Microsoft ISA Server 2006 Evaluation Guide
June 2006
ISA Server 2006 is the integrated edge security gateway that helps protect your IT environment from Internet-based threats while providing your users with fast and secure remote access to applications and data.
For more information, press only, contact:
Rapid Response Team
Waggener Edstrom
(503) 443-7070
rrt@wagged.com
This document supports a preliminary release of a software product that may be changed substantially prior to final commercial release. This document is provided for informational purposes only and Microsoft makes no warranties, either express or implied, in this document. Information in this document, including URL and other Internet Web site references, is subject to change without notice. The entire risk of the use or the results from the use of this document remains with the user. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
Ó 2006 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, ActiveSync, ActiveX, Hotmail, Outlook, PowerPoint, SharePoint, Windows, Windows NT, Windows Media, Windows Server, and Windows Server System are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
INTRODUCTION
Welcome to the Reviewers Guide for Microsoft® Internet Security and Acceleration (ISA) Server 2006. ISA Server 2006 is a fully integrated application layer firewall, virtual private network (VPN), and Web caching solution. A member of the Microsoft Windows Server System™, ISA Server 2006 is a highly secure, easy-to-use and cost-effective solution that helps IT professionals combat new and emerging threats against Internet-facing organizations.
Enterprises are facing an onslaught of increasingly targeted and sophisticated attacks on their networks. Protecting corporate resources at corporate headquarters as well as at branch offices, while providing seamless access for legitimate business functions, requires a sophisticated and multi-functional edge gateway.
ISA Server 2006 is the integrated edge gateway that provides:
Ø Integrated security ISA Server 2006 secures your environment and protects your partners and users from malicious programs. ISA Server 2006 provides improved security through integration with Microsoft application infrastructure and Microsoft Windows® services such as NTLM and Kerberos authentication, the Active Directory® directory service, VPN, Routing and Remote Access, Network Load Balancing (NLB), and more. ISA Server 2006 is built on the Windows Server™ 2003 platform, which has fewer vulnerabilities then any Linux-based operating system.
Ø Efficient management ISA Server 2006 makes it easy to enable new usage scenarios with your existing infrastructure. ISA Server 2006 provides reduced Total Cost of Ownership (TCO) and simplified deployment and management through easy-to-use user interface, tools, flexible software development kit (SDK), remote management, and strong logging and reporting capabilities.
Ø Fast and secure access ISA Server 2006 ensures your data and applications are safe and users are productive. With its compression, caching, single sign on, and link translation features, ISA Server 2006 provides secure, high speed, and seamless user access to corporate applications and data.
ISA Server 2006 is intended to meet customer demand for a single, integrated solution that is flexible enough to be used in a variety of different scenarios. Some scenarios include:
Ø Protect internal network resources by screening all incoming and outgoing Internet traffic.
Ø Ensure network access and network reliability.
Ø Manage secured traffic across different sections of the network.
Ø Authenticate users to make them more accountable and to control access based on users and groups.
Ø Provide useful reports and detailed logging information for both inbound and outbound traffic.
Ø Provide fast, secure access to internal servers.
Ø Implement technologies to allow for collaboration.
Ø Maintain confidentiality and integrity of information being transferred.
Ø Cost-effectively enable remote user connectivity to the corporate network.
Ø Cost-effectively create a secure and fault tolerant site-to-site VPN between offices.
Key Trends
Hacking incidents against companies have risen exponentially over the last few years with hackers targeting the point of least resistance in a network. Because traditional network firewalls are not designed to detect and prevent intrusions to the application layer, the vast majority of Internet-based attacks now target applications such as e-mail, Web server, and on-line collaboration software. In addition, today’s workforce is becoming ever-increasingly mobile, bringing additional challenges to providing secure access to corporate resources.
A key trend concerns the increase of new and emerging threats that bypass traditional stateful packet inspection-only firewalls through protocols such as Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer Protocol (SMTP). Traditional packet inspection firewalls have done a satisfactory job of blocking attacks that take place at the network layer, but have done little to contend with application-based threats. Companies are demanding solutions that offer deeper inspection of Web-based content.
Identity theft, Web site defacement, unauthorized network access, theft of proprietary information, and service disruption—all possible manifestations of application layer attacks—can result in significant loss of productivity and hurt an organization’s bottom line.
IT professionals are under pressure to do more with less in securing their environments.
The need to simplify administration by consolidating security devices and products is taking on greater importance.
Regulatory pressures are increasing and becoming more complex. Compliance with legislation, such as the Sarbanes Oxley Act, Gramm Leach Bliley, the US Patriot Act, the Health Insurance Portability and Accountability (HIPAA) Act of 1996, the Basel II Accord, the EU Data Protection Directive, and California’s new Privacy Act, present challenging requirements. These regulatory requirements vary from country to country, bring greater complexity to compliance for companies that operate internationally. Organizations must now weigh the regulatory implications of network intrusions and failure to implement adequate security infrastructure. Liability and the threat of lawsuits must also be a consideration for any company doing business over the Internet, particularly in the areas of privacy, file sharing, human resources, health, and investor relations.
