Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

The Next Version of ISA Server (“live” from TechEd EMEA)

The Next Version of ISA Server (“live” from TechEd EMEA)

  • Comments 2
  • Likes

If is once again one of these posts with the start like “I am just sitting in a session…”. Actually I had some time today to visit sessions and look into some things I have never seen. We often have discussions around the future of our products and what we in the field think should be in there. Then you see just slide ware but sometimes it is not too easy to keep up with the pace of the developers in all the products and see what they are actually developing and how it looks today.

Therefore I took the opportunity to sit in a session on”he Next Version of ISA Serve: A Sneak Peak Demo

Let me give you an update on it (no particular order, just the way I saw it today):

  • ISA Server will be renamed in Threat Management Gateway and will be part of the Forefront Suite. Therefore TMG (the new abbreviation for Threat Management Gateway) will collaborate and share information with the other Forefront products in your network (e.g. Forefront Client Security, NAP etc) in order to assess the threats and protect information. This would mean that if a client sends out information to the Internet on an unusual level, we will block it, but it into Quarantine and Scan it… Way cool.
    • It you want to, you can block encrypted zip-files :)
  • Web Protection:
    • Scan files that are downloaded by the users for malware and block them on the gateway by the TMG server.
      • We can even inspect outbound SSL traffic as we are bridging SSL on the server if you want it. The user is informed that SSL will be inspected. This is very important from a privacy perspective. So, with this technology we can block invalid or expired certs. Last but not least here, you can exclude certain sites or site groups (e.g. Finance and Banking) from the SSL inspection. So, you can configure it the way that you do not inspect the traffic but the certificate will be validated or nothing is done at all.
      • For large files, the user gets a page to inform him/her that the file is downloaded by the TMG server and scanned there. If it is ok, it is forwarded to the client. Whether this is kicked off it decided by the download time (more than 10s).
      • We can handle files in cache as well.
    • We include URL filtering
      • Block sites you do not want the users to browse to
      • We can even categorize sites (e.g. to categorize them as Malicious) and you can override the setting as you need.
  • Logging and Reporting
    • The console itself still looks very similar to what you are used to from ISA Server 2006 – there is no need to change a lot, isn’t it?
    • We enhanced logging with e.g. the information we just touched upon above.
    • There is a new node called Web Access Policy where you configure all the different policies above. There is even a really good wizard to deploy these policies.
  • Active Protection Technology (Network Intrusion System from Microsoft Research named GAPA)
    • GAPA will be part of Forefront Client Security as well.
    • As I said above, there will be quite some ways to protect your network from attacks. By determining unusual behavior we can block traffic from infected machines and in addition we would be able to kick off actions in the rest of the product suite.
    • We will deliver signatures to help you a little bit in order to gain some time before you patch as we learned that the average customer needs more than a month to deploy a security update. To be clear here: This does not replace proper patch management!
  • Network Access Protection
    • We include NAP into the VPN part of the product. We had quarantine in the VPN implementation of ISA Server 2004 already. However, for a lot of customers that took them a long time to deploy as they had to write customer scripts. With NAP you can build on the same technology you can deploy on your network and it is much easier than the scripting version. However, do not just switch it on – this is a project not just a feature…..
    • The nice thing is that you not only check the machine during the logon but during the whole session. So, if the machine falls out of compliance during a session, it is taken into quarantine, fixed and brought back to the network again..
  • Array Support
    • You will be able to take two Standard server, join them and have an array. There will still be an Enterprise version to manage multiple arrays but for smaller deployments, this is definitely good news.
  • And a lot more

As I said: This is way cool���

I am looking forward to getting my hands on the final product!!!!

Roger

Comments
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment