Internet Security and Acceleration (ISA) Server is often bracketed as a firewall, but as well as being a highly capable firewall, performs a number of other functions which make it ideal for many solutions. So if you need a firewall, (and who doesn't?) using ISA Server will allow many other solutions to happen. But first...
Is It a Good Firewall?
Some people will tell you that because ISA server runs on Windows, it's not as secure as other firewalls, because Windows itself is "unsecure". Well, it's true that every month (and sometimes more often) Microsoft release patches to fix security flaws in Windows, which often garners media attention. This gives the impression that Windows is less secure than other platforms. However, all software has flaws and security holes - nothing is perfect. The fact that Windows is used on so many devices makes it the target for hackers - which in turn means flaws are found and patched far quicker than other platforms, and there are very few cases (maybe 1 a year?) where the flaw is exploited before a patch is released. So we believe ISA Server is the most tried and tested firewall you can get. But don't just take our word for it - compare the history of ISA vulnerabilities with the those of the firewall market leader, the Cisco Pix, at vulnerability tracking site, Secunia.
What Do We Do With ISA?
Because ISA can be deployed in so many ways, and is so critical to the integrity of the network, it's important to configure it correctly. Citric can provide expert consultancy in performing the following:
- Choosing appropriate hardware, for the server and internet connection.
- Finding a suitable connection provider/s.
- Deploying ISA on the network, ensuring appropriate routing is maintained
- Configure services, rules, permissions, monitoring and reporting.
- Troubleshoot and maintain existing ISA servers.
- Migrate other firewall solutions to ISA.
- Build solutions using ISA - see below.
Solutions Using ISA
ISA Server has a number of functions that can be configured to provide services beyond that of a traditional firewall. These can be used with other network services to build many solutions:
Solution 1: Secure Branch Office Connection
By deploying ISA at the HQ, and then at each branch office, network services based at the HQ can be securely accessed by users at each branch office. This removes the need for maintaining complex IT equipment at each branch location and simplifies the network. Rather than expensive leased lines, standard internet connections can be used. ISA enables the solution by reducing bandwidth requirements, supplying all required security features, fulfilling complex routing requirements, and even assists with the deployment, making additional branch offices easy to setup.
Solution 2: Home/Remote Working
Using ISA servers VPN capabilities, it is easy to ensure remote workers have secure access to network resources on a variety of devices. The easy maintenance of rules ensures a granular approach to security - for example, you could ensure one group of users only has access to the intranet site, while others can access the file system.
Solution 3: Make the Best Use of Your Bandwidth
The acceleration part of ISA Server's name comes from it's ability to cache (save files locally instead of downloading them from the internet) certain files as users request them. This saves bandwidth, enabling more new things to be downloaded, effectively increasing the speed at which the internet connection is experienced by users. Because you can also monitor what user's are downloading, and then place restrictions based on users, groups, time, type of content, etc, you can also prevent non-business or malicious use.
Solution 4: Securely Publish Sites and Services
The security features of ISA Server are very powerful. As well as blocking and opening specific ports (like an ordinary firewall) ISA also performs "Stateful inspection" using filters on the open ports. So if you open port 25 to receive incoming email, ISA will inspect traffic on that port to ensure that it is email coming in, and not some hacker trying to use that port to do naughty things. This also means it can be a anti-spam solution for email, anti-hacking solution for e-commerce sites - anything you need to protect once you've opened it to the internet.
Solution 5: All of the Above - Plus Many More!
You can use the same ISA box (or cluster) to provide all the solutions at once, plus anything else it's capable of doing. Unlike some firewall solutions, there are no licensing restrictions on the number of connections or interfaces you can use, it's really down to the capabilities of the hardware and complexity of configuration - but we'll make sure both of those are taken care of! Call us today to find out how ISA can be the answer to your network security issues.