• Training news
  • 2009 news archive
  • 2008 news archive
  • 2007 news archive
  • 2006 news archive
  • 2005 news archive
  • 2004 news archive
  • 2010
  • 2011
  • 2012

• Bookmark and share
  • Technorati favourite
  • Delicious
  • Digg
  • Reddit
  • Facebook
  • Stumble Upon

• Recent pages
  • Firefox downloads hit one billion mark
  • Microsoft Visual Studio
  • Social networking - a security time bomb?
  • Data throughput on an Ethernet network
  • Using type professionally in InDesign

What's new in Microsoft ISA Server 2004?

You can never have too much security - but the question we need to ask of ISA Server 2004, is: does it have enough?

01 October 2004

Within many organisations, ISA Server has been a long-serving part of the network. Originally starting life as little more than a proxy server, ISA Server has now grown up, to become a fully featured security solution. The latest version, ISA Server 2004, builds on that previous heritage and adds a whole range of new features.

With security being an ever moveable feast, it's important that products like ISA Server keep up with reality. Microsoft's products are favourite targets for hackers, and ISA Server is often seen as the 'prize target'. Within Microsoft's public relations commitment to security growing, this new version does need to keep ahead of the game - which it does, very much.

There's a lot that's new or improved in ISA Server 2004 - clearly a lot of work has been put into the product.

The core of many organisations' interest will be the firewall, which has been considerably beefed up. New firewall features include:

• better protocol support - including IP-level protocols. You can use applications such as ping and tracert to create virtual private network (VPN) connections, using Point-to-Point Tunnelling Protocol (PPTP).
• better support for complex protocols, such as those required by streaming media and voice/video applications. There is also an easy-to-use 'New Protocol Wizard' which helps you to create protocol definitions.
• custom firewall groups, based on your preexisting groups in local accounts database or in Active Directory. Better than a one-size-fits all firewall, this lets you manage access based on already defined user or group memberships.

Improved firewall features include:

• easy to configure access to Web based Hotmail accounts (isn't that what a firewall is there to stop?!)
• new wizards to make configuration much easier.
• user/group-based access policy.
• a Web Access Publishing Wizard to help you to create a firewall rule and OWA SSL connection to your Exchange Server, making Outlook Web access less problematic.
• better support for FTP access.
• more secure Web publishing - you can place servers behind the firewall, either on the corporate network, demilitarised zone or screened subnet and securely publish their services.

ISA Server 2004 now offers what Microsoft calls 'advanced protection' - many new features to help boost security. These include:

• HTTP filtering on a per-rule basis to configure custom constraints for HTTP inbound and outbound access.
• blocking of all executable content - regardless of filename or extension (yes!)
• control of HTTP downloads, with all extensions blocked apart from a specifically defined group of 'allowed' extensions.
• precise control over the type of Web content users are allowed access to, via "HTTP signatures" that can be used to compare the request URL, request headers, request body, and response body.

Management, monitoring and reporting are overhauled, giving network administrators pretty much all the control that they could wish for. Key updates include:

• real-time monitoring of firewall, Web proxy, and SMTP message screener logs.
• extensive log querying facilities.
• real-time monitoring of firewall sessions.
• extensive report publishing.
• the capability to export and import configuration information.
• The ability to assign administrative roles to users and groups.

Virtual private networks (VPNs) are better catered for. Great features include:

• VPN clients being configured as a separate network zone: so can create distinct policies for VPN clients.
• expanded VPN client support, which allows SecureNAT clients to access the Internet without needing the firewall client to be installed on the client system.

And let's not forget ISA Server's origins - the Web cache and proxy server is also vastly improved, with better rules for caching and better path mapping for Web publishing rules. New features include Remote Authentication Dial-In User Service (RADIUS) support and SecurID authentication for Web proxy clients.

All of this adds up to one mighty new product which delivers on its promises - and then some. If you're already running a previous version of Windows ISA Server, this is a no-brainer upgrade - although the prerequisite is a Windows 2003 environment, which is a step you may not have taken yet.

And then of course there's training - which is where we can help. We are currently providing a range of courses for ISA Server, though not all of these are on our schedule as yet - so please call us for more information on ISA Server training.