Microsoft Introduces Enterprise Firewall and Web Cache Server

REDMOND, Wash ., , June 8, 2000 — David Harper faces the same challenge as many other network administrators. He needs a firewall to protect records within the system he oversees, as well as ways to conserve networking bandwidth and provide secure access away from the office. The solution also needs to do all of these things without gobbling up too much of his system’s resources or his time.

That’s why Harper, network administrator for a Washington State Agency, got excited when he heard about Microsoft’s Internet Security and Acceleration Server 2000 (ISA Server). The new product, which is still in beta review, is designed to meet the firewall and cache needs of administrators such as Harper.

“I’m looking forward to downloading the beta,”
Harper said.
“I have a real need for a product like this, and it’s exciting that Microsoft is coming out with an enterprise security product.”

ISA Server is a multilayer firewall and high-performance Web caching server for enterprise customers — generally larger businesses and organizations with complex computing environments. As the newest addition to the Microsoft Windows DNA 2000 platform, ISA Server 2000 takes advantage of the security, manageability and control benefits of the Windows 2000 operating system. ISA Server 2000 provides secure, fast Internet connectivity, protecting organizations’ information assets from intruders and unauthorized use, and enhancing employee productivity.

“This is an enterprise firewall product, not a proxy server,”
said Lucian Lui, Microsoft product manager for ISA Server, referring to an earlier Microsoft product, Proxy Server 2.0, which was designed principally as a cache.
“ISA Server is an entirely new product that was designed from the ground up to be an enterprise firewall and Web cache for the Windows 2000 Server. We went back to the drawing board at the request of customers who do business on the Internet and need the security that only an enterprise-level firewall provides.”

Microsoft unveiled ISA Server at this week’s TechEd 2000 in Orlando, Fla. Beta versions of the new server remain available for free on Microsoft’s Web site at www.microsoft.com/ISAServer . A commercial version should be available in stores later this year. A long list of companies at TechEd 2000 announced compatible products that integrate and further enhance ISA Server’s virus detection, content security, site categorization, reporting and management tools.

“The early partnership and industry support on this product is impressive,”
Lui said.
“We are thrilled that so many partners have already begun building upon ISA Server to develop security solutions for businesses on the Internet.”

Why Firewall plus Cache?

“Security is vitally important for all companies,”
said Pu Xiang, senior analyst of server technologies for Gartner’s Dataquest division.
“By integrating the firewall and cache, companies get a two-for-one solution.”

By including both a firewall and cache on the same server, Xiang said, small companies can run both the firewall and cache on a single machine. Large companies can manage separate installations with the same administrative tools.

Network administrators can create a single set of operating rules to control the firewall and cache from inside Windows 2000’s Active Directory, which stores user data, policy and other configuration information. This makes management easier and more consistent, Lui said.

A business using a separate firewall and cache can try to secure employee records on its intranet by setting restrictions at the firewall. But the firewall restrictions don’t always apply if the records are also stored in the cache, which creates a risk of unauthorized access, Lui said.

“It’s vital that your network operating policies and management tools are easy to operate,”
Lui said.
“If not, you may end up inadvertently opening new holes for intruders.”

Harper thinks of ISA Server as a one-stop solution. He needs a firewall secure enough to protect state records within the agency’s network, as well as a way to conserve networking bandwidth and provide secure access to the network away from the office.
“Other solutions I considered require products by several vendors and offer limited compatibility, causing a serious strain on my resources,”
Harper said.
“When you see a product like this come out, your ears perk up,”
he said.
“The guaranteed interaction between firewall and caching that ISA Server provides is going to be a major seller, at least for the administrators that I know.”

Firewall as Foundation

While integration increases security and ease of management, the ISA Server’s foundation is its firewall – one with features not found on many other firewalls, such as multilevel traffic screening, data-aware application filters and built-in intrusion detection, Lui said.

The high-profile
“I Love You”
virus and other recent hacker attacks have focused increased attention on the need for Internet security.
“Security has been a major focus for Microsoft,”
Lui said.
“But the increasing sophistication of viruses and hackers requires firewalls with increasingly sophisticated answers. ISA Server has those answers.”

