager

(rasman)(rasman)– WMI Driver Extensions (wmi)WMI Driver Extensions (wmi)

DCOM is required for ISADCOM is required for ISA


Service Dependencies created by ISAService Dependencies created by ISA– ICS (sharedaccess) depends on Microsoft ICS (sharedaccess) depends on Microsoft

Firewall (fwsrv)Firewall (fwsrv)– Routing and Remote Access (remoteaccess) Routing and Remote Access (remoteaccess)

depends on ISA Control (isactrl)depends on ISA Control (isactrl)

Non-DomainNon-Domain

LAN DomainISA Server(s)

Separate Domains (Forests)Separate Domains (Forests)

ISA Domain LAN Domain

One WayTrust fromISA to LAN

Same Forest, Separate DomainsSame Forest, Separate Domains

ISA Domain LAN Domain

ImplicitTwo Way

Trust

Domain (Forest) root

Single DomainSingle Domain

ISA / LAN Domain

Two–Tier Perimeter NetworkTwo–Tier Perimeter Network

LAT Segment

2nd-TierPerimeterNetwork

192.168.0/24 192.168.1/24123.123.123/24

Third-leg Perimeter NetworkThird-leg Perimeter Network

LAT Segment

ExternalSubnet192.168.0/24

123.123.123/24123.123.123/25

LAT Perimeter NetworkLAT Perimeter Network

LAT Segment

LATSegment192.168.0/24

192.168.1/24

IPSec / RRAS IP Filters

Cache modeCache mode

IP packet filtering IP packet filtering NOTNOT Available Available

LAT / LDT LAT / LDT NOTNOT Available Available

Outgoing and Incoming Web Requests Outgoing and Incoming Web Requests listener configurationslistener configurations

Best behind another (ISA) firewallBest behind another (ISA) firewall

Firewall & Integrated modesFirewall & Integrated modes

IP Filtering makes this the most secureIP Filtering makes this the most secure

User- / group-based non-web traffic rulesUser- / group-based non-web traffic rules

Single-NIC installation is Single-NIC installation is NOTNOT supported supported without dialup as externalwithout dialup as external

LAT configurationLAT configuration

LAT ConfigurationLAT Configuration

RightRight WrongWrong

IP Packet FilteringIP Packet Filtering

RightRight WrongWrong

Admin RightsAdmin Rights

RightRight Right?Right?

Protocol RulesProtocol Rules

RightRight

Protocol RulesProtocol Rules

WrongWrong

Site & Content RulesSite & Content Rules

AnonymousAnonymous

Site & Content RulesSite & Content Rules

UnfilteredUnfiltered

Server PublishingServer Publishing

Incoming Web ListenersIncoming Web Listeners

Right ?Right ?RightRight

Web PublishingWeb Publishing

WrongWrongRightRight

Web PublishingWeb Publishing

ISA LogsISA LogsOther Server LogsOther Server Logs– SMTP, DNS, etc.SMTP, DNS, etc.

Forensic AnalysisForensic Analysis– Securityfocus.comSecurityfocus.com article article

Legal EvidenceLegal Evidence– Computer ForensicsComputer Forensics– Trail of EvidenceTrail of Evidence

IP Packet Filter LogsIP Packet Filter Logs

External scans, External scans, attacks, spoofsattacks, spoofs

Log field selectionsLog field selections– Payload is limited to Payload is limited to

the first 256 bytesthe first 256 bytes

IP PF Log ExamplesIP PF Log Examples

source-ip destination-ip proto param#1 param#2 flags

68.124.157.106 123.123.123.10 Tcp 1646 17300 SYN193.179.148.234 123.123.123.12 Tcp 4738 22 SYN

209.221.223.108 123.123.123.10 ICMP 8 0209.221.223.108 123.123.123.11 ICMP 8 0209.221.223.108 123.123.123.12 ICMP 8 0209.221.223.108 123.123.123.13 ICMP 8 0

62.111.208.195 123.123.123.10 Tcp 2736 135 SYN62.111.208.195 123.123.123.11 Tcp 2737 135 SYN62.111.208.195 123.123.123.12 Tcp 2738 135 SYN 62.111.208.195 123.123.123.13 Tcp 2739 135 SYN

