Newsletters   Subscriptions  Forums  Store  Media Kit  About Us  Contact  Search   Home 
two
Volume 1, Number 20 -- July 14, 2004

Microsoft Targets Network Security with ISA Server 2004 and NAP


by Alex Woodie


On the final day of its Worldwide Partner Conference 2004 in Toronto, Ontario, yesterday, Microsoft unveiled its Network Access Protection (NAP) roadmap to improve network security and interoperability with third-party antivirus and security products. The company also announced the general availability of Internet Security and Acceleration (ISA) Server 2004, its "next generation" firewall and VPN that works with Windows Server 2003, as well as a security appliance from Hewlett-Packard built on the ISA software.

Over the past two and a half years, Microsoft executives have placed a heavy emphasis on improving the security of Windows products, and have gotten mixed results. In his recent e-mail to employees, Microsoft CEO Steve Ballmer admitted that people still harbor doubts about the security of Microsoft products, and he reiterated the need for improved security (see "Microsoft CEO Steve Ballmer Says Company Needs to Refocus"). While the company's recent security shortcomings have materialized in Internet Explorer, its server products deserve a piece the security burden, too.

Microsoft claims it has "significantly" improved security with the new version of ISA Server, which provides firewall, virtual private networking (VPN), and Web caching capabilities and runs on Windows 2000 and Window Server 2003 operating systems. The product is primarily used to secure access to Web-based e-mail, portals, and internal Web sites, and works in conjunction with other members of the Windows Server System, including Exchange (with Outlook Web Access), Internet Information Services (IIS), and Office SharePoint Portal Server.

Perhaps the biggest enhancement to ISA Server 2004 is the introduction of application-level filtering (or "deep stateful inspection") of HTTP traffic in the firewall component. With application-level filtering, Microsoft has given ISA Server 2004 the capability to block access to all executable Windows content, regardless of the file name extension used. Numerous other enhancements also spawn off this key new feature, including the capability to set much more detailed security policies. More granular control of IP-level protocols, a new user interface, new configuration wizards, and improved authentication have also been added to the ISA product, the company says. In all, Microsoft lists 55 new features or improvements to existing features in ISA Server 2004 (the entire list is available on Microsoft's site).

ISA Server 2004 replaces ISA Server 2000 and runs on Windows 2000 Server or Advanced Server, with Service Pack 4 or later, Windows 2000 Datacenter Server, or Windows Server 2003 Standard Edition or Enterprise Edition. Pricing for ISA Server 2004 Standard Edition starts at $1,499 per processor and will install on servers with up to four processors. There is also an ISA Server 2004 Enterprise Edition in the works, a kicker to the ISA 2000 Server Enterprise Edition that Microsoft created for high-bandwidth Web sites that need to cluster servers to create much larger Web caches and firewalls. Microsoft has not talked about the pricing or delivery date for ISA Server 2004 Enterprise Edition, except to say that it is coming soon.

In addition to selling ISA Server 2004 as a stand-alone product, Microsoft is partnering with hardware vendors to sell firewall and VPN security appliances, including HP's ProLiant DL320 Firewall/VPN/Cache Server, which Microsoft and HP announced in May (see "HP, Microsoft Partner on Security Appliance, Tools"). Several other partners have also announced plans to deliver hardware solutions based on ISA Server 2004, including Celestix Networks, Pyramid Computer, RimApp Technologies, Network Engines, and Wortmann AG. Microsoft has also partnered with leading antivirus, antispam, encryption, and Web filtering vendors for ISA Server 2004.

In a related enhancement, Microsoft announced its Network Access Protection (NAP) technology and roadmap for supporting NAP, which will provide a framework for checking users who try to access a network. If somebody tries to access a network using a PC that is not fully patched or presents other security risks, full access to network assets won't be given until that person complies with the company's security policy.

Microsoft is working with 25 antivirus, patch management, and systems management vendors to support NAP, says Mike Nash, corporate vice president for the security business and technology unit at Microsoft. The NAP capability will be delivered with the upcoming "R2" release of Windows Server 2003, he says. That R2 release is due in 2005 and should not be confused with Windows Server 2003 Service Pack 1.

Sponsored By
UNISYS/MICROSOFT

Join the escape from UNIX.

The Windows Data Center is here.

The revolution has begun.

The Windows Data Center: The low-cost, high-performance answer to complexity.

Decisions about your data center never have to be made by default again. Introducing the proven alternative to UNIX: The Windows® Data Center. Featuring the Unisys ES7000 family of servers running new Microsoft® Windows Server 2003, it's a solution that brings revolutionary performance and low-cost standardization to the enterprise like never before.

With mainframe-like integrity, the ES7000 and Windows Server 2003 fully optimize today's enterprise data center. It's no wonder nearly 50% of large organizations are standardizing on Windows operating systems.(1)

And by focusing solely on enabling standardized, end-to-end Windows data centers, Unisys helps generate staff efficiencies, increase agility, and mitigate risks-all while achieving greater return on technology investment.

So if you've had quite enough of your inflexible data center, let us help you escape. After all, nobody wants to be on the wrong side of a revolution.

For More Information
Call 1-800-548-3443 or visit
WeHaveTheWayOut.com


© 2003 Unisys Corporation and Microsoft Corporation. Unisys is a registered trademark of Unisys Corporation. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. (1) Unisys primary market research 1Q03.
Editor: Alex Woodie
Managing Editor: Shannon Pastore
Contributing Editors: Dan Burger, Joe Hertvik, Kevin Vandever,
Shannon O'Donnell, Timothy Prickett Morgan, Victor Rozek, Hesh Wiener,
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

THIS ISSUE
SPONSORED BY:

Guild Companies
Unisys/Microsoft
Geekcorps
Stalker Software
Winternals Software


BACK ISSUES

TABLE OF
CONTENTS
Microsoft CEO Steve Ballmer Says Company Needs to Refocus

Microsoft Targets Network Security with ISA Server 2004 and NAP

Bull Beefs Up NovaScale Itanium Servers

Why Sun and Microsoft Should Merge Java and .NET

But Wait, There's More


The Four Hundred
IBM Raises Rates on iSeries Financing Deals

Host Access Vendors Wary About Windows XP SP2

Governments to Go Ga-Ga for Linux?

The Linux Beacon
NEC Pushes SuSE Enterprise Server 9 Performance Up

HP, Red Hat Launch Sophisticated File Systems for Linux

Bull Beefs Up NovaScale Itanium Servers

The Unix Guardian
How Entry Unix and Guild Companiess Stack Up

Sun to Buy Supercomputer-Maker Cray?

The BSDs, SCO Await Intel's Nocona 64-Bit Xeon Servers


Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, 50 Park Terrace East, Suite 8F, New York, NY 10034
Privacy Statement