ISAserver.org - Monthly Article Update
- From: "ISAserver.org" <info@xxxxxxxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 01 Jun 2005 09:54:26 -0400
ISAserver.org - Monthly Article Update
Hi ISAlist,
New articles added to ISAserver.org last month:
Title: Supporting ISA Firewall Networks Protecting Illegal Top-level Domains:
You Need a Split DNS!
Author: Thomas Shinder
Summary: Of all the issues in ISA firewall networking, the one that most
commonly gets people hot under the collar is that of the split DNS. I’ve never
been able to figure out why barriers go up for a lot of folks when you begin to
talk about a split DNS. Maybe it’s because they believe they need to rename
their internal network domains, or that they think there is an adverse security
impact, or maybe its just because DNS is so difficult to understand in the
first place, that the idea of further complicating the issue puts them over the
edge.
Link: http://www.ISAserver.org/tutorials/2004illegaltldsplitdns.html
Title: Playing Well with Others: Configuring the ISA Firewall on a PIX DMZ for
Secure Remote Access to OWA and other Exchange Services
Author: Thomas Shinder
Summary: One issue that I rarely had to deal with before ISA Server 2004 came
out was whether an organization needed to remove its current PIX firewall
infrastructure to securely support ISA Server 2000 remote access scenarios to
Exchange Server. Unlike the new ISA firewall, organizations considered the ISA
Server 2000 to be primarily a Web proxy server akin to Proxy Server 2.0. Since
there was this perception of ISA Server 2000 being only a proxy server, there
was never a question on whether the PIX should stay where it was. The questions
were more along the lines of where best to put ISA Server 2000 behind the PIX.
Link: http://www.ISAserver.org/tutorials/2004isapixdmz.html
Title: Enabling DHCP Relay for ISA Firewall VPN Clients
Author: Thomas Shinder
Summary: We all know that the ISA firewall provides unparalleled firewall
protection when the ISA firewall is placed on the Internet edge, DMZ, or on one
of the perimeters of you internal network security zones. In addition to the
ISA firewall’s state of the art stateful packet and application layer
inspection mechanisms, the ISA firewall is a one of a kind VPN server and VPN
gateway that allows both remote access and VPN gateway connections to the ISA
firewall. Of all the VPN devices I’ve ever worked with (and I’ve worked with a
lot of them), the ISA firewall’s VPN is the easiest to configure and the most
secure I’ve ever seen.
Link: http://www.ISAserver.org/tutorials/2004dhcprelay.html
Title: The Mystery of the failing POP3 Access with ISA 2000
Author: Stefaan Pouseele
Summary: You have configured your ISA 2000 server and internal clients
according to best practices. Everything is running smoothly except that a lot
of users are complaining about connection problems when accessing an external
POP3 server. If you want to know why this can happen and how to solve that
problem, read on.
Link: http://www.ISAserver.org/articles/ISA2000_POP3Access.html
Title: Remote Access VPN and a Twist on the Dangers of Split Tunneling
Author: Thomas Shinder
Summary: If you ever want to get a rise out of your ISA firewall VPN
administrator, try asking him how you enable split tunneling for your remote
access VPN client connections. Split tunneling is a major security risk for any
organization that deploys any type of VPN server enabling users VPN remote
access to the corporate network. All firewall and security administrators know
of the dangers of split tunneling and do whatever they can to prevent this from
happening.
Link: http://www.ISAserver.org/tutorials/2004fixipsectunnel.html
Title: Enabling Internet Access for VPN Clients Connected to an ISA Firewall
Author: Thomas Shinder
Summary: A problematic situation with the ISA Server 2000 firewall was that
once a VPN client connected to the ISA Server 2000 firewall, they could not
connect to the Internet using their default SecureNAT client configuration.
Link: http://www.ISAserver.org/tutorials/2004vpnclientnetaccess.html
Visit the Subscription Management (http://newsletter.isoftmarketing.com/)
section to unsubscribe.
ISAserver.org is in no way affiliated with Microsoft Corp.
For sponsorship information, contact us at advertising@xxxxxxxxxxxxx
Copyright © ISAserver.org 2005. All rights reserved.
Other related posts:
