Microsoft releases ‘plug-and-play’ net security device

It’s designed to run “right out of the box” without complicated installations, according to the man responsible for the product – Jonathan Perera, senior director at Microsoft’s security technology unit. What he’s talking about is Microsoft’s Internet Security and Acceleration Server appliance, the conjoining of the Microsoft service with hardware from its partners such as HP, Network Engines, Celestix Networks and Avantis.

ISA is designed to, supposedly, give you a “plug-and-play” network security device on the order of CheckPoint’s Safe@Office or SonicWall’s family of security appliances. The new Microsoft-based appliance is supposed to be able to install in as little as 3 minutes with no configuration steps needed.

When was the last time you installed a Microsoft product and didn’t need to do some configuration? When was the last time you installed a Microsoft product that was secure by default? What other enterprise-class service or application from Microsoft are you aware of for which you would be willing to accept all of the default settings?

ISA server isn’t new, in itself. The first version was released almost four years ago as a service for Windows 2000 server (https://www.microsoft.com/isaserver/evaluation/default.asp). The new version, besides being available as a drop-in appliance, also adds some new features, including:

* A new, simplified user interface.

* Support for multiple networks.

* VPN quarantine capabilities.

* The ability to create custom firewall-user groups.

* Customized protocol definitions.

* Outlook Web Access Publishing Wizard.

* Port redirection for server publishing rules.

* Path mapping for Web publishing rules.

* RADIUS support for Web proxy client authentication.

* Delegation of basic authentication.

* SecureID authentication.

* Firewall-generated forms (forms-based authentication).

Improvements are claimed for a number of existing services, including:

* VPN support.

* More extensive protocol support.

* Support for FTP upload/download policy.

* Web publishing.

* Cache rules for centralized object storage.

* SMTP Message Screener.

* HTTP filtering.

* Monitoring and reporting.

Now I generally liked ISA Server 2000 (see https://www.nwfusion.com/newsletters/nt/2000/1009nt2.html), and I’m pretty sure I’ll like ISA Server 2004 even more. Microsoft is much more concerned with security today than it was four years ago, for one think. Even a quick glance at the “new and improved” features shows much more emphasis on security than on user-friendliness.

I do think this product could be very useful to you. The ability to acquire it as either a software-only service or a hardware and software “appliance” is a decided plus. You can download a beta version right now and try it out on your test network (https://www.microsoft.com/isaserver/beta/download.asp) before making a commitment to either the service or the appliance. Just don’t believe that you can install and configure it in 3 minutes or less. This is the protection of your enterprise network we’re talking about, spend as much time as is necessary because in security there are very few “do overs.”