Advertisment

Getting a Feel of ISA Server 2006 Beta

author-image
PCQ Bureau
New Update

Microsoft recently released the beta version of its new ISA Server 2006. ISA

Server is an application layer firewall, a VPN gateway with proxy and caching

functionalities. The Enterprise Edition of ISA 2006 uses a multi-tiered

enterprise and array model. An array is a representation of one



or more ISA Server computers that are physically connected and share the same
configuration.

Advertisment

An ISA Server enterprise consists of one or more arrays that group together

ISA Server firewall computers in the enterprise. Each enterprise manages its own

array members. It uses firewall policies to protect networks and control traffic

flowing in and out of the organization. The firewall policy consists of access

and publishing rules defined at the enterprise level and at the array level.

Direct

Hit!
Applies

to:
IT Security Managers
USP:

Protecting your network with ISA Server 2006
Links:

www.microsoft.com/isaserver/2006 
Google

keywords:
ISA Server

What's new?



The new ISA Server has many new features and is high on security and
authentication. Its new authentication features include a Single Sign On (SSO),

in which a user authenticates once with ISA Server and can access any number of

servers that are behind ISA Server, without re-authenticating. It also supports

two-factor authentication using smart card or SecurID token. The new ISA Server

2006 promises to provide improved security through its integration with

Microsoft Application infrastructure and Windows services such as NTLM and

Kerberos authentication, Active Directory service, VPN, Routing and Remote

Access, Network Load Balancing (NLB), etc. Plus, it has integrated



support for Exchange 12 and SharePoint Server. 

Advertisment

Web Server Publishing allows administrators to make internal Web applications

available to users outside of the network. Traditionally this involved sending

all traffic that uses TCP port 80 to an internal Web server. Now Web publishing

with ISA Server 2006 inspects all HTTP content before it reaches the Web

servers. This makes it secure from HTTP port attacks.

ISA

Server 2006 can be placed in different places on any enterprise network

under different topologies

It can also be used as a central location to block disallowed Web requests,

which is much easier than configuring each Web server individually. This

provides greater control over intranet resources. Configuring access and

security to a large number of Web sites can be time consuming. To make this easy

ISA 2006 has a feature called Server farms. A farm of servers can be defined as

a network object, and then used in as many different publishing rules as

desired.

Advertisment

The new ISA server also provides protection against Application attacks which

are common these days. To protect against various application threats it has a

Multilayer Firewall functionality which has packet filtering (also called

circuit-layer), stateful filtering, and application layer filtering (Deep Packet

Inspection). Flood Resiliency provides protection against Worm attacks, Syn

attacks, DoS and DDoS attacks.

This version has a new feature called Flood Mitigation, which can protect you against various attacks

In ISA Server 2004 there was connection quota capability to lessen flooding

attacks but there was no way to determine what type of attack was going on. ISA

Server or whatever port or protocol was involved in the attack, etc. But now

with its Flood Resiliency feature it can provide resistance against these

attacks. It can detect the attacking IP address and can also validate if it is

spoofed or not. It can limit TCP connection, TCP concurrent connections, and

requests per minute per IP address.

Advertisment

The other new features of ISA server 2006 include HTTP compression, Diffsserv

(Quality of Service), Single sign on and BITS caching. HTTP compression reduces

file size by using some algorithms to eliminate redundant data. Most of the

common Web-related file types can be compressed for ISA 2006. HTTP compression

in ISA Server is a global HTTP policy setting and it can be applied to all HTTP

traffic that passes through ISA Server to or from a specified network or network

object.

The ISA Server also has real time monitoring and log filtering. It allows a

view of all active connections to and through the firewall, and from a session

view, you can sort or disconnect individual or groups of sessions. It also

provides detailed logs for inbound and outbound access and when combined with

authentication, the logs will contain information about activity by user name.

It can automatically generate several reports too. ISA Server 2006 requires

Windows 2003 with SP1.

Setting up ISA Server



Installing ISA Server 2006 is simple and pretty much similar to ISA 2004. During
installation it asks for the 'internal network address ranges' and the

network adapter to use which is connected to the internal network. You can even

add the private IP address range as your internal network address range.

Configuring ISA Server 2006 is easy as there is a wizard that helps you

configure most of the features.

Advertisment

Using ISA 2006 with SharePoint



First we need to configure ISA Server 2006 as an Edge firewall. To do so, open
ISA Server Management. Expand Configuration and click on Networks. In the right

window click on Edge Firewall and Network Template Wizard will pop-up. It will

ask you for information about the internal network IP address and policies.

Provide the required information and finish the wizard. Once you the Wizard is

finished, your ISA Server is configured as an Edge Firewall.

Go to the ISA Management window and in the Details pane, click on Firewall

Policy. Click the Tasks tab and then on Publish SharePoint sites. A new

SharePoint Publishing Rule window will pop-up. The wizard will ask you to choose

a Publishing Type. Here you need to tell ISA if you are publishing a single

website or an external load-balancer or multiple websites; or if you want to

publish a Server farm. Choose the first option. In the next window you would be

asked for your internal website name, which happens to be your SharePoint site.

You can also choose to use SSL to connect to this site.

Next it will ask you to select a Web Listener. Here click on the New button

to create a new Web Listener. On clicking, a new wizard will pop-up. Provide a

name for the Web Listener. In the next window, it will ask you if you require

SSL secured connections with clients or not. Next you need to choose Web

Listener IP addresses and provide a SSL Certificate for the Web Listener. Also

define how you would like clients to authenticate to ISA server. Once you have

created a Web Listener it will take you back to the SharePoint Publishing

wizard.

Next in this wizard, you will asked to choose a method by which ISA Server

should Authenticate to the published website. Here choose Basic Authentication

and in the next step it will ask you to specify the users on whom this rule

should be applied. Click on 'Apply Changes on Main Window' on completion of

the wizard. Now on the SharePoint Server open IIS Manager and go to

Authentication and Access Control. Click on Edit and select Basic

Authentication. Save changes to IIS Manager. Now your ISA Server is ready to

work with SharePoint server.

Advertisment