IP PF Log Bonus SlideIP PF Log Bonus Slide

211.41.55.136 123.123.123.11 Tcp 3127 3127 SYN

211.41.55.136 123.123.123.12 Tcp 3135 3127 SYN

211.41.55.136 123.123.123.13 Tcp 3140 3127 SYN

Firewall LogsFirewall Logs

Internal virus / worms Internal virus / worms detectiondetection

Log field selectionsLog field selections

– WP and FW share WP and FW share many logging optionsmany logging options

Firewall Log ExamplesFirewall Log Examples

c-ipc-ip r-ip r-ip r-portr-port cs-protcs-prot s-opers-oper sc-status sc-status

192.168.0.1 123.123.123.123192.168.0.1 123.123.123.123 135135 TCPTCP ConnectConnect 1330113301

192.168.0.1192.168.0.1 207.46.245.214 135135 TCPTCP ConnectConnect 00

192.168.0.1 192.168.0.1 207.46.245.214 1730017300 TCPTCP ConnectConnect 1330113301




Web Proxy LogsWeb Proxy Logs

Internal, external virus Internal, external virus / worms detection/ worms detection

Log field selectionsLog field selections

Web Proxy Log ExamplesWeb Proxy Log Examples

CodeRed

<SourceIP> GET www 12202

<SourceIP> GET www 200

Nimda

<SourceIP> GET <ISAExtIP> 12202

<SourceIP> GET <ISAExtIP> 200

Auth Failure

<SourceIP> GET http://www.thatsite.tld 12209

Romper-Room No-No’sRomper-Room No-No’s

IP Packet Filtering off & IP Routing onIP Packet Filtering off & IP Routing on

Enable IP Routing via RRAS or TCP/IPEnable IP Routing via RRAS or TCP/IP

LAT includes external (or DMZ) subnetsLAT includes external (or DMZ) subnets

Same-subnet on internal / external NICsSame-subnet on internal / external NICs

FW Client installed on the ISAFW Client installed on the ISA

““All destinations” web publishing ruleAll destinations” web publishing rule

Security and Critical HotfixesSecurity and Critical Hotfixes

Service Pack 1Service Pack 1– KB 283213KB 283213 ICMP blocking (Nachi defense) ICMP blocking (Nachi defense)

Post SP1Post SP1– KB 319374 & 321846KB 319374 & 321846 Web Proxy crash Web Proxy crash– MS02-027MS02-027 BO in Gopher protocol handler BO in Gopher protocol handler– MS03-009MS03-009 DoS in DNS IDS filter DoS in DNS IDS filter– MS03-012MS03-012 DoS in Firewall Service DoS in Firewall Service– MS03-028MS03-028 XSS in ISA Error pages XSS in ISA Error pages– MS04-001 H.323 VulnerabilityMS04-001 H.323 Vulnerability

Security ReferencesSecurity References

Microsoft checklists and guides: Microsoft checklists and guides: http://www.microsoft.com/technet/security/chklist/Default.http://www.microsoft.com/technet/security/chklist/Default.aspasp

http://www.microsoft.com/http://www.microsoft.com/

technet/security/tools/default.asptechnet/security/tools/default.asp

CC configurationCC configuration

https://https://s.microsoft.com/isaserver/code/commoncriterias.microsoft.com/isaserver/code/commoncriteria//

Security ReferencesSecurity References

NSA configurationNSA configuration

http://www.nsa.gov/snac/win2k/guides/w2k-11.phttp://www.nsa.gov/snac/win2k/guides/w2k-11.pdfdf

http://www.nsa.gov/snac/win2k/guides/inf/isa.infhttp://www.nsa.gov/snac/win2k/guides/inf/isa.inf

Log ForensicsLog Forensics

http://securityfocus.com/infocus/1712http://securityfocus.com/infocus/1712

ReliabilityReliability

Windows ConsiderationsWindows Considerations

ISA Server 2000 Firewall ConsiderationsISA Server 2000 Firewall Considerations

Reliability Windows SettingsReliability Windows Settings

NIC binding orderNIC binding order

Routing tableRouting table

Patch Patch Patch!Patch Patch Patch!

