Messaging is one of the most critical
Chapter 14. Securing Web (HTTP) Traffic
IN THIS CHAPTER
Although ISA Server 2004 is designed to handle any type of network traffic, it does particularly well in the filtering and securing of the Hypertext Transport Protocol (HTTP), the most common protocol used on the Internet and the transport mechanism for delivering website information, pictures, and video across the Internet.
ISA Server 2004's Application layer filtering technologies enable organizations to properly secure their outward-
In addition to providing for secure web filtering options as an edge firewall, ISA Server 2004 also provides for robust reverse proxy options in the DMZ of an existing firewall, allowing for additional
This chapter focuses on ISA Server 2004's HTTP securing capabilities. ISA deployment scenarios as an edge firewall and a
Outlining the Inherent Threat in Web Traffic
The Internet provides somewhat of a catch-22 when it comes to its goal and purpose. On one hand, the Internet is designed to allow
Often, this inherent risk of
Fortunately, ISA Server 2004 provides for robust and capable tools to secure web traffic, making it available for remote access but also securing it against attack and exploit. To understand how it does this, it is first necessary to examine how web traffic can be exploited.
Understanding Web (HTTP) Exploits
It is an understatement to say that the computing world was not adequately prepared for the release of the Code Red virus. The Microsoft Internet Information Services (IIS) exploit that Code Red took advantage of was already known, and a patch was made available from Microsoft for several weeks before the release of the virus. In those days, however, less emphasis was placed on patching and updating systems on a regular basis, as it was
This exploit in particular attempts to launch the command prompt on a web server. Through the proper manipulation, viruses such as Code Red found the method for taking over web servers and using them as drones to attack other web servers.
These types of HTTP attacks were a
HTTP filtering and securing, fortunately, is something that ISA Server does extremely well, and it offers a large number of customization options that enable administrators to have control over the web server's traffic and security.
Securing Encrypted (Secure Sockets Layer) Web Traffic
As the World Wide Web was maturing, organizations realized that if they encrypted the HTTP packets that were transmitted between a website and a client, it would make them virtually unreadable to
Of course, encrypted packets also create somewhat of a dilemma from an intrusion detection and analysis perspective because it is
ISA Server 2004 is uniquely positioned to solve this problem, fortunately, because it includes the capability to perform end-to-end SSL bridging. Because the SSL certificate from the web server is installed on the ISA Server itself, along with a copy of the private key, ISA can decrypt the traffic, scan it for exploits, and then re-encrypt it before sending it to the web server. Very few products on the