Chapter 23. Internet Security and Acceleration Server 2004 Basics | Microsoft Small Business Server 2003 Unleashed

IN THIS CHAPTER

New Features in ISA 2004
ISA Concepts

Internet Security and Acceleration Server 2004 (ISA) is an advanced firewall designed specifically with the protection of Microsoft products in mind. Exchange, Microsoft Office, Outlook Web Access, SharePoint, Internet Information Server, Routing and Remote Access, Active Directory, Outlook Mobile Access, Remote Web Workplace, and Outlook over the Internet (http over RDP) are all protected best by Microsoft's own firewall. Because of the unique position of having all these applications running on a single server, using the best firewall protection is imperative. Although you'll get some push back from "hardware" firewall aficionados, when the talk turns to protecting Active Directory, using Exchange RDP, and inspecting SSL and VPN tunnels, the "hardware is better" guys quickly fall silent, unless they've spent many thousands of dollars acquiring and properly configuring a high-end enterprise firewall. ISA allows the SBS administrator to protect the network using sophisticated inspection and detection technologies at a fraction of the cost and administrative effort.

ISA Firewall Appliances

Hardware firewalls are really just firewall appliances. Although new on the market and not reviewed in this book, ISA Server firewall appliances are now available. So if you'd like to run an ISA Server separate from your SBS server, an ISA Server appliance is an option. Operating on a prehardened, embedded Windows operating system, the ISA Server firewall appliances may look like "hardware" firewalls, but they offer the superior protection afforded only by ISA Server.

Note

Making sure that your SBS network is secure is an ongoing process, and it doesn't stop with ISA Server. No discussion on any security topic can be complete without a mention of keeping client PC operating systems and applications fully patched; spyware, adware, malware, and viruses off your network; and wireless networks secure.

By any measure ISA isn't an easy product to master. Just as other components of SBS, such as Exchange Server, warrant an investment in training on your part, so does ISA. Enterprise IT administrators spend their whole careers mastering Exchange or ISA. If you're an SBS admin, you're expected to know both and more, so it's best to admit right from the get go that you probably won't have all the information that you need at all times already in your skill set or stored in your brain for ready access. Fortunately, some excellent free resources are available for troubleshooting, configuring, and learning ISA 2004. (See the sidebar "Free Resources for ISA Learning.") Handy built-in templates and wizards also are available, which we'll point out along the way and show a few tweaks you may want to make. This chapter focuses on things in ISA specific to or at least significant in the default configuration of SBS.

Free Resources for ISA Learning

Microsoft Technet Virtual Lab

http://www.microsoft.com/technet/traincert/virtuallab/isa.mspx

Tools Repository

http://www.isatools.org/

Microsoft Newsgroups

http://www.microsoft.com/technet/community/newsgroups/server/isa.mspx

Technet

http://www.microsoft.com/technet/prodtechnol/isa/default.mspx

On-Demand Webcasts

http://www.microsoft.com/events/AdvSearch.mspx

SBS Specific Blog

http://isainsbs.blogspot.com

Microsoft Knowledgebase

http://support.microsoft.com/ph/2108