Greetings, Recent news reports have confirmed what a lot of Web server administrators and security folks expected: Microsoft has released to manufacturing its firewall and caching server called Internet Security and Acceleration (ISA) Server. (See the URL at the end of this column for more details.) Strategically designed to replace Microsoft Proxy Server 2.0, ISA Server goes way beyond the original Web-caching product and tacks on features such as remote management and firewall protection.
Security types have long discounted Proxy Server 2.0's claims of being a true firewall. Although Proxy Servers with up-to-date patches haven't experienced any serious security breaches, the software never caught on in security circles. Proxy Server lacks an important feature—a true port filter that limits inbound and outbound port and IP address access. ISA Server includes port filters that let administrators customize available services and ports. ISA Server also includes new intrusion-detection features built on technology that Atlanta's Internet Security Systems, a popular Internet security vendor, developed.
Many of us use Proxy Server 2.0's reverse proxy or server proxy features to securely publish intranet Web sites. I've spent many sleepless nights trying to set up IIS-based intranet sites that could work simultaneously both from behind and in front of the proxy server. In most cases, the process required just a few virtual Web sites with redirected default pages. But throw in the requirement to use Secure Sockets Layer (SSL), and you really start adding up Web sites and redirects. Outlook Web Access (OWA), an Exchange Web application that runs under IIS, is a good case in point.
I used to set up OWA on my IIS Server and Proxy Server using Proxy Server's server proxy feature. It was painful to install the Winsock proxy client on the Web server, set up the right wspcfg.ini file, and tweak all the redirects to make sure everything worked correctly. I had to plan for port changes because server proxy didn't support redirected Web sites on port 80. (That port was already reserved for the Proxy Server's dependency on IIS.)
ISA Server removes most of these difficulties and actually makes the process easy. Tell the software the IP address and port you've selected for your Web server and the location of the server that contains your source content, and ISA Server does the rest—without proxy clients and redirects.
In summary, ISA Server's firewall and content-publishing features give IIS administrators a powerful tool for publishing Web sites with peace of mind.
Until next time,