Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 145
  • Last Modified:

Test web server on ISA 2004

I am re-designing a small network (30 users), mostly the Internet facing portion. This will probably involve an ISA 2004 server for outbound proxy and handling remote access to a new Exchange server on the internal network.  The ISA server would be dual-nic, with external nic sitting on the DMZ behind a firewall and the other nic internal.

Part of the test if\sproviding a test of users downloading some files re-directed from their hosting vendor.  User is on www site, clicks to download (HTTP) a file, then is redirected to network in question.

My question is: Can I let this download come from the ISA server or do I need a separate  server on the DMZ for security?  If the concept proves valid, I would need a separate server for performance, but was not sure it was technically or security necessary.  

Thanks.
0
banjo1960
Asked:
banjo1960
  • 3
1 Solution
 
Keith AlabasterEnterprise ArchitectCommented:
You 'can' do it from ISA by publishing the web service in the ISA's internal NIC IP but it is highly "not" recommended.

technically it should be on a seperate box as ISA should be controlling the security, the flow of traffic and redirection of requests. The ISA server is known s the 'local host' when you set it up and behaves differently to any other machine that it protects. Things that may work in this fashion are not assured to work for any clients.

From a security point also you should not host ANY service on the ISA server itself. The one exception to this rule is when you are running Microsoft's Small Business Server (SBS). SBS runs a cut down version of ISA that is designed to sit on the SBS Domain Controller.

In short, put it on any box (perimeter or internal) but not on the ISA.

Regards
keith

0
 
banjo1960Author Commented:
Thanks for the clear response. I was fairly certain that was the case from other articles, but you cleared it up nicely.

0
 
Keith AlabasterEnterprise ArchitectCommented:
Your welcome :)
0
 
Keith AlabasterEnterprise ArchitectCommented:
Thank you :)
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now