News

Microsoft Releases ISA Server Feature Pack

Microsoft Corp. posted a downloadable Feature Pack 1 for ISA Server 2000 on Tuesday that pushes Microsoft's enterprise software firewall further up the security food chain into the role of application-layer filtering.

Feature Pack 1 for Internet Security & Acceleration Server 2000 provides additional security features for Exchange and IIS servers and adds new wizards to make common scenarios easier to lock down.

"Hackers are bypassing traditional firewalls," said Zachary Gutt, technical product manager for ISA Server. "Today Port 80 is being used for many, many things other than Web browsing," Gutt said, listing Outlook Web Access and Web services as two such common, legitimate uses for the port. "ISA is really optimized for application-layer filtering."

In addition to the packet filtering and stateful inspection functionality it shares with most firewalls, Microsoft is drilling into its understanding of Exchange, IIS and Outlook Web Access to make ISA protect such Microsoft infrastructure products better from the network edge. In fact, Microsoft's pitch to customers with firewalls in place is to deploy ISA in addition to get Microsoft-specific coverage.

"ISA Server Feature Pack 1 addresses three main customer pains that we've heard," Gutt said. One is providing external e-mail access without compromising network security, the second is securing Web sites and Outlook Web Access, and the third is providing wizards to make common usage scenarios easier to set up.

Microsoft's main push in enhancing Exchange security for remote users consists of improvements to the Exchange RPC Filter, which shipped with the original ISA Server 2000. "We've enhanced it to allow an administrator to force encryption between all communications between Outlook and Exchange," Gutt said. Because there's no switch in Exchange to require encryption, users must select encryption in Outlook. The enhanced filter allows an administrator to configure ISA to drop a connection if the client doesn't have encryption turned on. Gutt said the approach provides a nice alternative to the overhead of a VPN and the less secure Outlook Web Access options for administrators who want to give traveling users access to e-mail but not the rest of the network.

The ISA team has also included the URLscan tool developed by the IIS team and put it in ISA Server to protect Web servers from buffer overflows, directory traversals and other attacks. "By running it at the network edge, you don't allow these attacks to even get into your internal network. Plus you don't have to run it on every IIS and OWA server in your network," Gutt said. Another highlighted change in the ISA feature pack for securing traffic over Port 80 is support for RSA SecureID authentication.

In the area of ease of use, Microsoft has added wizards to Feature Pack 1 for setting up Outlook Web Access and Exchange RPC filters. Additional technical documentation and scenario guides are included with the feature pack.

The interim pack brings new features to a product that is more than two years old and for which a general timeline for a follow-on product hasn't been discussed. The pack includes published hotfixes since Service Pack 1 for ISA Server 2000, but doesn't include any new bug fixes, according to Gutt.

Microsoft has said previously that it will not create another version of Mobile Information Server after the 2002 release, and that the functionality is being split into Exchange and ISA. Exchange 2003, set for release later this year, is planned to include Outlook Mobile Access technology that previously was a feature of Mobile Information Server. The ISA feature pack is not the vehicle, however, for including the mobile network authentication functionality that Mobile Information Server provided, Gutt said. When asked if that functionality would be included in the next full release of ISA, Gutt said the feature set for the product has not been locked down.

Meanwhile, Microsoft is not promising a Feature Pack 2 or Feature Pack 3 for ISA. "We're definitely considering the possibility of more. It's not something we're ruling out," Gutt said.

Internet Security & Acceleration Server Feature Pack 1 is available here:
http://www.microsoft.com/isaserver/featurepack1/download.asp.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.