Microsoft Internet Security
and Acceleration Server 2000 SharePoint Portal
Server Deployment Kit
Table of Contents
Providing Secure Remote Access to SharePoint Portal
Server 2003 using ISA Server 2000
Martin Grasdal
Dr. Thomas W Shinder
December
2003
Table of Contents at a Glance
Chapter 1
Overview of Microsoft Office SharePoint Portal Server 2003
Better Together: ISA Server 2000 and SharePoint Portal Server
2003
Quick Start: Configuring
SharePoint Extranet Virtual Web Site and ISA Server Web Publishing
Configuring URLScan 2.5 to
Protect Published SharePoint Web Sites
Configuring and Implementing
Secure Sockets Layer (SSL) for SharePoint Web Sites
Using SSL Bridging to Protect
SharePoint Web Sites
Using Server Publishing Rules
to Publish Services and SharePoint Web Sites
Configuring DNS To Support Name Resolution for Internal and External Clients
Configuring Web Proxy Clients for Direct Access to Intranet Resources
Detailed Table of Contents
Chapter 1: Overview of
Microsoft Office SharePoint Portal Server 2003
Abstract
Solving the Problem of Document Management
Relationship of Windows SharePoint Services and SharePoint Portal Server 2003
Features of Windows SharePoint Services
Features of SharePoint Portal Server 2003
What’s New in SharePoint Portal Server 2003
Summary
Chapter 2: Better
Together: ISA Server 2000 and SharePoint
Portal Server 2003
Abstract
Security Issues for SharePoint Portal Server 2003 Web Sites
Firewall Protection for SharePoint Portal Server 2003
Application Layer Stateful Inspection
Securing SharePoint Portal 2003 Web Sites with ISA Server 2000
Web Publishing
Server Publishing
SSL Bridging
URLScan
Link Translation
Delegation of Basic Authentication Credentials
Summary
Abstract
Overview
Step-by-Step Background Information
Step-by-Step How To: Creating New Virtual Web Site To Host the Extranet SharePoint Site
Step-by-Step How To: Extending SharePoint Portal Site into the Extranet Virtual Web Site
What is an Application Pool?
Creating Application Pool for Use by Extranet Web Site
Extending SharePoint Site to Extranet Virtual Web Site
Configuring Virtual the Web Site To Support Basic Authentication
Testing Extranet SharePoint Site from Internal Client
Step-by-Step How To: Configuring ISA Server 2000 To Protect and To Publish SharePoint Extranet Web Site
Configuring IP Packet Filter Settings
Creating a Destination Set
Creating a Web Publishing Rule
Configuring the Incoming Web Requests Listener
Troubleshooting Tips for Web Publishing Rules
Configuring Outbound Access for Internal ISA Clients
Summary
Chapter 4:
Configuring URLScan 2.5 to Protect Published
SharePoint Web Sites
Abstract
Overview of URLScan 2.5
URLScan 2.5 Settings
[Options] Section
[AllowVerbs] and [DenyVerbs] Sections
[AllowExtensions] and [DenyExtensions] Sections
[DenyHeaders] Section
[DenyURLSequence] Section
[RequestLimits] Section
Step-by-Step: Installing Feature Pack 1 and URLScan 2.5
Step-by-Step Background Information
Installing and Configuring URLScan 2.5 for ISA Server 2000
Troubleshooting and Fine Tuning URLScan 2.5
Summary
Chapter 5: Configuring and Implementing
Secure Sockets Layer (SSL) for SharePoint Web Sites
Abstract
Overview of Public Key Infrastructure
Step-by-Step How To: Implementing an Enterprise Root Certificate Authority
Step-by-Step Background Information
Installing and Configuring an Enterprise Root CA
Enabling Secure Sockets Layer on SharePoint Web Site
Summary
Chapter 6
Abstract
Overview of SSL Bridging
Step-by-Step Background Information
Step-by-Step How To: Exporting Digital Certificate from SharePoint Web Site
Step-by-Step How To: Importing a Digital Certificate to ISA Server
Adding Certificates MMC Console
Importing the Web Site Certificate to the ISA Server 2000 Firewall Using Certificates MMC Console
Step-by-Step: Configuring the Incoming Web Requests Listener To Use a Digital Certificate
Testing ISA Server 2000 Firewall SSL Configuration
Troubleshooting 500 Internal Server Errors – the Target Principal Name is Incorrect
Step-by-Step: Configuring SSL Bridging on the Web Publishing Rule
Results of SSL Bridging Configuration
Summary
Chapter 7: Extending the Functionality of
Published Web Sites by Using Delegation of Basic Authentication Credentials and
Link Translation
Abstract
Overview and Configuration of Delegation of Basic Authentication Credentials
Step-by-Step How To: Configuring Delegation of Basic Authentication Credentials
Overview and Configuration of Link Translation
Step-by-Step How To: Configuring Link Translation
Determining Custom Dictionary Entries
Summary
Chapter 8: Using Server Publishing Rules
to Publish Services and SharePoint Web Sites
Abstract
Web Publishing Compared to Server Publishing
Overview of Server Publishing
Step-by-Step How To: Creating a Protocol Definition and Server Publishing Rule To Publish a SharePoint Web Site
Test Lab Background Information
Creating a Protocol Definition for Inbound HTTP Traffic
Configuring Incoming Web Requests Listener to Remove Potential Port Contention
Creating Server Publishing Rule for SharePoint Web Site
Results of Server Publishing Rule for SharePoint Web Site
Configuring Alternate Portal Access Settings
Summary
Chapter 9: Configuring DNS To Support
Name Resolution for Internal and External Clients
Abstract
DNS Overview
The Need for a Split DNS Infrastructure
Solving Remote Access Problems to Microsoft Exchange with a Split DNS Infrastructure
Split DNS Infrastructure Topology for DNS Advertisers
Configuration Details for Extranet DNS Advertisers and ISA Server
Step-by-Step How To: Configuring External DNS Servers and ISA Server 2000 Server Publishing Rules for DNS Service
Configuring the External DNS Advertisers
Configuring Server Publishing Rules for DNS Advertisers on ISA Server
Verifying DNS Intrusion Detection Application Filter
Creating Client Address Set for DNS Zone Transfer Server Publishing Rule
Creating Server Publishing Rules for DNS Queries and Zone Transfers
Configuring a DNS Resolver Infrastructure
Step-by-Step How To: Configuring Conditional Forwarding
Summary
Chapter 10
Abstract
Overview of ISA Server 2000 Clients
Name Resolution for ISA Server 2000 Clients
Step-by-Step How To: Manually Configuring Web Proxy Clients for Direct Access
Step-by-Step How To: Automating the Delivery of Local Domain Table Information to Web Proxy Clients
Configuring Local Domain Table on ISA Server 2000
Configuring Web Proxy Clients with Location of Configuration Script
SharePoint Portal Server 2003 Web Proxy Client Configuration
Step-by-Step How To: Configuring Web Proxy Client Settings for the SharePoint Search Service
Step-by-Step How To: Configuring Web Proxy Client Settings for SharePoint Web Parts
Step-by-Step How To: Controlling Outbound HTTP(S) Access for Web Proxy and SecureNAT Clients
Configuring Outbound Web Requests Listener
Configuring Protocol Rules
Configuring HTTP Redirector for Unauthenticated SecureNAT Client Access
Results of Configuration Change
Summary