In this environment, hackers pose not only a risk to data but to a company’s ability to properly comply with these requirements. Even the company’s own user community can pose compliancy problems, for example, if they are illegally sharing copyrighted files over a corporate network.
Customers are calling for easier to use solutions, particularly for small or mid-sized businesses without a great deal of IT personnel resources. Larger organizations require increasing levels of cost-justification for IT expenditure, but still require state-of-the-art security and enterprise-level high availability, monitoring, and performance. Customers demand security options that allow them to maximize network security without sacrificing fast connectivity or performance. They need sophisticated application layer protection, simplified management, security, and performance, plus the scalability and extensibility that will enable them to expand their security solution as business needs dictate.
Using This Guide
This guide highlights the important features of ISA Server 2006 and is intended to make the review process simple.
The sections of this guide are intended to highlight the most important features of ISA Server 2006. These discussions are grouped as follows:
Ø Secure Application Publishing ISA Server 2006 enables greater control over intranet resources, yet provides increased productivity by making them available to remote users. ISA Server 2006 helps protect your corporate applications, services and data across all network layers with stateful packet inspection, application-layer filtering and comprehensive publishing tools.
Ø Branch Office Gateway ISA Server 2006 helps enable you to simplify your administrator and user experiences through a unified firewall and VPN architecture, with web caching and bandwidth management, an optimized firewall and filtering engine and comprehensive access control.
Ø Web Access Protection ISA Server 2006 helps provide web access protection with its hybrid proxy-firewall architecture, granular policies, deep content inspection, comprehensive alerts and monitoring capabilities.
Ø Appendix A This section includes general concepts and discussions not directly related to the three primary scenarios presented in the document.
Ø Appendix B This section provides a list of ISA Server 2006 features with brief descriptions and whether each feature is new, improved, or similar to a feature existing in ISA Server 2004.
Ø Appendix C This section describes how to get started with ISA Server 2006, including system requirements, network requirements, and upgrade paths from ISA Server 2004.
Ø Appendix D This section describes the ISA Server 2006 architecture.
Ø Appendix E This section provides links to additional useful ISA Server information.
For walkthroughs of key features of ISA Server 2006, see the Microsoft ISA Server 2006 Reviewers Guide Walkthroughs.
New Features of ISA Server 2006
ISA Server 2006 provides the following new features.
Integrated security |
Improved security through tight integration with applications and with Microsoft infrastructure such as Active Directory, Windows Internet Name Service (WINS), Dynamic Host Configuration Protocol (DHCP), NLB, and VPN Quarantine. |
Ø Increase security and deployment flexibility for Web application servers through enhanced multi-factor authentication (smart cards and one-time passwords), flexible integration with Active Directory (LDAP), and customizable forms-based authentication for almost any Web application and client device. |
Ø Easily integrate ISA Server with your existing authentication infrastructure through enhanced authentication delegation (including NTLM, Kerberos, and SecurID), and gain more access control with improved session management that detects non-user traffic through automatic idle-based time-outs. |
Ø Maintain secure branch office infrastructure using Background Intelligent Transfer Service (BITS) caching to accelerate the deployment of software updates and keep remote computers protected. |
Ø Help defend your network with Enhanced Flood Resiliency features for event handling and monitoring that provide better resistance to denial of service and distributed denial of service attacks. |
Ø Mitigate the effects infected computers have on your network with enhanced worm resiliency through simplified client Internet Protocol (IP) alert pooling and connection quotas. |
Ø Enhance attack remediation through comprehensive alert triggers and responses to quickly notify administrators of network problems. |
Efficient management |
Reduced TCO through simplified deployment and management, cost, and server consolidation. |
Ø Simplify the process of securely publishing Exchange, Windows SharePoint Services, and other Web servers with easy-to-use wizards for multiple sites, and enhanced certificate administration to avoid configuration errors. |
Ø Easily deploy entire farms of Web servers behind ISA Server using session-based and IP-based affinity with automatic out-of-service detection using Web Publishing Load Balancing. |
Ø Easily deploy and configure ISA Server computers in branch offices by using answer files on removable media for unattended installation, and with easy-to-use VPN wizards to streamline connectivity. |
Ø Manage remote ISA Server computers more effectively with faster propagation of enterprise policies, reduced server requirements, and low-bandwidth optimizations. |
Ø Provide enhanced resource control by log throttling and control of memory consumption and pending DNS queries. |
Ø Unify management and monitoring across your ISA Server infrastructure with the Management Pack for Microsoft Operations Manager 2005, and use enterprise-level and array-level policies to easily control security and access rules across your organization. |
Fast and secure access |
Secure and seamless user access to resources with added speed through caching. |
Ø Enable a smoother user experience for published Web applications, document libraries, and content through single sign on and comprehensive link translation to help ensure secure and consistent access. |
Ø Improve Web page load times and reduce WAN costs for users in branch offices with HTTP traffic compression and caching. |
Ø Help ensure that the highest priority applications get precedence over other network traffic through Diffserv IP settings, providing better bandwidth utilization and response times for critical Web resources. |
No comments:
Post a Comment