With the Microsoft ISA Server 2004 Security Firewall organizations can maximize
security with packet, circuit, and application-level
traffic filtering:
The Microsoft ISA Server 2004 Security Firewall dynamically
and intelligently performs stateful packet filtering
(stateful packet inspection) and stateful
application-layer inspection of traffic crossing the
firewall. This ensures integrity of communications and
prevents security breaches by intruders, hackers, worms,
viruses, and suspicious command strings. Stateful
inspection is done in the context of both the
application-layer protocol and the state of the
connection.
The Microsoft ISA Server 2004 Security Firewall goes beyond
basic application filtering by controlling
application-specific traffic with application, command,
and data-aware filters. Through intelligent filtering of
VPN, HTTP, FTP, SMTP, POP3, DNS, H.323 conferencing,
streaming media, and RPC traffic, ISA Server 2004 can accept,
reject, redirect, and modify traffic based on its
contents.
The Microsoft ISA Server 2004 Security Firewall's secure server publishing
helps protect Web servers, e-mail servers, and
e-commerce applications from external attacks. ISA
Server 2004 adds a layer of security by impersonating
the published server. Web publishing rules protect
internal Web servers by allowing you to specify which
computers can be accessed. Server publishing rules
protect internal servers from unwarranted access by
external users. Intelligent application filtering
protects all published servers from external
attack.
Using the Microsoft ISA Server 2004 Security Firewall's integrated intrusion
detection capabilities based on technology from Internet
security systems, ISA Server 2004 generates an alert and
executes an action if it detects a network intrusion
attempt (such as port scanning, WinNuke, or ping of
death).
By integrating Microsoft ISA Server 2004 Security Firewall services
with the VPN services of Windows Server 2003 and Windows
2004 Server, ISA Server 2004 enables you to provide
standards-based secure remote access to connect branch
offices and remote users to corporate networks. You can
apply the ISA Server 2004 firewall policy to VPN connections
to gain fine-tuned control over the resources and
protocols that VPN users can
access.
Microsoft ISA Server 2004 Security Firewall's secureNAT provides
transparent firewall access through the ISA Server 2004
computer and protection for all IP clients on ISA Server 2004-protected networks, with no client software or
configuration necessary, by substituting a globally
valid IP address for an internal IP address.
Sophisticated application-layer filters provide complex
protocol support for SecureNAT
clients.
The Microsoft ISA Server 2004 Security Firewall supports
strong user authentication with integrated Windows
authentication (Windows NT/LAN Manager and Kerberos) for
its firewall and Web proxy clients. For Web proxy
clients, the product supports client certificates as
well as digest, basic, forms-based, and anonymous Web
authentication. ISA Server 2004 Enterprise Edition can
authenticate users against the local user database on
the firewall in Active Directory, or it can use RADIUS
to authenticate against any RADIUS-compliant
directory.
For Web servers that
require authenticated and encrypted client access, ISA
Server 2004 provides end-to-end security and
application-layer filtering using SSL-to-SSL bridging.
Unlike most firewalls, ISA Server 2004 inspects
encrypted data before it reaches the Web server. The
firewall decrypts the SSL stream, performs stateful
inspection, and then re-encrypts the data and forwards
it to the published Web server.
The Microsoft ISA Server 2004 Security Firewall uses fast
random access memory (RAM) caching and an optimized disk
cache to accelerate Web performance, both for ISA Server 2004-protected network clients accessing Internet Web
servers and for Internet users accessing content on a
corporate Web server.
You can preload the cache
with entire Web sites on a defined schedule. Scheduled
downloads ensure up-to-date cache content for every user
while also making content on offline Web servers
available to your users.
You can manage all ISA Server 2004 computers from a single, centralized management
console. The ISA Server 2004 management console allows you to
configure and manage hundreds of ISA Server 2004 computers
and Web caching servers from a single
location.
You can control inbound and
outbound access according to user, group, application,
source, destination, content, and schedule. ISA Server 2004
firewall policy wizards specify which sites and content
are accessible, whether a particular protocol is
accessible for both inbound and outbound communication,
and whether communication between specified IP
addresses, using specified protocols and ports, should
be allowed or denied.
ISA Server 2004 enables you
to copy your entire firewall configuration to an .xml
file. This .xml file can be copied to removable media or
sent through secure e-mail to other firewall
administrators. You can easily create a standardized
firewall configuration throughout your organization or
deploy it using these configuration files. You can also
copy selected elements, such as VPN configuration or
firewall policy rules, to an .xml file and import
them.
ISA Server 2004 can leverage the
user database stored in Active Directory to authenticate
both inbound and outbound access through the firewall.
Active Directory integration is available even when the
ISA Server 2004 computer is not a member of an Active
Directory domain.
Graphical taskpads and
configuration wizards help you simplify configuration of
common firewall tasks. For example, wizards can publish
Exchange Server-based servers on the network behind the
ISA Server 2004 computer, configure the computer to be a
remote access VPN server or gateway, or create a new
firewall rule.
You can manage ISA Server
2004 remotely through a Microsoft Management Console
(MMC), Windows Server 2003 Remote Desktop, Windows 2004
Terminal Services, and command-line scripts.
You can monitor servers in
all arrays from a single location with the ISA Server 2004
centralized monitoring feature. Any firewall
administrator with the proper credentials can monitor
all servers in any array from a centralized management
console environment.
ISA Server 2004 provides
detailed security and access logs in standard data
formats, such as delimited text files, Microsoft SQL
Server databases, or SQL Server 2004 Desktop Engine
(MSDE) databases. You can run scheduled built-in reports
on Web usage, application usage, network traffic
patterns, and security, and you can automatically
publish these reports to a local folder or a remote file
share. Event-driven alerts can trigger e-mail messages
to administrators, start and stop firewall services, and
take automated action based on alert
criteria.
For ISA Server 2004 Web
proxy and firewall clients, you can restrict access
through the firewall based not only on IP addresses but
also on user names. This group-based and user-based
access control provides you with granular control over
inbound and outbound access for all
protocols.
