Microsoft ISA Server - info
Internet Security and Acceleration Server
Microsoft Internet Security and Acceleration (ISA) Server 2004 is the advanced stateful packet and application-layer inspection firewall, virtual private network (VPN), and Web cache solution that enables enterprise customers to easily maximize existing information technology (IT) investments by improving network security and performance. ISA Server 2004 provides advanced protection, ease of use, and fast, secure access for all types of networks. ISA Server is particularly well suited for protecting large enterprise network configurations requiring multiple firewall arrays in disparate locations that are running Microsoft client and server applications, such as Microsoft Office, Office Outlook Web Access 2003, Office SharePoint Portal Server 2003, Internet Information Services (IIS), Routing and Remote Access, Active Directory directory service, and many other Microsoft applications, servers, and services.
- Providing Secure E-Mail Access to Employees Outside the Corporate Network
• ISA Server 2004 provides a unique level of protection for Outlook Web Access Web sites. With the easy-to-use interface of ISA Server 2004, organizations can quickly set up Web publishing rules that enforce secure forms-based authentication.ISA Server 2004 also helps stop attacks against e-mail servers, both through Secure Sockets Layer (SSL) decryption (SSL bridging), which enables SSL traffic to be statefully inspected for malicious code, and through stateful HTTP filtering, which provides deep inspection of HTTP application content.In addition, ISA Server can authenticate users. Authentication prevents anonymous connections from reaching your mail server. Preventing anonymous connections prevents anonymous user logon attempts, which represent a key attack vector aimed at internal mail servers.
- Providing Secure Access to Intranet Information for Remote Users
• ISA Server 2004 uses Web and server publishing rules to securely publish information over the Internet. Publishing information to Internet users makes computing resources inside the corporate network available to users outside the network.The ISA Server integrated Web and server publishing wizards automate common tasks and reduce the risk of misconfiguration. In addition, link translation for publishing Web servers allows for intelligent translation of internal links into publicly accessible URLs. ISA Server can also inspect Web and other network traffic for legitimacy, such as enforcing valid URLs. In addition, ISA Server can authenticate users through existing authentication frameworks, which allows you to block potentially unwanted and dangerous anonymous requests from reaching published servers.
- Enabling Secure Access to Corporate Network Information for Partners
• Using the ISA Server 2004 integrated VPN gateway capability, you can securely connect business partners to your corporate network using a site-to-site VPN connection over the Internet while limiting their access to specific servers and applications. ISA Server encrypts all information exchanged between the partner and corporate network, which ensures data confidentiality and prevents data from being stolen or modified by Internet criminals. The secure VPN site-to-site link provides partners with a transparent, secure, encrypted access to corporate extranets. Users on the corporate and partner networks are never aware that the connection moves through a VPN connection and never need to reconfigure their applications to use the site-to-site VPN link between offices. In addition, VPN gateway servers authenticate with each other twice: one authentication takes place for the computers creating the connection and the second authentication takes place for the user account responsible for the VPN site-to-site link. This double authentication provides the highest level of security available for VPN site-to-site connections today.
• Providing Remote Access to Required Corporate Network Resources for Employees
• Through advanced application-layer inspection, ISA Server 2004 helps protect your corporate network from unmanaged remote computers accessing the corporate network through a VPN by inspecting and analyzing VPN remote access client traffic to block worms and viruses. You can use ISA Server to assign flexible network policies to VPN users and groups, allowing them access to specific servers and applications, while blocking them from connecting to other resources on the corporate network. ISA Server provides advanced security by quarantining VPN remote access clients that do not meet preconfigured corporate policies regarding installation of software updates, antivirus software, or other specific computer configurations.
• Enabling Branch Offices to Communicate Securely with the Main Office Over the Internet
• An ISA Server 2004 VPN gateway enables an administrator to join entire networks together through VPN site-to-site links. For example, if your company has one or more branch offices, you can use ISA Server to connect all your branch offices to your main office VPN gateway. The Internet Protocol security (IPsec) tunnel mode VPN protocol support in ISA Server enables the firewall administrator to set strong access controls, including user, group, site, computer, protocol, and application-layer specific controls over traffic moving through the VPN site-to-site link. With these strong access controls in place, users on the local network can access only allowed content on the remote network, and remote network users can access only the designated local network resources. Strong ISA Server access controls allow employees to access information they require to accomplish their work, and block access to all other computer resources.
• Controlling Internet Access and Protecting Clients from Malicious Traffic on the Internet
• With ISA Server 2004, you can easily control and apply Internet access policies for your user populations, as well as protect users from malicious Internet traffic. Flexible firewall policies allow for Web site blocking as well as content filtering, both to improve user productivity and to block inappropriate content. ISA Server features built-in integration with Active Directory, enabling you to build custom access controls for different organizational roles and job levels based on Active Directory users and groups. In addition, stateful application-layer filtering in ISA Server enables you to improve the reliability of your environment by protecting your client computers and servers from advanced attacks.
• Ensuring Fast Access to the Most Frequently Used Web Content
• Caching capabilities in ISA Server 2004 ensure fast access to popular Web content. ISA Server can send specific requests to upstream caching servers if the downstream cache is full.
• Providing High Availability, Real-Time Failover, and Connection Load Balancing for Inbound and Outbound Connections
• Today's connected business depends on constant and reliable Internet access. ISA Server 2004 Enterprise Edition helps increase uptime for inbound and outbound connections through firewall arrays with integrated NLB support, which enables ISA Server enterprise arrays to provide enhanced uptime by automatically and transparently moving connections away from downed firewalls. Users never need to reconfigure client computers, and firewall policy never needs to be manually updated if one or more array members become unavailable.