- Understanding the Need for ISA Server 2006
- Detailing the Additional Advantages of ISA Server
- Understanding the History of ISA Server 2006
- Exploring ISA Server 2006's New Features
- Detailing Deployment Strategies with ISA Server 2006
- Augmenting an Existing Security Environment with ISA Server 2006
- Administering and Maintaining an ISA Server 2006 Environment
- Using ISA Server 2006 to Secure Applications
- Summary
- Best Practices
This chapter is from the book
This chapter is from the book
This chapter is from the book
Understanding the History of ISA Server 2006
Although ISA Server has only recently begun to gain wide industry acceptance, it actually has a long history relative to other computer products. The original version of this product, Proxy Server 1.x/2.x, was geared more toward web caching and proxy capabilities, but newer versions, namely ISA Server 2000, ISA Server 2004, and the newest version, ISA Server 2006, have stressed and focused on the security aspects of the product, improving them and adding functionality. To better understand where ISA Server is today, it is important to get a better understanding of how it got where it is.
Outlining Initial Microsoft Security Solutions
In the early days of networking, before the wide acceptance of the Internet, the focus of security was more directed toward making sure that files and folders on a network were kept safe from prying eyes. Communications between computers were deliberately built to be open and extensible, to facilitate the transfer of information between the devices on the network. As networking evolved, these networks became more and more interconnected, often to other networks that could not be trusted, such as the Internet in general. To protect computers from access via these outside networks, devices known as firewalls were placed between the untrusted and trusted networks to block access from the former to the latter.
While this was occurring, Microsoft products were changing and evolving to match the computing needs of the time, and focus was placed on making Microsoft products embrace the Internet. Focus was put on the need to provide enhanced access for clients to the Internet. As a direct result of this, the development of a product to provide web proxy capabilities to Microsoft clients took shape.
Exploring a New Product—Proxy Server
In 1996, the Internet browser wars between the Netscape Navigator product and Microsoft's Internet Explorer were in full swing, and Microsoft was constantly looking for ways to improve the capabilities of Internet Explorer. Netscape had begun to sell a web proxy product, which optimized Internet web browsing by caching the images and text from web pages to local servers, enabling clients to access them quickly. At this time, connections to the Internet were much more expensive, relatively speaking, and the need to take full advantage of the bandwidth provided to an organization created the need for products to optimize these connections.
In direct response to these needs, Microsoft released the first version (1.0) of Proxy Server, a new product to provide web proxy capabilities for clients. The capabilities of version 1.0 of the product were significantly less than those of Netscape or other proxy products available at this time, however, and industry support for the product was lacking.
Following closely on the release of version 1.0 was version 2.0, which equalized many of the disparities between Microsoft's Proxy Server product and the competitors. Proxy Server 2.0 introduced the capability to create arrays of servers for redundancy and provided support for HTTP 1.1 and FTP. In addition, the capability to "reverse proxy" was added, protecting internal web servers by acting as a bastion host, or first layer of defense for untrusted traffic. The release of this version of the product was much more successful, and the Proxy Server product celebrated much wider industry acceptance as a web-caching and reverse-proxy product.
Unleashing a New Model: The Internet Security and Acceleration Server 2000
Although Proxy Server 2.0 provided for a wide array of security features, it did not enjoy broad industry acceptance as a security device for one reason or another. Microsoft wanted to focus more attention on the product's security capabilities, so it added more to the 3.0 version, and rebranded it as the Internet Security and Acceleration (ISA) Server 2000. This rebranding directed attention to its security capabilities, while still giving a nod to the web acceleration component, the caching capabilities.
ISA Server 2000 introduced an impressive new array of features, nearly all of which focused on turning it into a full-functioned security device. This version of the product was the first that marketed it as a firewall by and of itself. It was this claim that was greeted with skepticism by the security community, given the somewhat shaky track record that Microsoft products had at that time.
The politics of the security community being what they were, ISA Server 2000 faced an uphill battle for acceptance. In addition, deficiencies such as the lack of multi-network support, confusing firewall rules, and a haphazard interface limited the large-scale deployment of ISA 2000.
Unveiling the Next Generation: ISA Server 2004
While ISA Server 2000 was slowly gaining ground, the ISA Server team started work on the next version, code-named Stingray. The result of this project was the product released as the Internet Security and Acceleration Server 2004. This version of ISA was vastly improved over the previous versions of the product, and it quickly became noticed in the wider security community. In addition to fine-tuning and honing the capabilities it inherited from ISA Server 2000, ISA Server 2004 introduced a wide variety of new and improved security features that further extended its capabilities.
ISA Server 2004 was originally released with only a standard edition of the product. The Enterprise edition debuted the following year, expanding upon ISA's capabilities even further. Finally, predating the release of ISA Server 2006, Service Pack 2 for ISA Server 2004 added many of the same pieces of functionality recently included in ISA Server 2006, such as HTTP compression support, DiffServ, and other enhancements.
Expanding on ISA Server 2004's Success with ISA Server 2006
Microsoft released the next interim build of ISA Server 2004 as a new generation and relabeled it as ISA Server 2006. This version is similar in many ways to ISA Server 2004, with specific enhancements made to several key areas. In a way, it really can be thought of as ISA Server 2004 Service Pack 3, but instead it has been relabeled. The learning curve between ISA 2004 and ISA 2006 is not steep, however, and administrators familiar with ISA 2004 will immediately be familiar with the 2006 model. That said, the evolution of the ISA Server 2006 product to the spot that it inhabits today is impressive.
What's extremely important to note about ISA Server 2006 is that it is one of the first security products released by Microsoft that has really been taken seriously by the broader Internet Security community. ISA Server 2006 is a full-fledged Internet firewall, with Virtual Private Network (VPN) and web-caching capabilities to boot. The debate between pro-Microsoft and anti-Microsoft forces is far from over, but politics aside, the product that has been released is an impressive one.