Microsoft Internet Security and Acceleration (ISA) Server 2004 Unleashed

As the name implies, quarterly maintenance is performed four times a year. Areas to maintain and manage on a quarterly basis are typically fairly self-sufficient and self-sustaining. Infrequent maintenance is required to keep the system healthy. This doesn't mean, however, that the tasks are simple or that they aren't as critical as those tasks that require more frequent maintenance.

Changing Administrator Passwords

Local Administrator passwords should, at a minimum, be changed every quarter (90 days). Changing these passwords strengthens security measures so that systems can't easily be compromised. In addition to changing passwords, other password requirements such as password age, history, length, and strength should be reviewed.

This is particularly important for ISA Servers that are not domain members because the local accounts on the system provide the only access into the environment.

Audit the Security Infrastructure

Security is the cornerstone of ISA Server functionality, and it is critical to validate that an ISA Server is secure. This validation should be performed no less than every quarter, and can also be useful in satisfying third-party IT environment audits that may be dictated by governmental or industry compliance.

Security audits can be performed via traditional checks of security procedures and infrastructure, such as the following:

  • Who has administrative access

  • The physical security of the servers
  • The presence of procedural documentation

  • Firewall policy based on role-based access controls
  • Existence and maintenance of audit and firewall logs

In addition to validating security in this way, third-party hacking and intrusion tools can be used to validate the effective security of an ISA server. These tools are constantly being used "in the wild" on the Internet, and it can be advantageous for an organization to use the latest tools to test the robustness of the current ISA configuration.

Gather Performance Metrics

It is often the case that an ISA server, when first deployed, can easily handle the traffic that it processes, but then slowly become more and more overloaded over time. This can be true particularly for servers that start their lives with limited roles, such as a reverse proxy server only, but then over time take on additional roles such as VPN server, content caching server, or edge firewall. It is therefore important to monitor the performance of an ISA server on a quarterly basis, using a utility such as the Performance Monitor (perfmon), shown in Figure 17.7.

Figure 17.7. Using the ISA Server Performance Monitor.

If regular monitoring of the ISA server indicates that the system is getting overloaded, it can be retrofitted with additional memory, more processors, faster disks, or multiple servers that are added into the environment.

Reassess Goals and Objectives

As is often the case with IT solutions, a project's goals and objectives may change over time. ISA may have been deployed for a limited rolefor example, to satisfy a certain need. Later on, however, other functionality that ISA can provide may become necessary. It can be quite advantageous to reevaluate goals and objectives on a quarterly basis to see whether any of the additional functionality that ISA provides can satisfy them.

The reason this reassessment is important for an environment is because in many cases an ISA server that has been deployed simply sits in one place, doing its job, and the fact that it can be utilized for other functionality often is overlooked. Organizations may go out and purchase expensive SSL/VPNs, intrusion detection solutions, or content caching products to satisfy newly identified needs, without realizing that a product that is currently deployed can fill those needs easily.

    Категории