RedundancyRedundancy

System ServicesSystem Services

Extraneous ServicesExtraneous Services

Reliability Windows Settings:Reliability Windows Settings:NIC Binding OrderNIC Binding Order

InternalInternal– Top of listTop of list– NO Default gatewayNO Default gateway– DNS/WINSDNS/WINS

ExternalExternal– Default gatewayDefault gateway– Dial up issuesDial up issues

RASRAS– Dial up issuesDial up issues

DMZDMZ– Doesn’t matterDoesn’t matter

Reliability Windows Settings:Reliability Windows Settings:Routing TableRouting Table

Static RoutesStatic Routes– Windows Windows

routing tablerouting table– RRAS routing RRAS routing

tabletable

Dynamic RoutesDynamic Routes– VPN issuesVPN issues

VPN ClientsVPN Clients– Mystery of the Windows VPN client gatewayMystery of the Windows VPN client gateway

Reliability Windows Settings:Reliability Windows Settings:Patches!Patches!

Service PacksService Packs– Install them nowInstall them now– Latest OS and ISA SP and FPLatest OS and ISA SP and FP

HotfixesHotfixes– Do you need them?Do you need them?– What about Windows Update?What about Windows Update?

Security UpdatesSecurity Updates– What’s going to break?What’s going to break?

Testing labTesting lab– Mirror config in labMirror config in lab– Don’t let the production network be your regression Don’t let the production network be your regression

testing labtesting lab

Reliability Windows Settings:Reliability Windows Settings:RedundancyRedundancy

What are you What are you trying to accomplish?trying to accomplish?Web v. Server Web v. Server Publishing RulesPublishing RulesNLB v. RainwallNLB v. Rainwall– Bidirectional Bidirectional

what?what?

Hardware Load Hardware Load BalancersBalancers– Pay to playPay to play

RainConnectRainConnect– Redundant Internet Redundant Internet

connectivityconnectivity– Outbound and inboundOutbound and inbound

NextLAND Proturbo 800NextLAND Proturbo 800

Reliability Windows Settings:Reliability Windows Settings:System ServicesSystem Services

Disable Junk ServicesDisable Junk Services– (list several of these)(list several of these)

Determining Required Determining Required ServicesServices– Disable and testDisable and test

Remote Registry Remote Registry ServiceService

Reliability Windows Settings:Reliability Windows Settings:Extraneous SoftwareExtraneous Software

Server ServicesServer Services– It’s a firewall, not a firesaleIt’s a firewall, not a firesale

Not a workstationNot a workstation– No Kaaza No Kaaza – No VPN client connectionsNo VPN client connections

Plug In’sPlug In’s– Test test testTest test test

Reliability ISA SettingsReliability ISA Settings

Test All PoliciesTest All Policies

Separate Inbound and Outbound DutiesSeparate Inbound and Outbound Duties

Backing UpBacking Up

Caching ArraysCaching Arrays

Reliability ISA Settings:Reliability ISA Settings:Field Test All PoliciesField Test All Policies

Protocol RulesProtocol Rules– The dreaded “all open” ruleThe dreaded “all open” rule

Site and Content RulesSite and Content Rules– Kill anonymous access Site and Kill anonymous access Site and

Content RulesContent Rules– Server client address set for Server client address set for

anonymous accessanonymous accessKill the HTTP (Re)DirectorKill the HTTP (Re)Director– Can’t block via Site/Content rulesCan’t block via Site/Content rules

Packet FiltersPacket Filters– This ain’t no pix(en)This ain’t no pix(en)

Web and Server Publishing RulesWeb and Server Publishing Rules– FQDN in Destination SetsFQDN in Destination Sets– The mystery of the ephemeral The mystery of the ephemeral

outbound IP addressoutbound IP addressVMwareVMware– Buy now or pay laterBuy now or pay later

Reliability ISA Settings:Reliability ISA Settings:Separate Inbound and OutboundSeparate Inbound and OutboundSeparate Inbound and Outbound ServersSeparate Inbound and Outbound ServersInbound ServersInbound Servers– Web Publishing and Web Publishing and

MemoryMemory– Server publishing Server publishing

performanceperformance

Outbound ServersOutbound Servers– Authentication traffic and Authentication traffic and

performanceperformance– Active caching and trafficActive caching and traffic

BandwidthBandwidth– Kill bandwidth rulesKill bandwidth rules

Reliability ISA Settings:Reliability ISA Settings:Backing UpBacking Up

Integrated Backup ToolIntegrated Backup Tool– Who need’s ‘em?Who need’s ‘em?

