Abdullah,
Abdullah.Mohammed@Rashpetco.com wrote:
I have MS ISA 2004 Server running on MS Windows 2003 Server, and now I working for a security assessment for that server, could any one help me with a guide line or a document to complete this job.
ISA is a firewall product - many of the same rules apply when doing a
security assessment of ISA as to any other firewall product, in addition
to a range of ISA-specific rules and best-practices. The first thing I'd
suggest, then, is to take a look at how ISA is performing for you as a
firewall - ie. looking principally at the firewall architecture,
ruleset, etc.
This is something that's going to involve a large amount of
introspection, looking at what exactly your needs are in terms of
traffic traversing your ISA Firewall and assessing how your ISA Ruleset
meets those needs.
It's also something that's more complex than just asking "do I need this
rule?" - ideally, you want to look at /every/ aspect of a rule and
eliminate components of rules that you do need that are unnecessary or
redundant, such as allowing DNS traffic through your ISA box from domain
clients who use AD DNS Servers.
Lots of ISA-specific best practices and configurations creep in here too
- you also want to be looking at some of the more complex and
architectural aspects of your rulesets and architecture, such as the
depth to which you're using publishing rules, or how you're firewalling
VPN Connections.
ISA is also a software application running on top of Windows 2003
Server. The second thing you want to look at, then, is how it's setup in
this context. What patchlevel is on the operating system, how it's
locked down (group policy, security policy, filing system & registry
permissions) how service accounts are configured, and probably other
things such as capacity and hardware configuration. If your ISA box
isn't a standalone, you have the added concerns of how AD is configured,
too.
On this topic, I'd suggest the usual suspects; the windows 2003 security
guide[1] and the ISA Security Guides for ISA 2004[2] and ISA 2006[3].
To adequately do a security assessment of ISA (or even provide advice on
doing so) really needs a good knowledge both of ISA (and what it's
capable of) and your infrastructure, as well as understanding of what's
generally best practice for ISA deployments in whatever scenarios you
have it deployed in, networking, and firewalling generally.
If you actually want to perform a serious security assessment, you want
to very carefully consider whether or not you have (or can acquire)
these understandings yourself. If you can't, consider hiring someone who
knows what they're doing already.
If you can provide some more specific information on how you have ISA
deployed, you may find you're given some more specific suggestions on
what elements in particular you want to be looking at.
Hope that helps.
- James.
[1]http://go.microsoft.com/fwlink/?LinkId=14845
[2]http://www.microsoft.com/technet/isa/2004/plan/securityhardeningguide.mspx
[2]http://www.microsoft.com/technet/isa/2006/security_guide.mspx
--
James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org
"All at sea again / And now my hurricanes
Have brought down this ocean rain / To bathe me again"
https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3
--
smime.p7s
Description: S/MIME Cryptographic Signature
