Microsoft Internet Security and Acceleration

Proudly donning its new security hat, Microsoft has launched the latest version of Internet Security and Acceleration (ISA). The product comes with a built in web cache and firewall, although both don't have to be installed.

The software runs on Windows 2000, which should immediately ring some alarm bells. We were slightly concerned when the installation detected our installed version of IIS and simply changed the default ports of the web service.

If you are going to install a firewall on a machine then we'd suggest disabling and removing all unnecessary components, such as web servers.

In fact the only security steps that the software appeared to take was checking to see if SP1 is installed. If it isn't the installer drops back to the desktop.After installation the software doesn't require a reboot and jumps into the configuration wizard. This creates default cache sizes and the IP address pool of local users.

From this point management takes place through a plug-in to the Microsoft Management Console (MMC). This gives the standard tree-structure of components, which is both familiar and easy to use.

The first port of call should really be the policy elements. These are the building blocks of firewall rules and include client and destination addresses, schedules, and protocol definitions. Once built it's just a matter of dropping the elements into the specific rule.

Unfortunately, this is where things are not quite as good. ISA has three different rule sets: site and content, protocol, and IP filtering. Site and content is used to restrict access to web content on remote servers. Protocol filters specify which protocols can be used to access the internet. At a cursory glance it would appear that these rules only apply to outgoing traffic. Delving deeper, rules can in fact be set to work on traffic arriving at internal clients, but you really have to look for the option. Only IP packet filtering makes the choice more obvious.

The VPN functions are likely to be more useful. They are quick to setup and Windows 2000 clients come with IPSec as default making rapid delpoyment of VPN technologies a reality.

The caching options are significantly better and easier to use. One dialogue box is used to configure the size and location of the cache, while a second is used to define the cache settings.

The main problem that we have with this software is that it sits on top of Windows 2000. This is not a security-hardended OS in it's default state, which will detract from the product's effectiveness.

Comment on this article

Product Details

Pros Cache easy to manage; Quick to build new rules
Cons Geared towards outbound traffic; firewall runs on Windows
Price £1,343
Contact Microsoft 0870 6010100
www.microsoft.com

See also:

VPNs

As a cheap alternative to leased lines, virtual private networks that use the web to offer secure remote access to a company's network can no longer be ignored.  15 Oct 2002

Preventon Personal Firewall 2.1

Easy to install firewall for the first-time user.  13 Jun 2002

McAfee Firewall 3.0.1

Personal firewall utility with some good features.  26 Apr 2002

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!