Import/Export ScriptImport/Export Script– Different IP address publishing/filters (IP specific)Different IP address publishing/filters (IP specific)

ISAinfo script (better know everything ISAinfo script (better know everything before before you you need to restore)need to restore)Disk ImagingDisk Imaging– Careful of different hardwareCareful of different hardware

Using VMware ImagesUsing VMware Images– Works great – performance Works great – performance

issuesissues

Reliability ISA Settings:Reliability ISA Settings:Caching ArrayCaching Array

Caching ArrayCaching Array– Not fault tolerance schemeNot fault tolerance scheme– Load balancing v. load sharingLoad balancing v. load sharing– The miracle of wpad and autodiscoveryThe miracle of wpad and autodiscovery

Reliability ISA Settings: Reliability ISA Settings: Autoconfiguration and AutodetectionAutoconfiguration and Autodetection

WpadWpad– DHCPDHCP– DNSDNS

Group PolicyGroup Policy

IEAKIEAK

Registry fileRegistry file

Firewall client Firewall client installationinstallation

Reliability HotfixesReliability Hotfixes

ISA Server Service Pack 1ISA Server Service Pack 1– http://www.microsoft.com/http://www.microsoft.com/isaserverisaserver

/downloads/ sp1.asp/downloads/ sp1.asp

ISA Server 2000 Hotfix for Rules Engine and ISA Server 2000 Hotfix for Rules Engine and Potential Web Proxy Service CrashPotential Web Proxy Service Crash – http://www.microsoft.com/downloads/details.aspx? http://www.microsoft.com/downloads/details.aspx?

displaylang=en&FamilyID=235B14FB-CDB4-4FCE-displaylang=en&FamilyID=235B14FB-CDB4-4FCE-BE10-E25F869DD40EBE10-E25F869DD40E

Flaw In ISA Server DNS Intrusion Detection Flaw In ISA Server DNS Intrusion Detection Filter Can Cause Denial Of ServiceFilter Can Cause Denial Of Service – http://www.microsoft.com/technet/treeview/http://www.microsoft.com/technet/treeview/

default.asp?url=/technet/security/bulletin/MS03-default.asp?url=/technet/security/bulletin/MS03-009.asp009.asp

Reliability HotfixesReliability Hotfixes

Flaw In Winsock Proxy Service And ISA Flaw In Winsock Proxy Service And ISA Firewall Service Can Cause Denial Of Firewall Service Can Cause Denial Of ServiceService– http://www.microsoft.com/technet/treeview/ http://www.microsoft.com/technet/treeview/

default.asp?url=/technet/security/bulletin/ default.asp?url=/technet/security/bulletin/ MS03-012.asp MS03-012.asp

Update Rollup for ISA Server Services Update Rollup for ISA Server Services – http://support.microsoft.com/default.aspx? http://support.microsoft.com/default.aspx?

scid=kb;EN-US;810493 scid=kb;EN-US;810493

Key ReferencesKey References

Shinder ISA Server 2000 SectionShinder ISA Server 2000 Section– www.isaserver.org/shinder www.isaserver.org/shinder

Jim Harrison’s ISAtools SiteJim Harrison’s ISAtools Site– www.isatools.org www.isatools.org

ISA Server Performance Best PracticesISA Server Performance Best Practices– http://www.microsoft.com/technet/security/ http://www.microsoft.com/technet/security/

prodtech/ISA/ISAPrfBP.asp?frame=true prodtech/ISA/ISAPrfBP.asp?frame=true

PerformancePerformance


ISA ConfigurationISA Configuration

Performance; Windows SettingsPerformance; Windows Settings

IP Stack configurationIP Stack configuration– TcpTimedWaitDelay & StrictTimeWaitSeqCheckTcpTimedWaitDelay & StrictTimeWaitSeqCheck– Remove QOS when not using ISA Bandwidth ControlRemove QOS when not using ISA Bandwidth Control

Page FilePage File– Separate physical driveSeparate physical drive– Not compressed/encrypted volumeNot compressed/encrypted volume

Physical memoryPhysical memory– 1024 Meg Minimum1024 Meg Minimum– 3072 Meg Maximum3072 Meg Maximum– /3GB switch – Reverse Web Cache only/3GB switch – Reverse Web Cache only


