ActiveXperts Network Monitor 2015 proactively manages network servers, devices, databases and more.

Windows Server Products - ISA Server

[By: Alex Robertson]

A function that is usually combined with a firewall is a proxy server. The proxy server is used to access web pages for other computers. When a computer requests a web page, it is retrieved by the proxy server and then forwarded to the requesting computer. The remote computer hosting the web page is never in direct contact with the requesting computer, only with the proxy server.

Proxy servers can make your Internet access work more efficiently. If you access a page on a Web site, it is cached on the proxy server. This means that the next time you go back to that page, it normally doesn't have to load again from the Web site. Instead it loads instantaneously from the proxy server. Only drawback of a proxy server cache is that you need to flush the proxy cache from time to time to ensure up-to-date content.

In case you want remote users to have access to items on your network, you can create a DMZ (Demilitarized Zone). It's an area that is outside the firewall. If you have multiple computers, you can choose to place one of the computers between the Internet connection and the firewall. Most of the software firewalls available will allow you to designate a directory on the gateway computer as a DMZ.

Internet Security and Acceleration (ISA) Server is the successor to Proxy Server 2.0. ISA Server goes beyond a proxy server by providing an enterprise firewall and a high-performance Web cache server to meet the requirements of the most demanding Internet environments.

ISA Server redefines performance for Proxy Server customers with one of the fastest Web caching servers in the industry. The optimized caching technology and multiprocessor support in ISA Server provide the high-speed performance that enables you to save on bandwidth and make the most of your Internet access. In benchmark testing, the 2,083 requests per second filled by ISA Server eclipsed the 180 requests per second of Proxy Server 2.0 by more than a factor of 10.

Internet Access Control

ISA Server administrators can allow or deny access based on user profiles that can include:

  • Microsoft Windows users and groups. Windows users and groups control access based on user logon ID and group association. The integration of ISA Server with Windows authentication and Windows domains makes ISA Server ideal for network administrators. ISA Server can also apply policies based on a computer IP address and name.
  • Schedules. Schedules define access to Web sites and computers by time of day or day of the week.
  • Destinations. Create your own list of restricted IP addresses, URLs, and computers, or work with third-party partners for integrated Site Blocking Services.
  • Content. Control the type of content that enters your network by filtering audio, video, streaming media, ActiveX, Java applets, and more.
  • Bandwidth priorities. Integration with Windows 2000 Quality of Service (QoS) technology enables you to limit bandwidth based on user profiles, reserving the network for mission-critical priority traffic.
  • Publish servers easily. Server publishing rules take the pain out of making internal hosts—Microsoft Exchange, Microsoft Internet Information Services (IIS), FTP Servers, and so on—accessible to external clients. ISA Server eliminates the need to configure the destination server; instead you activate wizards to create server publishing or Web publishing rules.

Scaleable central management

ISA Server Enterprise Edition reduces the complexity of multiple server management with central server array management. ISA Server arrays make managing 200 servers as easy as managing two servers. Server configurations, access policies, rules, and users and groups can all be stored and managed at a single location in a single array. While each array can consist of multiple ISA Server computers, the administrator manages them as a single virtual ISA Server. You can also create enterprise policies and local array policies. This enables administrators to delegate out branch and departmental-level array control while enforcing enterprise-wide policies.

Certified enterprise firewall

ISA Server provides the firewall protection that enables you to secure your network with confidence. ISA Server can be deployed as a dedicated firewall that acts as the secure gateway to the Internet for internal clients. Administrators can help prevent unauthorized access and malicious content from entering the network, as well as restrict outbound traffic by user and group, application, destination, content type, and schedule. Key security features include:

  • Multi-layer firewall. Maximize security with packet-level, circuit-level, and application-level traffic screening.
  • Stateful inspection. Examine data crossing the firewall in the context of its protocol and state of the connection. Dynamic packet filtering opens ports only when necessary.
  • Integrated virtual private networking (VPN). Provide standards-based, secure remote access with the integrated IPSec VPN services of Windows 2000.
  • System hardening. Lock down Windows 2000 by setting the appropriate level of security, using pre-defined templates.
  • Integrated intrusion detection. Identify and respond to common network attacks such as port scanning, WinNuke, and Ping of Death.

