New Features in ISA Server 2004

In today's highly connected and highly insecure Internet world, a firewall is every bit as important as routers, hubs, and switches. Although you don't need a firewall to connect your organization to the Internet, if you don't have one, you in effect hang a "Hack Me" sign on your network. To coincide with its push to improve security, Microsoft has come out with a new version of its firewall product, Microsoft Internet Security and Acceleration (ISA) Server, released in mid-July 2004. Here are 10 of ISA Server 2004's most important new features.

10. Improved firewall management console—ISA Server 2004 replaces the old Microsoft Management Console (MMC) snap-in with a completely updated management console. The new console is easier to use and includes a Getting Started Wizard.

9. Network templates—ISA Server 2004 includes five network templates that let you easily configure a demilitarized zone (DMZ) and VPNs as well as common network topologies, routing relationships, and firewall policies for traffic between internal and external networks.

8. Visual policy editor—ISA Server 2004 provides a visual policy editor that makes it easier to create firewall security policies and avoid configuration errors that can lead to security exposures.

7. Integrated RADIUS authentication—New support for RADIUS authentication and accounting lets ISA Server 2004 authenticate incoming VPN connections by using Microsoft's Internet Authentication Service (IAS, which ships with Windows Server 2003) or a third-party RADIUS implementation.

6. Cache rules—ISA Server 2004 is primarily a firewall. However, ISA does stand for Internet Security and Acceleration, and like earlier ISA Server releases, ISA Server 2004 caches content for faster client access. New cache rules let you specify the content that's cached and how it can be accessed as well as how long the content lives in the cache.

5. Support for multiple network topologies—One big architectural change in ISA Server 2004 is support for multiple network topologies. In contrast to ISA Server 2000, which supports one external network and one internal network in addition to a DMZ, ISA Server 2004 supports multiple internal and external networks.

4. Per-network security policies—Closely related to support for multiple networks is support for multiple security policies for each network. ISA Server 2004's network rules let you specify whether connections are allowed between networks and, if so, the types of connections that are permitted. You can apply these security policies to limit the capabilities of both internal and external connections.

3. IPSec tunnel mode for VPN access—New support for IP Security (IPSec) VPN connections lets ISA Server 2004 provide VPN access through PPTP, Layer Two Tunneling Protocol (L2TP), or IPSec, which provides the best interoperability with third-party VPN vendors.

2. Configuration import and export—ISA Server 2004 lets you import and export the server's configuration settings via an XML file. You can choose to save either the server's entire configuration or only selected portions of the configuration settings. You must associate a password with the saved configuration file, and the user who imports the configuration settings must supply the password.

1. Improved application-layer filtering—Always one of ISA Server's strengths, application-layer filtering is becoming more important as Web services and other applications channel increasing amounts of traffic over port 80. Application-layer filtering lets the firewall inspect incoming traffic at a deeper level than just the TCP/UDP level. ISA Server 2004 can filter layers 1 through 4 and can control access for virtually all protocols, including IP-level protocols.