Review: ISA Server 2004 Brings Improved Security, Ease Of Use

From the outset, Microsoft designed ISA Server 2004 to meet the needs of two distinct markets: integrated security appliances and software firewalls. Though that may be an unusual approach, the fact is that all firewalls run some type of software, either embedded in firmware or running through a custom operating system. Vendors such as Cisco Systems and SonicWall have embedded their own customized operating systems and software to create their firewalls. Microsoft has taken a similar route to move ISA Server 2004 into the appliance market and has partnered with vendors such as Celestix, Hewlett-Packard and Network Engines to deliver ISA Server 2004 appliances.

To build confidence in the ISA Server platform, Microsoft completely redesigned the product, with ease of use and security in mind. Many users had found previous iterations of ISA Server difficult to work with and customize. Those issues have been addressed by a new graphical user interface and intelligent wizards, which speed setup tasks while enabling more-advanced users drill down to specific settings for customized deployments. The use of network templates also eases deployment by allowing administrators to select the type of protection they need and then enact that configuration with a single mouse click.

The simplified administration masks ISA Server 2004's advanced firewall capabilities. The underlying firewall technology has been fully rearchitected to better protect Microsoft's application infrastructure from internal and external threats. That translates to stronger protection from worms and other malicious code designed to damage or compromise Microsoft-specific products.

Employing a deep-inspection algorithm, ISA Server 2004 examines protocols for problems and furthers protection by combining multilayer firewall services with application layer filtering, which puts the product light years ahead of its predecessor, ISA Server 2000.

ISA Server 2004 effectively safeguards Microsoft-specific technologies such as Exchange Server, Outlook Web Access (OWA), SharePoint and Active Directory. The integration with Active Directory leverages user authentication and group-based policies to bring extra access control without adding complexity.

Sites supporting remote users will appreciate the integrated RADIUS support and VPN Quarantine capabilities, which forces remote VPN users to meet customized levels of security before being granted full access to the network. That's accomplished by quarantining VPN users to a temporary virtual network until all security prerequisites are met. Administrators can use group policy objects to downstream virus scan updates, patches and operating system updates before remote users are granted access to the actual network.

Administrators familiar with ISA Server 2000 will welcome the addition of Visual Policy Editor, which translates the older product's once-cryptic definitions into a visual paradigm that speeds deployment and troubleshooting of firewall rules. Visual Policy Editor is leaps and bounds ahead of the old style of packet filters that many administrators cut their teeth on. Other improvements brought by ISA Server 2004 include improved performance via the Web-caching engine, enhanced reporting capabilities and context-sensitive help.

ISA Server 2004 successfully pulls off a one-size-fits-all firewall solution for both appliance and server-based firewalls. The only thing lacking at this time is better integration with Microsoft's Small Business Server 2003.