With the development and continuous progress of network technology, while providing us with convenience, the threats from the network are also increasing. As the first barrier between internal network and external public network, firewall is the first network security product that people attach importance to. However, the traditional firewall is located in the network layer and transport layer of network security, and its weakness is also obvious: it can only decide whether to allow packets to pass according to the source address, destination address, port number and protocol type of packet header, so it can not fully meet various security requirements. However, with the overall development of network security technology and the constant changes of network applications, modern firewall technology gradually moves to other security levels outside the network layer, which not only completes the filtering task of traditional firewalls, but also provides corresponding security services for various network applications. Microsoft Internet Security and Acceleration (ISA) server is such a new firewall product.
ISA Server is an advanced application layer firewall, VPN and Web cache solution, which can help customers easily maximize network security and performance on the basis of existing IT architecture. ISA server has the following advantages.
First, easily integrate existing IT resources to maximize performance and security.
As a member of Microsoft Windows Server system, ISA Server can be easily integrated with other Microsoft server products.
At present, most enterprises can access the internal application server when employees are not in the office by configuring VPN dial-in on the firewall. This practice has great shortcomings and defects. First of all, the firewall administrator needs to open a verification account on the firewall for each employee who uses VPN to dial in, and set up VPN correctly on each employee's client.
Second, when these applications are accessed directly from the Internet, the attack code may be hidden in a Secure Sockets Layer (SSL) connection.
Third, when employees are in remote locations, they may be behind a firewall, which will prevent clients from accessing VPN connections.
Using ISA server can solve the above problems well.
ISA server supports LDAP authentication and can work in workgroup mode, so it is no longer necessary to open all necessary ports for AD directory service communication, just open the global directory port of LDAP or domain controller. When a user requests authentication, ISA Server will authenticate directly, and only the request sent by the authenticated user will be forwarded to the intranet.
ISA Server has built-in several application publishing rule wizards to help users publish OWA, RPC over HTTP and shared site simply and quickly, and realize single sign-on (SSO). ISA server also has good scalability. As a software firewall, ISA Server can be installed on Windows 2000 Server(SP4) and Windows Server 2003, and users can use the free ISA Server SDK tool to extend application layer filtering and access control.
Second, application layer filtering.
ISA server provides a large number of application-layer filters. These filters can protect ISA Server from the weaknesses and vulnerabilities of specific application-layer protocols and services.
Third, VPN support.
ISA server supports the following VPN protocols: PPTP, L2TP/IPSec. ISA server supports VPN client access and site-to-site VPN connection.
The VPN client access mode allows a single computer configured as a VPN client to connect to ISA and access the resources of the enterprise intranet. VPN clients can use PPTP and L2TP/IPSec2 protocols. At the same time, ISA Server also supports many advanced authentication mechanisms such as SecureID, RADIUS, EAP/TLS.
Compared with other firewalls, the VPN of ISA Server has great advantages. Unlike many manufacturers' firewalls, they allow VPN clients full access to the enterprise's internal network, and ISA Server can establish a firewall access control policy for each user's VPN connection. When a user establishes a VPN connection with ISA server, he can only access the network resources that he has access to, and other resources will be unavailable.
Another advantage of ISA Server compared with other firewalls is VPN exclusion zone. The VPN isolation function will check in advance before allowing clients to access the enterprise network, and only when VPN clients must meet the preset requirements can they access the enterprise internal network.
Fourth, Cache cache.
In addition to firewall and VPN functions, ISA Server can also act as a Web proxy server. It can be used as a cache server for internal and external access.
When a user in ISA server's internal network visits a Website on the Internet, the content of the website requested by the user will be stored in ISA's web cache. When the next user requests to access the same content, the related content will be read directly from the cache of ISA server without visiting the website again. This can reduce the number of Internet connections and the use of network bandwidth. At the same time, for users, it can also improve the access speed and improve the satisfaction and efficiency of employees.
When users on the Internet visit websites published by ISA server publishing rules, ISA server will visit internal websites instead of Internet users, and then deliver the requested content to Internet users, and ISA server will also store the requested content in its own cache. When another user requests the same site content, he will read the content directly from the cache of ISA server. This function of ISA Server can not only reduce the internal network traffic, but also ensure that the website is always online. When the Web server is offline due to routine maintenance, hardware or software failure, ISA Server's reverse caching function will enable it to play a good role as a Web server, because the content of the website has been stored on ISA Server and will be provided by ISA Server, thus avoiding the negative impact caused by users' inability to access the website.
Fifth, log report.
ISA server provides detailed log reports. Users can set the report generation cycle (days, weeks, months, years) as needed, and can send the report to the administrator in the form of e-mail. The report includes five aspects: summary, Web usage, application usage, communication and usage, and security. Each aspect is divided into different subcategories and presented in the form of charts or data tables. Let the administrator know at a glance.
Having said so many advantages of ISA firewall, let's talk about its disadvantages:
Isa is just a software application system built on win platform, and its efficiency is definitely much lower. Although the configuration of Isa server may be much higher than the hardware, its working ability is definitely not as good as the former. Isa just added a pc with some firewall functions, integrated many things together and named it "Easy Management", and all the functions were hidden. No one knows how he realized the specific function, and the flexibility of strategy formulation is not enough. There is a flaw in the pc architecture itself, which is one of the breakthroughs of the attack. Hard fire protection at least doesn't need to consider compatibility and plug-and-play issues like pc, which is safer. In addition, in terms of software, the hardware and software of hard fire prevention are designed together, which is much more efficient.