- Chapter 3: ISA Security Concepts Part I
- Running the Security Wizard
- ISA Server Rules
- VPN Support
- Setting Up a Local ISA VPN Server
- Comparison of Existing Security Solutions
- DMZ Overview
- Summary
Comparison of Existing Security Solutions
The main purpose of a firewall is to isolate your network from external threats, just like a firewall in a house prevents fire from spreading through the rest of the house. In order to implement a solution that protects a network from Internet attacks, there are a number of methods that are currently in use. Some of these solutions include implementation of a Proxy server, NAT server, bastion host, a firewall, a demilitarized zone, and so on. Some of these solutions are meant for a small office or home network (such as a NAT server); others are used in large enterprises (such as firewalls).
Both Proxy and NAT servers more or less have similar capabilities. They translate clients' requests so that the external hosts see the requests coming from only one IP addressthe server's IP address. You can even run message and Web servers inside your Proxy or NAT server. To the outside world, it looks like they are directly communicating with these servers, although in reality the server is acting as an intermediary.
NOTE
For more details on Proxy Server 2.0, check out my article "Proxy Server 2.0" at http://www.win2000mag.com/Articles/Print.cfm?Action=Print&ArticleID=3848. For more information on NAT Server, check out "Windows 2000's Network Address Translation" at http://www.win2000mag.com/Articles/Print.cfm?Action=Print&ArticleID=7882. The article also compares Proxy server to NAT server.
A bastion host is a single computer that isolates the internal network from the Internet. With a single point of defense against outside intruders, if a bastion host is not secured properly, you run the risk of compromising resources on your internal network. A lot of people that connect to the Internet using Digital Subscriber Lines (DSL) or cable modems use this type of configuration. A bastion host configuration is similar to a Proxy or a NAT server configuration.
All of these solutions offer some type of firewall functionality. To enhance security, organizations that require a higher level of protection implement various types of demilitarized zones (DMZs).
Let's look at how you can use DMZs to protect your network.