Securing E-mail Servers
ISA Server Feature Pack 1 helps protect the corporate network from
unwanted e-mail messages. It does this by building on the application layer
inspection capability of ISA Server to help filter e-mail messages by using
several criteria, including keywords. ISA Server Feature Pack 1 also provides
protection for remote Outlook users who access Exchange Server e-mail messages
over untrusted networks without a virtual private network (VPN). This leads to
higher productivity while minimizing security risk.
ISA Server
Feature Pack 1 includes the following:
- An enhanced Simple Mail Transfer Protocol (SMTP) filter.
This feature helps filter e-mail messages with increased reliability and
security. The filtering is based on the name, size, or extension of an
attachment, sender, domain, keyword, and any SMTP command and its
length.
- An enhanced Exchange remote procedure call (RPC) filter.
ISA Server protects Outlook e-mail communication to Exchange Server computers
over untrusted networks without setting up a VPN. This ability has been
enhanced in ISA Server Feature Pack 1 to do the following:
- Enforce RPC encryption. Administrators can now enforce
encryption of RPC traffic between Outlook and Exchange Server.
- Enable outbound RPC communication. ISA Server Feature
Pack 1 permits Outlook clients that are behind an ISA Server computer to access
external Exchange Server computers.
Securing Web Servers and OWA Servers
ISA Server Feature Pack 1 adds URLScan functionality. URLScan
enhances the protection of Web servers and Outlook Web Access (OWA) servers
from evolving types of Internet attacks. It helps stop malicious Web requests
at the ISA Server computer before the requests enter the network. Configuration
is also simplified; the administrator can define security settings on the
firewall only, instead of having to define the settings on every Web and OWA
server in the internal network.
Additionally, ISA Server Feature Pack
1 helps control access to Web and OWA servers by using improved authentication
through Basic Delegation and RSA SecureID Authentication.
Basic
Delegation of authentication helps increase security by allowing ISA Server to
authenticate Internet clients before passing the credentials to the protected
server. This also eliminates multiple logon prompts. Delegation is possible
with basic authentication (username and password) and can be enabled for each
Web publishing rule.
RSA SecureID authentication allows ISA to
authenticate Web users to an RSA ACE SecureID authentication server.
Ease of Use
ISA Server Feature Pack 1 includes the following:
- The OWA wizard. With this wizard, you can quickly and
easily configure ISA Server to help protect an OWA deployment.
- The RPC filter configuration wizard. With this wizard, you
can provide precise access to RPC services on the internal network instead of
allowing all RPC traffic.
- A link translator. Some intranet Web pages may include
references to internal names for computers. These references may appear as
broken links to users on the Internet. Using the link translator, you can
create a dictionary of definitions of internal computers that translate to the
names of externally available computers, including translating HTTP to HTTPS or
HTTPS to HTTP.
- Scenario walk-throughs and troubleshooting documentation.
You can use scenario walk-throughs and troubleshooting documentation to easily
configure and maintain Exchange Server and IIS deployments.
ISA Server Feature Pack 1 includes three download packages:
- Main Feature Pack Package: The installation file is
Isafp1.exe.
- URLScan Package: The installation file is
Isafp1ur.exe.
- RSA SecureID Package: The installation file is
Isafp1sd.exe.
To download ISA Server Feature Pack 1, visit the following
Microsoft Web site:
Previous Fixes Included with Feature Pack 1
318319 Access Violations Occur in the Web Proxy Service If an Impersonation Failure Occurs
317822 FIX: Problems with Web Browser if ISA Server 2000 Is Chained to an Upstream Web Proxy Server
307457 Incomplete HTML Pages and Random Authentication Messages Occur When ISA Server Is Chained to an Anonymous Upstream Web Proxy Server
297080 Incomplete HTML Pages and Random Authentication Prompts If ISA Server Is Chained to Upstream Proxy
312176 Heavy NTLM Authentication Traffic Occurs Between Internet Explorer and the Proxy Server
318005 ISA Firewall Service Cannot Start with More Than 85 IP Addresses on the External Network Adapter
319374 Web Proxy Service Stops Responding
321846 Incorrect Canonicalization in Rules Engine
323889 Unchecked Buffer in Gopher Protocol Handler Can Run Code of Attacker's Choice
319375 The CERT_CONTEXT Structure Variable Is Not Available for Web Filters in ISA
319376 How to Automatically Authenticate a User Against All Trusted Domains in ISA
326116 FIX: Cannot Renew DHCP Assigned IP Address on External ISA Interface
321219 FIX: Server Publish May Fail on Dial-up Links
319377 FIX: ISA Server Blocks Incoming Traffic Although a Valid Server Publishing Rule Exists
331063 Macintosh Outlook Clients Cannot Connect to Exchange Server Through Internet Security and Acceleration Server