I am working on securing the entire network for one of my clients. I ran into this article on TechNet that targets the specific area of extranet and how you can best secure it. The article is full of valuable information for securing your extranet environment and is called Plan security hardening for extranet environments.
Part of the article discusses this extranet hardening tool that’s offered by Microsoft. It’s called Extranet hardening planning tool: back-to-back perimeter (http://go.microsoft.com/fwlink/?LinkId=85533&clcid=0×409).
The tool will help you figure out which ports are required for our ISA Server, routers and firewalls. This tool is a Microsoft Office Visio file that you can edit to customize for your own environment. For example, here are some things that you can do with this tool:
- Add your custom port numbers, where applicable.
- Where a choice of protocols or ports is provided, indicate which ports you will use.
- Indicate the specific ports that are used for database communication in your environment.
- Add or remove requirements for ports based on:
- Whether you are configuring e-mail integration.
- Which layer you deploy the query role to.
- If you are configuring a domain trust relationship between the perimeter domain and the corporate domain.
