Without a log of what is happening on an ISA Server, ISA's functionality is a real "black box," with no way to understand what is happening with the traffic, what type of errors may be occurring, or whether the server is overwhelmed or underpowered. It therefore becomes important to understand what types of tools and capabilities ISA possesses to enable the configuration to be modified as necessary and to help administrators adapt to evolving threats.
Logging for Governmental and Corporate Compliance
In addition to the troubleshooting capabilities inherent in the monitoring options in ISA Server 2004, logging access to protected resources can also help to establish an audit trail of who accessed which resources. Putting controls in place to secure and control access to network resources is also a central aspect of many governmental compliance rules that have come into the spotlight recently, such as Sarbanes Oxley and HIPAA.
ISA provides for accurate, manageable, and auditable logging, which enables organizations to create custom reports on specific types of network activities, in response to specific threats or as a result of requested audits. This type of functionality makes it ideally suited for modern business, which requires a strict record of activities.
Taking a Proactive Approach to Intrusion Attempts
In today's risky computing atmosphere, caution simply cannot be thrown to the wind. Organizations that aren't proactive in monitoring intrusion attempts, looking for activities such as port scans, authentication failures, and outright service-level attacks. If these types of activities are not proactively monitored and dealt with, they can turn into serious security issues. Fortunately, ISA Server 2004 allows for automatic detection of many forms of intrusion attempts, providing greater peace of mind.