Comments on: Reviewing the Microsoft ISA Server 2006 System Policy http://tmgblog.richardhicks.com/2009/07/08/reviewing-the-microsoft-isa-server-2006-system-policy/ Microsoft Forefront TMG 2010 and ISA Server 2004/2006 News and Information Thu, 09 Feb 2012 00:57:15 +0000 hourly 1 http://wordpress.com/ By: Richard Hicks http://tmgblog.richardhicks.com/2009/07/08/reviewing-the-microsoft-isa-server-2006-system-policy/#comment-68 Tue, 14 Jul 2009 21:23:59 +0000 http://tmgblog.richardhicks.com/?p=458#comment-68 This should provide some clarification – http://tmgblog.richardhicks.com/2009/07/14/microsoft-isa-server-2006-web-based-management-console/. Thanks!

]]> By: reza http://tmgblog.richardhicks.com/2009/07/08/reviewing-the-microsoft-isa-server-2006-system-policy/#comment-66 Tue, 14 Jul 2009 13:13:22 +0000 http://tmgblog.richardhicks.com/?p=458#comment-66 Thanks for your reply.

When we look at the properties of this rule, in the Protocols tab, we can see the “ISA Server Web Management”. What this protocol? What do you mean about “old days when the operating system included a web-based management facility”?

Thanks a lot!

-Reza

]]> By: Richard Hicks http://tmgblog.richardhicks.com/2009/07/08/reviewing-the-microsoft-isa-server-2006-system-policy/#comment-65 Mon, 13 Jul 2009 16:00:39 +0000 http://tmgblog.richardhicks.com/?p=458#comment-65 I believe this is a leftover from the old days when the operating system included a web-based management facility. There is no remote management utility for Microsoft ISA Server 2006, unless of course you have a Celestix MSA Series security appliance which does include a web-based management tool! If you are interested in seeing a demonstration, send me a note and I’ll provide you with a URL to our live online demonstration site.

]]> By: reza http://tmgblog.richardhicks.com/2009/07/08/reviewing-the-microsoft-isa-server-2006-system-policy/#comment-64 Mon, 13 Jul 2009 15:32:57 +0000 http://tmgblog.richardhicks.com/?p=458#comment-64 In System Policy Editor, what is Web Management section. How can I manage ISA Server by using Web applications?

Thanks

]]> By: Richard Hicks http://tmgblog.richardhicks.com/2009/07/08/reviewing-the-microsoft-isa-server-2006-system-policy/#comment-61 Thu, 09 Jul 2009 16:40:59 +0000 http://tmgblog.richardhicks.com/?p=458#comment-61 http://technet.microsoft.com/en-us/library/bb794718.aspx

]]> By: reza http://tmgblog.richardhicks.com/2009/07/08/reviewing-the-microsoft-isa-server-2006-system-policy/#comment-58 Thu, 09 Jul 2009 08:34:43 +0000 http://tmgblog.richardhicks.com/?p=458#comment-58 Can you please give the link of the ISA Security Guide IIRC?

Thanks

]]> By: Jason Jones http://tmgblog.richardhicks.com/2009/07/08/reviewing-the-microsoft-isa-server-2006-system-policy/#comment-57 Wed, 08 Jul 2009 22:51:51 +0000 http://tmgblog.richardhicks.com/?p=458#comment-57 Nice post Rich ;)

This approach should be part of any least privilege design/implementation and is actually quite easy to do.

Although Microsoft did a good job with system policy, it can never reflect the actual needs of the environment and therefore needs to be “tuned” as necessary by thinking about what the ISA deployment actually requires.

This approach is a standard part of our ISA builds and is also recommended in the ISA security guide IIRC. Personally, I try and disable as many policies as possible and then create specific computer sets for each rule to remove the default objects. Well worth spending 5 mins on any deployment if you ask me ;)

Cheers

JJ

]]>