Unlike any Microsoft products before it, ISA Server offers multiple layers of protection, including multilevel filtering,
“stateful”
inspection, intrusion detection and
“smart”
application filters for incoming email and other Internet traffic.

What does this all mean? Internet traffic moves across a network much like packages through a mailroom. ISA Server acts as a postal inspector, deciding which of these virtual packages should pass through. The server’s multilevel filtering not only inspects the address on the package; it can also check the contents inside the package. Stateful inspection further determines the context, or state, of the delivery, opening data ports for inspected packages and closing them when necessary to keep unwanted packages out.

Another feature, integrated intrusion detection, protects against common forms of hacker attacks. Without integrated intrusion detection, a computer may receive a malformed packet that can effectively disable the computer, a so-called
“Ping of Death”
, Lui said. With this feature, the firewall identifies the attack and can take defensive action such as stopping service, emailing the network administrator or executing customized defensive programs, he explained. Integrated intrusion detection also disarms other types of common attacks, including WinNuke and Land Attack, Lui said.

Microsoft licensed integrated intrusion protection from computer security leaders Internet Security Systems. In addition, more than 70 partner companies have developed or are considering products compatible with ISA Server to enhance the firewall’s protections. Eleven companies announced compatible products this week at TechEd 2000. They are Aladdin Knowledge Systems, Content Technologies, CarnerPost Software, N2H2, NetGuard, NetIQ Corp., PatchLink.com Corp., Softech Telecom, surfCONTROL, Trend Micro and WebTrends Corp.

The ISA Server’s compatibility with Windows 2000 provides the additional security of system hardening and Virtual Private Networking (VPN). Hardening disables services that the company doesn’t need running on the operating system . The ISA Server also eliminates the usual struggle of setting up VPNs through firewalls, Lui said.

National Airlines, a rapidly expanding airline, plans to use ISA Server to link its main network in Las Vegas, Nev., to airports in remote locations across the country. The airline needs the convenience of VPN and the security of ISA Server’s firewall to ensure competitors can’t access its flight information through these remote access points, said Matthew Krawitz, National’s director of information services operations.
“This type of technology, deployed intelligently, is exactly what we are looking for,”
Krawitz said.

Performance, productivity

Many businesses need a server to provide more than security. With employees doing more work on the Internet or company intranets, offices need to conserve costly online channels, or bandwidth, while online shopping has opened up new markets for retail businesses.

ISA Server’s cache allows customers to get faster response from commercial Web pages, Lui said, by serving frequently accessed, static content separate from the busier Web server.
“Fractions of seconds matter on the Internet,”
Lui said.
“When you are setting up an e-commerce business, your competitors are basically one click away. Customers will move to another site if your Web site doesn’t pop up within a matter of seconds,”
he said.
“Businesses can’t afford to be slow or unresponsive in e-commerce.”

The ISA Server’s cache speeds up Internet access in offices as well, Lui said. It also saves network bandwidth by connecting to the Web server only when necessary. Additionally, network administrators can download new content to the cache during off-peak times, he said.

The ISA Server uses Microsoft’s Cache Array Routing Protocal (CARP), which conserves space and maximizes speed by balancing user requests among several servers. Many other cache products duplicate the same content on each server.

This difference, Lui said, matters most to businesses as they grow and add additional cache servers. Studies have shown those that duplicate content can’t increase performance at the same rate as CARP, which can cluster multiple ISA Servers as one
“virtual”
cache server, he explained.

Easy to install

Another incentive for National Airlines was the ease of installing ISA Server.

Raul Chavez , the airline’s network operations administrator, said
“wizards”
and task pads built into the server made it easy to set up services. The graphical pads are icons that make it easier to access common tasks. The wizards offer on-screen instructions on how to accomplish the tasks.
“It’s really easy,”
Chavez said.

“ISA Server 2000 delivers on Microsoft’s commitment to secure computing in the digital age – it is critical to any organization’s IT infrastructure,”
Lui said.

Related Posts