I take a snip here, make a snide remark there, even endure a cheap shot every so often, but for the most part, nothing happens. Microsoft and security are two things that simply don’t want to mix. Such is the life of the Microsoft pundit. But just when I’m ready to start writing about Gameboys, I get a chance to check out something new.
A buddy installed Internet Security and Acceleration (ISA) Server 2004 at one of his sites. Knowing that I was nigh upon a depressive episode due to Redmond’s rank security reputation, he invited me over to grope and fondle the thing for a while, luring me there with a series of comments on how pleasantly surprised he was. OK. I’m a practical man, and ISA has never been what I’d call a practical firewall, but what the heck. Worst case, he’s buying beers afterward.
Well, worst case it wasn’t, which is a pleasant surprise all by itself. I wasn’t around for the install, but the bud said it went smoothly. What got me were the new configuration screens. Administering firewall rules is right up there with tax preparation on my list of favorite things to do, but once again, Microsoft does what it seems to do best: Concentrate on the user interface.
There’s a set of configuration wizards that are so simple, it’s almost comical. Choose your basic network topology from a drop-down list, fill in the appropriate addressing information, and then you can open a really slick and highly visual rules editor that lets you very quickly define even complex rules based on specific users, groups, traffic types, or destination addresses among other variables. InfoWorld’s had me looking at a whole bunch of firewalls this past year, and I’ve got to give credit where credit is due: This is one of the easiest and slickest firewall configuration wizards I’ve ever seen.
For remote offices, there’s even a VPN wizard that lets remote users configure their own VPN connections as long as they have just a little basic information first. That’s a big load off the central IT staff when it comes to VPN configuration, although woe unto you if some of that basic information gets out into the wild.
SharePoint Portal and Exchange are still fully supported, including their Web-based access modules. Nothing really new here, other than configuration is a mite simpler. Active Directory is still ISA’s preferred AAA source server, but the software does include hooks to outside RADIUS servers should something like Funk Steel-Belted RADIUS be more to your liking.
And for those that don’t know what the “Acceleration” stands for, Redmond has actually placed some functionality in ISA that makes the inclusion of the word apt: The company has sped up ISA's payload inspection, which enables the solution to peek into a payload and decide whether the content is genuine. The capability is still limited, although it's more than what the average firewall offers. Lots of others will turn a blind eye to things like encrypted packets as long as they pass a header inspection.