Submitted by: Submitted by vasunt
Views: 207
Words: 5062
Pages: 21
Category: Literature
Date Submitted: 10/11/2012 09:42 AM
jghjghjg
l;kl;
[pic]
Protecting Microsoft Internet Information Services Web Servers with ISA Server 2004
White Paper
Published: June 2004
For the latest information, please see http://www.microsoft.com/isaserver/
Contents
Introduction 1
Advanced HTTP Filtering 2
Delegation of Basic Authentication 3
Outlook Web Access Forms-based Authentication 4
RADIUS Authentication of Incoming Web Site Connections 5
SecurID Authentication of Incoming Web Site Connections 6
SSL-to-SSL Bridging 7
Flexible Web Site Redirection 8
Secure Web Server Publishing Wizards 9
Protection of Internal Server Names with Link Translation 10
Use of Custom Firewall Groups to Control Web Site Access 11
Conclusion 12
Introduction
Attacks against Web servers are the most common form of attack against corporate resources. Web sites exposed to Internet users must be secured to the greatest extent possible in order to successfully fend off repeated attacks from Internet intruders.
The first step in protecting publicly available Web servers is to harden the underlying operating system and the Web server components as much as possible, while leaving the Web applications’ functionality intact. The next step is to place an application-layer-aware firewall in front of the Web server. Such a firewall inspects incoming and outgoing Web communications moving through the firewall, assesses their safety and validity, and then allows or denies communications based on this assessment.
While security is a primary concern when allowing Internet users access to corporate Web resources, security without accessibility is of marginal value. A firewall must be able to provide a high level of security while at the same time giving the firewall administrator a high level of control over how Internet users access corporate Web resources.
Microsoft® Internet Security and Acceleration (ISA) Server 2004 is an...