A. ISA 2000 is Microsoft's latest offering for the Proxy Server solution but much more which at last offers real firewall functionality.
ISA is currently in beta stages and can be download from http://www.microsoft.com/ISAServer along with some information to allow you to such practising with it now.
The principals of ISA are the same as any other firewall/proxy server but it integrates very tightly with Windows 2000, in particularly Windows 2000 security, directory, virtual private networking (VPN), and bandwidth control with Quality of Service (QoS). ISA requires either Windows 2000 Server of Windows 2000 Advanced Server. The Active Directory is not required unless you wish to implement the cache array feature which allows multiple ISA servers to be chained together.
Also new to ISA is a SDK which allows other 3rd party vendors to develop applications that can hook into ISA to perform other value-adding tasks such as virus detection, site blocking/categorization at a firewall level.
Features at a glance:
|Multi-layer firewall||Maximize security with packet-level, circuit-level, and application-level traffic screening.|
|High-performance Web cache||Provide users with accelerated Web access and save network bandwidth.|
|Windows 2000 integration||Manage ISA Server users, configuration, and rules with Windows 2000 Active Directory™ service. Authentication, management tools, and bandwidth control extend Windows 2000 technologies.|
|Stateful inspection||Examine data crossing the firewall in the context of its protocol and the state of the connection.|
|Scalability||Add servers to scale up your cache easily and efficiently with dynamic load balancing and the Cache Array Routing Protocol (CARP). Maximize network availability and efficient bandwidth use with distributed and hierarchical caching.|
|Virtual private networking||Provide standards-based secure remote access with the integrated Virtual Private Networking services of Windows 2000.|
|Detailed rules for managing traffic and enforcing policy||Control network and Internet access by user, group, application, content type, schedule, and destination.|
|Broad application support||Integrate with major Internet applications using dozens of predefined protocols.|
|Transparency for all clients||Compatibility with clients and application servers on all platforms, with no client software required.|
|Smart application filters||Control application-specific traffic, such as e-mail and streaming media, with data-aware filters that block only certain types of content.|
|Smart caching||Ensure the freshest content for each user through proactive caching of popular objects, and pre-load the cache with entire Web sites on a defined schedule.|
|Rich administration tools||Take advantage of powerful remote management capability, detailed logging, customizable alerts, and graphical task pads to simplify security and cache management.|
|Dynamic packet filtering||Reduce the risk of external attacks by opening ports only when needed.|
|Distributed and hierarchical caching||Maximize availability and save bandwidth for efficient network utilization, with multiple and backup routes.|
|Integrated bandwidth control||Prioritize bandwidth allocation by group, application, site, or content type.|
|Secure publishing||Protect Web servers and e-commerce applications from external attacks.|
|Efficient content distribution||Distribute and cache Web sites and e-commerce applications, bringing Web content closer to users, improving response times and cutting bandwidth costs.|
|Integrated intrusion detection||Identify common denial-of-service attacks such as port scanning, "WinNuke," and "Ping of Death."|
|Built-in reporting||Run scheduled standard reports on Web usage, application usage, network traffic patterns, and security.|
|System hardening||Secure the operating system with multiple levels of lockdown.|
|Streaming media support||Save bandwidth by splitting live media streams on the firewall.|