Targeting much improved application protection, Microsoft on Tuesday announced the availability of Feature Pack 1 for Microsoft Internet Security and Acceleration (ISA) Server 2000.
Downloadable from the Web, the inaugural feature pack for ISA Server bolsters Microsoft Exchange Server and Microsoft IIS Server and heavily favors Microsoft's desire to incorporate application-layer security into its firewall to create intuitive security management, said Lucian Lui, ISA product manager for Redmond, Wash.-based Microsoft.
Lui said the software behemoth plans to build future versions of ISA Server to manage threats beyond the network edge, enabling SOAP (Simple Object Access Protocol) and XML filtering and .Net framework integration. The goal is to marry the next stage of application security, such as Web services, with existing customer pains such as directory traversal over the firewall and DMZ, instant messaging issues, and SQL Server attacks.
"The architecture of ISA Server will have this ability built-in or [will] be able to pick up new filters. As new, sophisticated attacks come out, we'll have this flexible architecture to compete with that," noted Lui.
Firewall vendors say they are closely following computer attack methods, which have shifted away from the network and instead target Web server applications over Port 80 or Port 443, as well as mail server applications attacks over Port 25.
To combat that trend, ISA Server Feature Pack 1 includes RSA SecurID integration for two-factor authentication, the ability to open and close ports dynamically, and URL scanning through URLScan. In addition, beefed-up SMTP filtering can screen e-mail on the condition of sender; keywords; domain; attachment name, size, or extension; and any SMTP command.
As an early beta tester of the product, Paul Holt, enterprise network and IT standards manager for Longbeach, Calif.-based Memorial Healthcare Services, said ISA Feature Pack 1 allowed his organization to eliminate the need of creating virtual folders on all its servers to access RSA key files.
"We looked at [ISA Feature Pack 1] to replace or augment our current VPN solution. We wanted something where the user didn't have to have a client to access. The integration between RSA [SecurID] and Microsoft ISA allows that," said Holt, who runs a predominantly mainframe and Unix environment as a five-hospital healthcare provider.
ISA Feature Pack 1 also offers users an Outlook Web Access wizard, a link translator, and enforced 128-bit RPC encryption for remote Outlook-to-Exchange communications including the ability for ISA-secure Outlook clients to access external Exchange Server-based computers.
"We need to marry the future of application security like Web services with existing customer pains. Think about [filtering] as the U.S. Postal Service; looking at an envelope as it passes through is one thing, but opening up and seeing the payload is something else," remarked Lui.