Microsoft ISA Firewall Add-On Aimed At Exchange, Web Server Protection


As it readies a more enterprise-ready firewall for the upcoming Windows.Net wave of servers, Microsoft has released an add-on to its Internet Security and Acceleration (ISA) Server 2000 that's designed to provide stronger protection for its Exchange and Internet Information Services (IIS) customers.

The ISA Feature Pack 1, now available for download from the Microsoft Web site, incorporates new application-layer firewall defenses and security enhancements for Microsoft Exchange Server and Outlook Web Access, as well as IIS. The security enhancements to Outlook Web Access and Exchange will improve e-mail and Web server protection and allow mobile workers to feel more secure using a Web-based client, rather than a dedicated client and VPN connection, Microsoft executives said.

In addition, the ISA Feature Pack 1 integrates a new URLScan designed to provide protection from attacks at the edge of the network and prevent hackers from reaching Web servers, such as IIS in Windows 2000 and Outlook Web Access, according to Microsoft. The feature pack also offers support for RSA Security's RSA SecurID, an industrial-strength authentication solution for accessing Web servers. To stop unwanted e-mail, ISA Feature Pack 1 also includes enhancements to the ISA Server SMTP Filter and Exchange RPC Filter, which flag keywords and sender information to prevent malicious e-mail from entering the network, according to Microsoft.

Microsoft bolstered ISA to protect customers against more sophisticated network and application attacks, company executives said, adding that traditional firewalls like ISA are aimed at packet filtering and network traffic analysis.

The software giant said some customers are using a combination of the VPN services in Windows 2000 and ISA server so they can leverage the Internet as their backbone telecommunications infrastructure. For example, Avanade has saved more than $1 million in telecommunications costs by replacing its frame-relay network with a combination of the Microsoft servers, Microsoft executives said.

The ISA Feature Pack 1 was delivered as part of the Trustworthy Computing Initiative by Microsoft's Security Business Unit, which was established last March. Microsoft first announced the development of ISA in June 2000, and the product was delivered in February 2001.

Sources in the solution provider channel say Microsoft is working on a major upgrade of ISA that is tightly integrated with the Windows.Net Server--due out this year--and offers better intrusion detection and compatibility with third-party security offerings, including Cisco firewall products.

Microsoft declined to comment on the planned release date for the next version of ISA. However, Zachary Gutt, technical product manager for ISA Server at Microsoft, said the upgrade will offer improved network security and Web services support.

"We're still in the planning stages for future versions of ISA, and there's no date or hard [feature] plans," he said.

Still, Gutt said the next version will offer better application-level and content filtering for all kinds of traffic. "There's a need for application-layer inspection and deep inspection of all protocols over all kinds of ports to improve network security," he said. "XML Web services is something we're investigating, and the right place to do that is the ISA Server."