Microsoft Firewall Strategy Faces Trial by Pyre

BOSTON (06/14/2000) - Microsoft Corp., long under siege over security issues in its products, is now trying to convince users it can control the dividing line between corporate networks and the Internet.

But the question is, will IT executives trust that sensitive security zone to Microsoft?

"Based on their recent record, I would say we're not that interested in a firewall from Microsoft," says Jeff Marden, network architect for Fairchild Semiconductor in Portland, Maine. Marden says most of his firm's security duties have been turned over to Unix and there are no plans on changing.

Skepticism such as Marden's is likely to be one of the biggest hurdles for Microsoft to overcome. Most IT executives are savvy about the benefits of firewalls and already have something in place.

If nothing else, the timing seems to be right for Microsoft. The software giant is making its move when many IT organizations are looking to software-based firewalls or routing filters to control the flow of traffic to and from the Internet, according to analysts. Those systems are replacing monolithic hardware-based firewalls.

Later this year, Microsoft will try to prove its case when the company releases its Internet Security and Acceleration (ISA) server. The server is a combination firewall and Web cache, replacing the Microsoft Proxy Server. It also can be run only as a firewall or only as a cache. The cache will help the performance of Web sites by storing content close to end users.

ISA is a big bet for Microsoft because the server is key not only for Windows DNA 2000, Microsoft's Web-based platform, but also BackOffice Server 2000, slated to ship by year-end. ISA does not work with Windows NT.

"If they make it more secure, more robust than Proxy, we'd like to see it," says Paul Meredith, network administrator for Steelox Systems in Mason, Ohio.

Currently Meredith relies on Proxy Server for his firewall needs, but he would like a more sophisticated product. He's also interested in the combination cache feature.

"It would help us out. We don't have a lot of extra money for a lot of extra bandwidth," he says.

Analysts are saying ISA looks to be a competent product but that Microsoft may face a few issues trying to sell it, including customer confidence.

"Microsoft's problem has not been just one product but an aggregation of security issues," say Jim Hurley, an analyst with Aberdeen Group Inc. in Boston. Hurley also says IT executives are starting to show strong interest in outsourcing firewall requirements, which would lessen the appeal of ISA.

Another issue is that a firewall is only part of any security plan. Market leader Checkpoint Software Technologies Ltd., for example, has a security package that integrates features such as VPN software and intrusion detection with its firewall.

ISA's firewall features include stateful inspection, integrated intrusion detection and data-aware application filters. Microsoft also has third parties that will add features such as reporting tools and URL blockers. Also, ISA will rely on Windows 2000 for VPN and user authentication.

"Putting a Web server up is a huge opportunity and risk," says Lucian Lui, product manager for ISA. "We're trying to mitigate that risk." Lui says the integration of ISA with Win 2000 will give customers features such as directory integration and bandwidth control they wouldn't get with other security products.

Join the newsletter!

Error: Please check your email address.

More about Aberdeen GroupMeredithMicrosoft

Show Comments