• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Discussion for ISA Server Exchange Kit Topologies article

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Server Publishing >> Discussion for ISA Server Exchange Kit Topologies article Page: [1]
Login
Message << Older Topic   Newer Topic >>
Discussion for ISA Server Exchange Kit Topologies article - 3.Nov.2003 4:10:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
This thread is for discussing the ISA Server Exchange Kit topologies article at http://isaserver.org/articles/isaexchangetopologies.html.

Thanks!
Tom

[ November 03, 2003, 11:02 AM: Message edited by: tshinder ]
Post #: 1
RE: Discussion for ISA Server Exchange Kit Topologies a... - 3.Nov.2003 4:27:00 AM   
sniper

 

Posts: 687
Joined: 9.Aug.2001
From: OK, USA
Status: offline
wheres XXX?

(in reply to tshinder)
Post #: 2
RE: Discussion for ISA Server Exchange Kit Topologies a... - 3.Nov.2003 11:02:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Chris,

Ha! I knew I forgot something [Big Grin]

Fixed.

Thanks!
Tom

(in reply to tshinder)
Post #: 3
RE: Discussion for ISA Server Exchange Kit Topologies a... - 3.Nov.2003 2:36:00 PM   
Dirky

 

Posts: 36
Joined: 30.Apr.2002
Status: offline
Hi Tom, nice articles! Nice diagrams too, what did you use for those?

Thanks

Mike

(in reply to tshinder)
Post #: 4
RE: Discussion for ISA Server Exchange Kit Topologies a... - 3.Nov.2003 7:37:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Mike,

Thanks! I used Visio 2003. Nice stencils right out of the box!

Tom

(in reply to tshinder)
Post #: 5
RE: Discussion for ISA Server Exchange Kit Topologies a... - 20.Nov.2003 3:59:00 PM   
-=v00d00=-

 

Posts: 3
Joined: 20.Nov.2003
From: Nashville TN
Status: offline
OK security gurus, there are two schools of thought on ISA topology and I would like to get as much information on behalf of an Enterprise client of mine that I am currently the PM / Consultant for concerning an ISA / OWA install.

1. Microsoft recommends Front-End Exchange server IN the DMZ hosting OWA and port 80/443 open to the Back-End Exchange server as well as port 3268 for GC/authentication. That seems totally wrong from a port perspective. What about DNS, RPC, SMTP, LDAP and others?

2. Tom Shinder recommends NEVER putting the front end in the DMZ because it is joined to the domain and and presents a domain rights issue and valid security risks. However conventional wisdom says to NEVER put a webserver (OWA) no matter how secured anywhere but in a DMZ due to the substantial risk of Nimbda / Code Red type attacks as well as the myriad other web exploits. Frankly, as a security professional I'm inclined to side with Tom on this issue.

My client topology is as follows:

Windows 2000 Server / Exchange 2000 / IIS 5.0

1. F5 BIG IP 1000 Load Balancer on the front end.
2. Cisco PIX 515 as the perimeter security w/ DMZ
3. Front-End OWA currently running on corporate LAN, but can be moved to the DMZ if necessary.
4. Surf Control device (can be made redundant by ISA I know) inside Corporate LAN for filtering content to clients.

Large healthcare facility with HIPAA compliance and all and I'm just looking for any feedback as to any and all solutions to properly mitigate risk in good faith / due diligence. Thanks for your input guys. I know I'm asking the best brains out there!

Regards,

[ November 20, 2003, 05:15 PM: Message edited by: -=v00d00=- ]

(in reply to tshinder)
Post #: 6
RE: Discussion for ISA Server Exchange Kit Topologies a... - 28.Nov.2003 3:34:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi VooD,

If you only require reverse proxy, using a back end ISA. The allows you to leverage the layer 7 protection ISA provides to the corporate network and provides a good degree of psychotherapy to the pix enthusiasts who believe that packet filtering firewalls are secure [Wink]

HTH,
Tom

(in reply to tshinder)
Post #: 7
RE: Discussion for ISA Server Exchange Kit Topologies a... - 22.Mar.2005 1:47:00 PM   
Guest
Hello, first let me say how I appreciate all the guidlines and tutorials about ISAserver and beyond.
My question is the following: The ISA2000 kit for Exchange 2000/2003, is it pretty much the same for ISA2004.
I had a quick look at ISA2004 and it looks very different as opposed to ISA2000.

Thanks

Benny

(in reply to tshinder)
  Post #: 8
RE: Discussion for ISA Server Exchange Kit Topologies a... - 29.Mar.2005 2:46:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Benny,

Very, VERY different. Check it out over at www.microsoft.com/isaserver

HTH,
Tom

(in reply to tshinder)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Server Publishing >> Discussion for ISA Server Exchange Kit Topologies article Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts