Microsoft followed up its first attempt at a firewall and Internet-caching product, dubbed Microsoft Proxy Server, with a far more impressive software release--Microsoft Internet Security and Acceleration (ISA) Server 2000. ISA Server 2000 offers multilayer enterprise firewall capabilities, Web proxy and caching services, stateful packet inspection, and other advanced security features in a scalable, high-performance software package. Four years later, Microsoft is ready to unleash its third-generation firewall product, ISA Server 2004. The new version will offer an even wider range of features and functionality, including an interesting hardware-based option that might appeal to large enterprises. Here's what you need to know about ISA Server 2004.
Application-Level Security and Integration with Microsoft Services
The biggest improvement in ISA Server 2004 is its ability to perform deep-level stateful inspection (i.e., application-level filtering) of HTTP connections. This feature will be a boon to Microsoft-oriented shops because ISA Server 2004 will intelligently filter network traffic to and from Microsoft server products such as Microsoft Exchange Server, Internet Information Services (IIS), and Windows SharePoint Services (WSS). You can also use ISA Server policies to enforce secure connections between Exchange Server and Microsoft Outlook, although you need to configure the Outlook client to use secure remote procedure calls (RPCs).
You use a rules-based mechanism to configure custom settings for ISA Server 2004's packet-inspection features for both inbound and outbound network traffic. Advanced users can configure ISA Server 2004 to work with the Windows 2003 VPN Quarantine tools that are available in the Windows Server 2003 Resource Kit. Although difficult to configure, these tools ensure that no client systems can connect to the network until they have the latest security patches and other software that your enterprise deems necessary.
Simpler Management Tools
ISA Server 2004 ships with a redesigned Microsoft Management Console (MMC)based management console that sports simple wizards and task lists to help you achieve certain configurations for the wide range of network topologies that ISA Server supports. For example, the management console makes it fairly simple to set up ISA Server 2004 out of the box as an edge server or as a node in a multipronged environment that includes internal, perimeter, external, VPN, and other network zones, each with its own policies and routing rules. The policy editor is particularly well designed, with a Visual Studio (VS)inspired drag-and-drop editing feature that lets you drop features onto rules to create policies. The editor is XML-based, so you can import and export configurations for backup or for multiple-machine deployments.
I can't overstate the importance of the new easy-to-use UI. Firewall misconfiguration is one of the most common causes of security breaches through firewalls. The straight forward configuration coupled with the ease of updating a software-based solution gives ISA Server 2004 an edge over most hardware-based firewalls.
ISA Server 2004 also includes a new monitoring dashboard that presents a summary view of session state, alerts, events, performance, and other criteria. And a real-time log viewer displays ISA Server's firewall, Web Proxy, and SMTP Message Screener logs.
Optional Hardware Device Support
Select Microsoft partners, including Celestix Networks, HP, and Network Engines, will ship ISA Serverbased firewall appliances, most of which target midsized or large companies. Essentially single-purpose Windows 2003 servers with semi-closed architectures, these boxes will offer the complete feature set of ISA Server 2004 and the flexibility of an appliance. Hardware vendors provide the service for these devices, giving customers a single point of contact for sales, service, and support. Because of pricing ($3000 and up for low-end boxes and $10,000 and up for rack-mounted solutions), these appliances won't serve small businesses well. I'd like to see Microsoft work with its hardware partners to develop low-cost firewall appliances as well.
Recommendations
ISA Server 2004 is a huge improvement over its predecessor, but it does have several downsides. One major limitation is that it doesn't fully integrate with Microsoft Small Business Server (SBS) 2003 and that product's unique (and arguably superior) management tools. However, Microsoft says that it's working on SBS 2003 integration and will have a more elegant solution in the future. And until the Windows 2003 update, code-named R2 for Release 2, includes a better quarantine feature, quarantine functionality won't be widely deployed. Finally, ISA Server 2004 is very much Microsoft oriented: Although it will work in a heterogeneous environment, it won't integrate with non-Microsoft servers unless third-party developers come up to speed and release add-on products that build on ISA's extensible platform.
End of Article
)
Register
Can you elaborate (explain) this comments.
regards,
Kizzy
kizzy September 29, 2004 (Article Rating: