Microsoft ISA can be the basis of specialised security apps
What is it?
Despite the name, Internet Security and Acceleration (ISA) Server is not exactly a server, but part of the Microsoft network infrastructure. It is best regarded as a firewall with additional management for resilience (through failover) and performance (through caching).
Without this extra functionality ISA would find it difficult to break into the well-established firewall market. Microsoft itself stresses that ISA can be used as an additional layer within an existing security set-up.
ISA could provide a way for people from a Microsoft background to break into the lucrative internet security skills market. Skill combinations currently being sought include ISA with Internet Information Services, ISA with Exchange and ISA with SQL Server.
Where did it originate?
Its distant ancestor is Microsoft's Proxy Server, introduced with NT 4.0.
What is it for?
Microsoft describes ISA as an "advanced stateful packet and application-layer inspection firewall, virtual private network, and web cache solution" aimed at enterprise networks that require multiple firewall arrays in disparate locations. It is intended to provide secure e-mail and intranet services for mobile or remote users who need access to corporate resources on servers running Internet Information Services.
Business partners can be given access to corporate resources using VPN connections, and policies can be set up that give access to some data and applications while blocking others. Administrators can join disparate networks together using the ISA VPN gateway. ISA can manage dispersed networks centrally, reducing the need for IT staff at branch offices.
Administrators set up rules about who can access different sites and content, what kinds of packet the ISA server will accept, and what services have priority when bandwidth use is high.
What makes it special?
ISA provides failover by automatically moving connections away from failed firewall array members, and includes a load-balancing algorithm to distribute connections across the array.
ISA can be used as the basis of more specialised security products. Sadly however, as Microsoft was announcing these third-party capabilities at the TechEd developers conference in May 2004, a successful defacement attack hit the Microsoft UK website.
How difficult is it to master?
You will need to be familiar with Active Directory and take Microsoft's five-day Implementing ISA course. You will also need to have attended the Fundamentals of Network Security and Managing and Maintaining a Microsoft Windows Server 2003 Environment courses, or be able to demonstrate equivalent knowledge.
Administration of ISA has been simplified by the addition of a visual policy editor, automated firewall policy wizards, troubleshooting tools. Firewall and web caching services are installed automatically.
Where is it used?
Microsoft is still a minnow in a firewall market dominated by established suppliers such as Checkpoint and ISS.
What systems does it run on?
Windows 2000 Server and above, with a full implementation of Active Directory. In theory, ISA and IIS can run on the same machine, but Microsoft does not recommend this.
What is coming up?
Analyst firm IDC has identified a new category of security appliances, called unified threat management (UTM), incorporating firewall, intrusion detection and prevention, and gateway anti-virus. The market share of firewall/VPNs is falling.
Training for ISA can be obtained from Microsoft and its partners.
Rates of pay
Network administrators, Exchange, Active Directory and Internet Information Services practitioners can boost their earnings by adding ISA to their portfolios. But the big money in internet security requires knowledge of products from the likes of Checkpoint and ISS.
This was first published in July 2005