A bit more security
Briefly introduced: ISA Server 2006
Microsoft has made the various types of server and web server publications a focus for innovation. Numerous authentication processes are now supported.
ISA Server 2006 (Internet Security and Acceleration Server) represents the fifth version of Microsoft's integrated firewall, VPN and web cache solution to hit the market. Microsoft first threw its hat in the ring back in 1997 with Proxy Server 1.0, a web cache solution with integrated packet filter.
Microsoft ISA Server 2006 is being offered in two versions: ISA Server 2006 Standard and ISA Server 2006 Enterprise. While ISA Server 2006 Enterprise Version is intended for use in large corporate environments with several firewalls and integrated load balancing, the standard version is meant to replace existing firewall solutions in smaller systems or to be a solution just behind an existing firewall implementation. The changes and additions in ISA Server 2006 are nowhere near as extensive as those undertaken between ISA Server 2000 and ISA Server 2004.
Microsoft undertook few superficial changes, and everything remains in the same place in the GUI as for ISA Server 2004. The changes are more apparent at the detail level. Microsoft has made the various types of server and web server publications a focus for innovation. In ISA Server 2006, publications of this kind delineate the rules for access from the Internet onto internal resources behind the firewall. This part of the software now features, among other functionality, version-specific exchange server publications, a new publishing assistant for Sharepoint Portal Server and the opportunity to operate web servers in the load balancing process. The Outlook Web Access server publication (OWA) now allows the implementation of personal HTML forms, as well as changes to the Windows password through OWA.
Microsoft's most far-reaching improvement to ISA Server 2006 involves potential authentication procedures. Alongside the integrated Windows authentication, RSA SecurID, RADIUS, RADIUS-OTP, LDAP, Digest, Kerberos and Forms Based Authentication are all now supported. The Kerberos Protocol Transition and Constrained Delegation is also new; it is used by ISA Server to authenticate other Kerberos servers. ISA Server 2006 now also supports Single Sign On (SSO).
The server also offers a simplified and expanded certificate administration console and a function for limiting the impact of denial of service attacks. To do so, ISA Server 2006 attempts to restrict the number of permitted TCP/UDP connections per IP address or to admit them only within a defined time frame. The Link Address Translation function for converting internal hyperlinks used on the web server into publicly available hyperlinks and web server publications has been fundamentally reworked and is now active by default.
Finally, the VPN Branch Office Wizard (AppCfgwzd.exe) helps administrators in corporate headquarters create the L2TP/IPSec parameter for VPN link-up with branch offices. Based on the information from the VPN administrator, the wizard creates a configuration file that the administrator at the branch must add into his ISA server. Microsoft has not yet integrated the SSL-VPN technology purchased from Whale Communications into ISA Server 2006.
ISA Server 2006 expects to find Windows Server 2003 SP1 at the time of installation and can be purchased in its standard version (1 CPU) for around £ 1,300 (2000 euro). The Enterprise edition will cost around £ 4,400 (6,500 euros). Both versions are also to be offered as appliances. Microsoft is offering trial versions that can be tested for 180 days. (dab)