Disk subsystem – Only for Web CacheDisk subsystem – Only for Web Cache– RAID 0 if using RAIDRAID 0 if using RAID

NICNIC– Server class, 64-bit PCI-XServer class, 64-bit PCI-X– Multiprocessor - HW Interrupt PartitioningMultiprocessor - HW Interrupt Partitioning

SSL/IPSec AcceleratorsSSL/IPSec Accelerators– Good only for large number of HTTPS connectionsGood only for large number of HTTPS connections

Processors (class / quantity)Processors (class / quantity)– Do not use the ISA server as a workstationDo not use the ISA server as a workstation


Domain TopologyDomain Topology– Large number of NTLM authentication Large number of NTLM authentication

requestsrequests– DNSDNS

Logical NetworkLogical Network– Single Default Gateway on ISA ServerSingle Default Gateway on ISA Server

Performance; ISA SettingsPerformance; ISA Settings

Rule elements – Less granularRule elements – Less granular– Rule processing increases linearlyRule processing increases linearly– Small number of Rules with large Destination SetsSmall number of Rules with large Destination Sets

Enable Kernel Mode Data Pump – IP RoutingEnable Kernel Mode Data Pump – IP Routing– Significant increase to most capacity intensive Significant increase to most capacity intensive

ProtocolsProtocols– Disable filtering of IP fragmentsDisable filtering of IP fragments

Firewall & Web Proxy service DNS CacheFirewall & Web Proxy service DNS Cache– By default, services hold last 3000 DNS recordsBy default, services hold last 3000 DNS records

for 6 hours, regardless of TTLfor 6 hours, regardless of TTL


Server PublishingServer Publishing– Non RPCNon RPC– RPCRPC

Web PublishingWeb Publishing– Fewer Rules with large Destination Sets. Faster, less Fewer Rules with large Destination Sets. Faster, less

secure.secure.– More Rules with small Destination Sets. Slower, More Rules with small Destination Sets. Slower,

more secure.more secure.– Skip name resolutionSkip name resolution

Memory UsageMemory Usage– Firewall ServiceFirewall Service– Web ServiceWeb Service


Split purposeSplit purpose– Web ProxyWeb Proxy– Web PublishingWeb Publishing– FirewallFirewall

LoggingLogging– Ideal is Off. Not going to happenIdeal is Off. Not going to happen– Logging Fails, ISA stops serving contentLogging Fails, ISA stops serving content– FileFile– DatabaseDatabase

ReportingReporting– DisableDisable

Performance; ISA ClientsPerformance; ISA Clients

OutboundOutbound– Use Remote WinSock (RWS) client where Use Remote WinSock (RWS) client where

possiblepossible– Set web browsers to use ISA server as Web Set web browsers to use ISA server as Web

ProxyProxy– Streaming media clients Streaming media clients

Performance; Registry Re-CapPerformance; Registry Re-Cap

DiskDisk– Disable short name creation. Disable short name creation. HKLM\SYSTEM\HKLM\SYSTEM\

CurrentControlSet\Control\ CurrentControlSet\Control\ Filesystem DWord Filesystem DWord “NtfsDiable8dot3NameCreation” “NtfsDiable8dot3NameCreation” 0x10x1

– Disable last access update. Disable last access update. HKLM\SYSTEM\HKLM\SYSTEM\CurrentControlSet\Control\ CurrentControlSet\Control\ Filesystem Filesystem DWord“NtfsDsiableLastAccessUpdate” DWord“NtfsDsiableLastAccessUpdate” 0x10x1

– Multiprocessor only - Bypassing I/O Counters. Multiprocessor only - Bypassing I/O Counters. HKLM\SYSTEM\CurrentControlSet\Control\Session HKLM\SYSTEM\CurrentControlSet\Control\Session

Manager\I/O System DWord Manager\I/O System DWord “CounterOperations” “CounterOperations” 0x00x0

Performance; Registry Re-CapPerformance; Registry Re-CapNTLM AuthenticationNTLM Authentication– HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\

Parameters DWord “MaxConcurrentApi” 0x3 through Parameters DWord “MaxConcurrentApi” 0x3 through 0x60x6

