NIST Checklist Logo
NIST Security Configuration Checklists Repository
BETA
Browse Repository by
   Product Category
   Vendor
   Submitting
Organization

Our Sponsor
white space white space

Guide to Secure Configuration and Administration of Microsoft ISA Server 2000

Name Guide to Secure Configuration and Administration of Microsoft ISA Server 2000
Version  v1.5
Status  Final
Creation Date Not Available
Revision Date 2002-08-09
Product Category Firewall
Vendor Microsoft Corporation
Product Microsoft ISA Server 2000
Product Version ISA Server 2000
Product Role Enterprise Firewall
Checklist Summary The purpose of this guide is to inform the reader about the available security settings for the Enterprise version of Microsoft ISA Server 2000. The chapters are presented in an order that follows the same sequence of events that an administrator might use in setting up ISA Server. It starts with an important notice about operating system security and then proceeds to ISA Server installation, configuring access controls within ISA Server, setting up the packet filter and intrusion detection features, working with ISA Server extensions, enabling the publishing features to allow information from inside the ISA server to be published on the external network (if desired), and finally monitoring the ISA server. The document also details client setup issues. Each section is formatted to provide a narrative introduction followed by a checklist that summarizes the narrative. This is intended to provide both a level of detail for those who may not be familiar with a certain aspect of ISA Server, while also offering a more concise checklist for those who do not need the background material
Known Issues Do not attempt to implement any of the settings in this guide without first testing in a non-operational environment. This document is only a guide containing recommended security settings. It is not meant to replace well-structured policy or sound judgment. Furthermore, this guide does not address site-specific configuration issues. Care must be taken when implementing this guide to address local operational and policy concerns. The security changes described in this document only apply to Microsoft Windows 2000 systems and should not be applied to any other Windows versions or operating systems.
Target Audience It is also assumed that the reader is a knowledgeable Windows 2000 administrator. A knowledgeable Windows 2000 administrator is defined as someone who can create and manage accounts and groups, understands how Windows 2000 performs access control, understands how to set policies, is familiar with how to set up auditing and read audit logs, etc. This document does not provide step-by-step instructions on how to perform these basic Windows 2000 administrative functions; it is assumed that the reader is capable of implementing basic instructions regarding Windows 2000 administration without the need for highly detailed instructions.
Target Operational Environment Enterprise wide distribution.
Checklist Installation Tools The Microsoft Management Console is used to customize and apply some of the security settings to Windows systems. A Registry editor (Regedt32.exe or Regedit.exe) can be used for manipulation of registry keys.
Rollback Capability Not Available.
Testing Information The security configuration guide has been extensively tested in a lab and operational environment.
NIAP/CMVP Status  
Regulatory Compliance  
Comments, Warnings, Disclaimer, Miscellaneous
 Refer to Known Issues.
Disclaimer Do not attempt to implement any of the settings in this guide without first testing them in a non-operational environment. Security configuration guides are provided for the Department of Defense and other government agencies requiring security configuration guidelines. The guides contain recommended security settings. They are not intended to replace well-structured policy or sound judgment. The guides do not address site-specific configuration issues. Care must be taken when implementing the guides to address local operational and policy concerns. All security changes described in the guides are applicable only to specifically identified operating systems or architecture components and should not be applied to any other operating system or architecture components.
Product Support  
Submitting Organization/Authors National Security Agency
Point of Contact SNAC.Guides@nsa.gov
Sponsor  
Licensing

Refer to the legal statement provided at:
http://www.nsa.gov/notices/notic00004.cfm?
Address=/snac/os/win2k/isa_server_2k.pdf
Checklist Homepage http://www.nsa.gov/ia/
Download Package isa_server_2k.pdf
Integrity SHA1 (isa_server_2k.pdf) =
7894a1bb2bb289f60f75a86bb4f6351cafee8886

SHA256 (isa_server_2k.pdf) =
45e92029e00619f78d75f5e38b5ba0ace1b37b3
e30ed12c0d1810c9959ee8a8b
Change History

v1.1, date unknown
v1.2, date unknown
v1.2.1, date unknown
v1.3, date unknown
v1.4, date unknown
v1.4.1, date unknown
v1.4.2, date unknown
v1.5, 2002-08-09
Dependency/Requirement  
References

Microsoft Product Documentation/Help file, Microsoft ISA Server 2000 Enterprise Edition

Shinder, Dr. Thomas W and Shinder, Debra LittleJohn, Configuring ISA Server 2000.

Weirer, Jeff and Mosmeyer, Daniel, Tips from the Proxy Server Gurus - Configuring & Troubleshooting Services and Applications to Work with MS Proxy Server 2.0 FAQ, 1999. http://proxyfaq.networkgods.com/

NIST Identifier 1014


NIST and the checklist submitter do not guarantee or warrant the checklist's accuracy or completeness. NIST is not responsible for loss, damage, or problems that may be caused by using the checklist.

Last updated: May 13, 2005
Page created: October 28, 2004
Disclaimer Notice & Privacy Statement / Security Notice
Send comments or suggestions to checklists@nist.gov
NIST is an Agency of the U.S. Commerce Department's Technology Administration