ISA Server 2006 Help: Design, Integration, Troubleshooting
Introduction to Microsoft ISA Server 2006
Microsoft Internet Security and Acceleration (ISA) Server 2006 is a secure web gateway closely integrated with Windows Server 2003. As with ISA Server 2004, ISA Server 2006 combines an application-layer firewall with virtual private networking (VPN), proxy, and Web-caching capabilities. Features of ISA Server 2006 that make it the platform of choice for solving main office and branch office security concerns include:
Integrated intrusion detection system and intrusion prevention system
Web proxy access controls
Web proxy Web application inspection filters
Comprehensive logging and reporting
Progent's Microsoft-certified engineers can help you maintain and troubleshoot your ISA Server 2006 environment, optimize your security and compliance profile, or plan and carry out a smooth upgrade to Microsoft's next-generation web security platform, Forefront Threat Management Gateway.
Microsoft ISA Server 2006 and Secure Application Publishing
Secure Application Publishing with ISA Server 2006 allows greater control over intranet resources while enabling increased productivity by making these resources available to authorized remote users. ISA Server 2006 helps protect corporate applications, services, and data across all network layers with stateful packet inspection, application-layer filtering, and comprehensive publishing tools. A major advantage of ISA Server 2006 is its tight integration with other key business applications and services such as Microsoft Exchange Server, Microsoft SharePoint Portal Server, Active Directory, and Terminal Services.
Intelligent Application Gateway (IAG) 2007
Microsoft's Intelligent Application Gateway (IAG) 2007 is a high-performance application access and security system integrated with ISA Server 2006. IAG 2007 provides SSL VPN, a Web application firewall, and endpoint security management that enable access control, authorization, and content inspection for a variety of line-of-business applications. These technologies provide mobile and remote workers with easy and flexible secure access from a broad range of devices including PCs and smartphones. IAG also enables IT administrators to enforce compliance with application and information usage guidelines through a customized remote access policy based on device, user, application or other criteria.
Secure Server Publishing
Businesses typically need to make web servers, email servers, and e-commerce applications available to authorized external users and customers without compromising the protection of those resources against a variety of threats. Traditional firewalls can be difficult to configure for these purposes, leading to preventable security gaps. Microsoft estimates that 95% of application layer breaches result from improper configurations. ISA Server 2006 can impersonate internal servers through a reverse proxy process known as publishing to add a layer of security at the network edge.
Web Server Publishing with ISA Server 2006 is more secure and flexible than traditional web publishing. Because ISA Server 2006 inspects HTTP content before it reaches the web servers, it provides one element of a defense-in-depth strategy. It can also be used as a central location to block access to dangerous or objectionable web sites, which is easier than configuring each web server individually. ISA Server 2006 processes only approved URLs and filters any unauthorized or invalid HTTP syntax. It can also block based on signatures in the HTTP request or response. ISA Server 2006 builds upon the functionality of ISA Server 2004 to enable and optimize secure web publishing scenarios, including Windows SharePoint Services publishing, Microsoft Outlook Web Access (OWA) publishing, publishing of multiple Web sites, and publishing of Web server farms.
Windows SharePoint Services are a popular solution for companies to enable internal collaboration. The SharePoint Publishing Wizard introduced in ISA Server 2006 makes it easy to provide that same collaborative functionality to external audiences including remote workers and business partners. With this wizard, publishing multiple sites simultaneously is quick, easy and secure, with link translation implemented automatically so that remote clients can resolve the addresses of internal server pages with externally accessible pages. The Microsoft SharePoint Portal Server Application Optimizer included with IAG 2007 delivers out-of-the-box capabilities to extend extranet access to SharePoint from any Internet-enabled device. The SharePoint Application Optimizer provides the ability to:
Ensure controlled access for unmanaged endpoints to SharePoint, enabling broader access that incorporates partners and customers
Delivers full Microsoft Office compatibility without the need to download network tunneling components
Integrate third-party, legacy or client/server applications into SharePoint Portal Server
Microsoft Exchange Server Publishing is provided with added security in ISA Server 2006. This includes support for Microsoft Outlook Mobile Access and Microsoft Exchange ActiveSync for PocketPC. Exchange Server publishing allows administrators to provide secure access to internal Exchange servers. The New Mail Server Publishing Rule Wizard makes it easy for administrators to publish email servers using RPC, IMAP, POP3, and SMTP for client access. It also permits server-to-server communications using SMTP and Network News Transfer Protocol (NNTP). ISA Server 2006 allows remote users to connect to Exchange using the fully functional Outlook MAPI client over the Internet. The Outlook client may be configured to use secure RPC so the connection is encrypted and the ISA Server 2006 firewall can be configured to require encrypted communications from the full Outlook MAPI client. The Exchange Server Application Optimizer included with IAG 2007 enables a seamless user experience through support for Windows-based login scripts and Single Sign-on, removing the need for multiple authentication requests.
Outlook Web Access (OWA) is integrated into ISA Server 2006. A new publishing wizard makes it easy to allow secure remote access to Outlook Web Access Web sites. You can easily publish Exchange through traditional protocols, Web client access (including Outlook Web Access, Outlook Mobile Access, and Exchange ActiveSync), or server-to-server communication. When publishing Outlook Web Access, you can choose to include any combination of popular methods including Outlook Web Access, Outlook RPC over HTTP, Outlook Mobile Access, and Exchange ActiveSync. You also have the option of publishing a single server or a server farm.
The Application Optimizer for Microsoft Dynamics CRM 3.0 included with IAG 2007 helps provide secure publishing of the CRM Web portal, with customized policies that handle CRM-specific user actions, security, and information protection. The Microsoft Dynamics Application Optimizer includes:
Upload/Download URL controls
Restricted Zones – Block Access to Settings area
Policy-based access control with Microsoft CRM 3.0 Enhanced Security
How Progent's Consultants Can Help You with ISA Server 2006
Progent's Microsoft-qualified ISA 2006 consultants can help you manage, optimize, and support your ISA Server 2006 deployment so that your business achieves a smart and affordable combination of security, convenience, and performance. Progent can also help you plan and carry out a cost-effective Forefront TMG 2010 migration when you are ready to move up to what Microsoft calls the next generation of ISA 2006. Progent's CISM and CISSP certified security consultants can help you develop a comprehensive security strategy that integrates key platforms including Exchange Server 2010 for secure messaging and Microsoft Operations Manager for server monitoring and alerts as well as automatic remediation. Progent's team of Cisco CCIE network engineers can deliver world-class consulting in designing and troubleshooting an advanced security infrastructure that utilizes Cisco routers and switches.
If you want help with planning, maintaining or troubleshooting ISA Server 2006, call 800-993-9400 or contact firstname.lastname@example.org