Technical specifications

New or significantly improved features in ISA Server, compared with Proxy Server 2.0, include the following.

Secure Internet connectivity

  • Multi-layer firewall
  • Stateful inspection
  • Broad application support
  • High performance
  • Integrated virtual private networking
  • System hardening
  • Integrated intrusion detection
  • Smart application filters, including the simple mail transfer protocol (SMTP) e-mail filter
  • Transparency for all clients, secure network address translation (SecureNAT)
  • Advanced authentication
  • Pass-through authentication
  • Firewall client
  • Secure publishing
  • E-mail content screening
  • Inspection of Secure Sockets Layer (SSL) traffic
  • H.323 filter and Microsoft NetMeeting® Gatekeeper

Fast Web access

  • RAM caching
  • Optimized cache store
  • Symmetric multiprocessing (SMP) support
  • Distributed and hierarchical caching
  • Scheduled content download
  • Streaming media support
  • Programmable cache control
  • Independent Microsoft Windows® Service from Internet Information Services (IIS)

Unified management

  • Policy-based access control
  • Integration with Windows 2000
  • Integrated administration
  • Tiered policy (Enterprise Edition)
  • Graphical task pads
  • Wizards for common tasks
  • Customizable alerts
  • Detailed logging
  • Built-in reporting
  • Monitoring
  • Bandwidth priorities
  • Remote management

Extensible open platform

  • Broad vendor support
  • Comprehensive software development kit (SDK)
  • Web filters
  • Extensible component object model (COM) administration
  • Application filters
  • Extensible user interface
  • Extensible alerts
  • Extensible storage

MS Proxy, MS ISA Server's predecessor

Proxy Server 2.0 controls outbound and inbound traffic now includes packet filtering, alerting, inbound connectivity, and support for Virtual Private Networks (VPN). Packs server proxying, reverse proxying, reverse hosting, alerting and logging, dynamic packet filtering, multi-layer security and VPN support. Proxy Server 2.0 can serve as the sole firewall solution for many companies, it doesn't include all the features that high-end firewall packages provide.

Server proxying. Proxy Server 2.0 monitors and forwards incoming packets to the appropriate server. You can configure Proxy Server 2.0 to use Simple Mail Transfer Protocol (SMTP) to direct incoming mail packets to your mail server. Setting up server proxying can amount to a lot of work. You must configure static packet filters and set up authentication.

Reverse proxying. Proxy Server 2.0 impersonates the Web server when dealing with inbound traffic. Proxy Server responds to Internet requests and forwards them to the Internet Information Server (IIS) or another Web server. Internet users are unaware that Proxy Server 2.0, not IIS, is passing and monitoring their requests.

Reverse hosting. Reverse hosting lets the Web servers behind Proxy Server 2.0 publish to the Web. Proxy Server 2.0 listens and responds to requests on the Web servers' behalf. Reverse hosting lets you publish to the Web without compromising security.

Alerting and logging. You can configure Proxy Server 2.0 to immediately alert you to suspicious activities (such as protocol violations) and certain attacks on your network. You can configure Proxy Server 2.0 to alert you after the server rejects a specific number of packets and to notify you of alerting thresholds. When your system reaches the thresholds, Proxy Server can notify you by email or pager.

Proxy Server 2.0 records alert information (and other inbound and outbound traffic data) in the System Log. Proxy Server 2.0 can log data to a text file, an Open Database Connectivity (ODBC) database or a SQL server database.

Microsoft's new Internet Security and Acceleration (ISA) Server. ISA is the new Proxy Server. ISA Server's caching capabilities are useful. Features such as an improved port redirection wizard that lets you perform port address translation, full firewall capabilities (the firewall handles an inside, outside and DMZ interface), lets you create real packet filters. ISA Server includes many predefined ports and you can create your own port definitions.