Microsoft Internet Security and Acceleration (ISA) Server 2000 Feature Pack 1 is a set of features and documentation that is designed to provide enhanced security and ease of use for Microsoft Exchange Server and Internet Information Services (IIS) deployments. With the increasing use of e-mail and the Web for business processes and communications, enterprises require stronger protection for their e-mail servers and Web servers. They also need administrative simplicity with minimal security risk. Having a network that is more secure and easy to manage leads to less server downtime, higher employee productivity, and greater protection of business-critical information. ISA Server Feature Pack 1 helps companies realize these benefits.
Securing E-mail Servers
ISA Server Feature Pack 1 helps protect the corporate network from unwanted e-mail messages. It does this by building on the application layer inspection capability of ISA Server to help filter e-mail messages by using several criteria, including keywords. ISA Server Feature Pack 1 also provides protection for remote Outlook users who access Exchange Server e-mail messages over untrusted networks without a virtual private network (VPN). This leads to higher productivity while minimizing security risk.
ISA Server Feature Pack 1 includes the following:
- An enhanced Simple Mail Transfer Protocol (SMTP) filter. This feature helps filter e-mail messages with increased reliability and security. The filtering is based on the name, size, or extension of an attachment, sender, domain, keyword, and any SMTP command and its length.
- An enhanced Exchange remote procedure call (RPC) filter. ISA Server protects Outlook e-mail communication to Exchange Server computers over untrusted networks without setting up a VPN. This ability has been enhanced in ISA Server Feature Pack 1 to do the following:
- Enforce RPC encryption. Administrators can now enforce encryption of RPC traffic between Outlook and Exchange Server.
- Enable outbound RPC communication. ISA Server Feature Pack 1 permits Outlook clients that are behind an ISA Server computer to access external Exchange Server computers.
Securing Web Servers and OWA Servers
ISA Server Feature Pack 1 adds URLScan functionality. URLScan enhances the protection of Web servers and Outlook Web Access (OWA) servers from evolving types of Internet attacks. It helps stop malicious Web requests at the ISA Server computer before the requests enter the network. Configuration is also simplified; the administrator can define security settings on the firewall only, instead of having to define the settings on every Web and OWA server in the internal network.
Additionally, ISA Server Feature Pack 1 helps control access to Web and OWA servers by using improved authentication through Basic Delegation and RSA SecureID Authentication.
Basic Delegation of authentication helps increase security by allowing ISA Server to authenticate Internet clients before passing the credentials to the protected server. This also eliminates multiple logon prompts. Delegation is possible with basic authentication (username and password) and can be enabled for each Web publishing rule.
RSA SecureID authentication allows ISA to authenticate Web users to an RSA ACE SecureID authentication server.
Ease of Use
ISA Server Feature Pack 1 includes the following:
- The OWA wizard. With this wizard, you can quickly and easily configure ISA Server to help protect an OWA deployment.
- The RPC filter configuration wizard. With this wizard, you can provide precise access to RPC services on the internal network instead of allowing all RPC traffic.
- A link translator. Some intranet Web pages may include references to internal names for computers. These references may appear as broken links to users on the Internet. Using the link translator, you can create a dictionary of definitions of internal computers that translate to the names of externally available computers, including translating HTTP to HTTPS or HTTPS to HTTP.
- Scenario walk-throughs and troubleshooting documentation. You can use scenario walk-throughs and troubleshooting documentation to easily configure and maintain Exchange Server and IIS deployments.
ISA Server Feature Pack 1 includes three download packages:
- Main Feature Pack Package: The installation file is Isafp1.exe.
- URLScan Package: The installation file is Isafp1ur.exe.
- RSA SecureID Package: The installation file is Isafp1sd.exe.
To download ISA Server Feature Pack 1, visit the following Microsoft Web site:
Previous Fixes Included with Feature Pack 1
Access Violations Occur in the Web Proxy Service If an Impersonation Failure Occurs
FIX: Problems with Web Browser if ISA Server 2000 Is Chained to an Upstream Web Proxy Server
Incomplete HTML Pages and Random Authentication Messages Occur When ISA Server Is Chained to an Anonymous Upstream Web Proxy Server
Incomplete HTML Pages and Random Authentication Prompts If ISA Server Is Chained to Upstream Proxy
Heavy NTLM Authentication Traffic Occurs Between Internet Explorer and the Proxy Server
ISA Firewall Service Cannot Start with More Than 85 IP Addresses on the External Network Adapter
Web Proxy Service Stops Responding
Incorrect Canonicalization in Rules Engine
Unchecked Buffer in Gopher Protocol Handler Can Run Code of Attacker's Choice
The CERT_CONTEXT Structure Variable Is Not Available for Web Filters in ISA
How to Automatically Authenticate a User Against All Trusted Domains in ISA
FIX: Cannot Renew DHCP Assigned IP Address on External ISA Interface
FIX: Server Publish May Fail on Dial-up Links
FIX: ISA Server Blocks Incoming Traffic Although a Valid Server Publishing Rule Exists
Macintosh Outlook Clients Cannot Connect to Exchange Server Through Internet Security and Acceleration Server