ISAISA– Internal DNS CacheInternal DNS Cache

Web Proxy: HKLM\SOFTWARE\Microsoft\Fpc\Web Proxy: HKLM\SOFTWARE\Microsoft\Fpc\Arrays\{Array GUID}\ArrayPolicy\WebProxy DWord Arrays\{Array GUID}\ArrayPolicy\WebProxy DWord "msFPCDnsCacheSize“ & "msFPCDnsCacheTtl" "msFPCDnsCacheSize“ & "msFPCDnsCacheTtl" Firewall: HKLM\SOFTWARE\Microsoft\Fpc\Arrays\Firewall: HKLM\SOFTWARE\Microsoft\Fpc\Arrays\{Array GUID}\ArrayPolicy\Proxy-WSP DWord {Array GUID}\ArrayPolicy\Proxy-WSP DWord "msFPCDnsCacheSize“ & "msFPCDnsCacheTtl"msFPCDnsCacheSize“ & "msFPCDnsCacheTtl““


ISAISA– Maximum backlog for incoming TCP Maximum backlog for incoming TCP

connectionsconnectionsNon RPC – HKLM\System\CurrentControlSet\Non RPC – HKLM\System\CurrentControlSet\Services\ FWSRV\Parameters Services\ FWSRV\Parameters “ServerMappingBlacklog” DWord key. For “ServerMappingBlacklog” DWord key. For Exchange server 0x50, Web server 0xA0.Exchange server 0x50, Web server 0xA0.RPC – HKLM\Software\Microsoft\FPC\PluginRPC RPC – HKLM\Software\Microsoft\FPC\PluginRPC “ServerMappingBlacklog” and ”InterfacesBacklog”. “ServerMappingBlacklog” and ”InterfacesBacklog”. For Exchange RPC “ServerMappingBlacklog” = For Exchange RPC “ServerMappingBlacklog” = 0xA0 and ”InterfacesBacklog” = 0x50.0xA0 and ”InterfacesBacklog” = 0x50.


ISAISA– Bypass Name ResolutionBypass Name Resolution

HKLM\SYSTEM\CurrentControlSet\Services\ HKLM\SYSTEM\CurrentControlSet\Services\ W3Proxy\Parameters\ W3Proxy\Parameters\ SkipNameResolutionForPublishingRules DWord SkipNameResolutionForPublishingRules DWord “SkipNameResolutionForPublishingRules” 0x1“SkipNameResolutionForPublishingRules” 0x1HKLM\SYSTEM\CurrentControlSet\Services\ HKLM\SYSTEM\CurrentControlSet\Services\ W3Proxy\Parameters\ W3Proxy\Parameters\ SkipNameResolutionForAccessAndRoutingRules SkipNameResolutionForAccessAndRoutingRules DWord DWord “SkipNameResolutionForAccessAndRoutingRules” “SkipNameResolutionForAccessAndRoutingRules” 0x10x1

Performance; ReferencesPerformance; References

WindowsWindowsDiskDisk

http://www.microsoft.com/http://www.microsoft.com/technet/prodtechnoltechnet/prodtechnol/ windows2000serv/reskit/serverop/part2/ sopch08.as/ windows2000serv/reskit/serverop/part2/ sopch08.aspp

System System

http://http://support.microsoft.com/default.aspxsupport.microsoft.com/default.aspx? ? scidscid=kb;en-us;171793=kb;en-us;171793

http://www.microsoft.com/http://www.microsoft.com/technet/prodtechnoltechnet/prodtechnol/ windows2000serv/reskit/serverop/part2/ sopch10.as/ windows2000serv/reskit/serverop/part2/ sopch10.aspp

Performance; ReferencesPerformance; ReferencesISAISA

http://www.microsoft.com/technet/security/ http://www.microsoft.com/technet/security/

prodtech/ISA/ISAPrfBP.aspprodtech/ISA/ISAPrfBP.asp

http://www.isaserver.org/tutorials/ISA_Clients__ http://www.isaserver.org/tutorials/ISA_Clients__

Part_1__General_ISA_Server_Configuration.htmlPart_1__General_ISA_Server_Configuration.html

http://support.microsoft.com/default.aspx? http://support.microsoft.com/default.aspx?

scid=kb;en-us;326040scid=kb;en-us;326040





Q & AQ & A

isa server 2000 best practices from the field presenters: jim harrison - microsoft corp jim edwards...

Documents

isa slide

syn slide

unfiltered slide

nsa slide

isa firewall slide

server publishing slide

nondomain slide

single domain slide