Microsoft deepens firewall integration

Microsoft Corp. last week incorporated additional application-layer filtering technology into its firewall product that lets users secure remote access to e-mail and authentication to Web servers.

Microsoft released Feature Pack 1 for its Internet Security and Acceleration Server (ISA) with an emphasis on security services for Microsoft's Exchange Server and Internet Information Server, two frequent targets for hackers and malicious code.

Absent, however, was technology to addresses XML and Web services traffic. Microsoft is offering a set of rudimentary scripting tools but says the bulk of the security work in that area is yet to come.

While the improvements enhance security in the Microsoft environment, experts say they do nothing to move Microsoft up the firewall food chain.

"Until they make a decision to sell an appliance they are not a serious enterprise player," says John Pescatore, an analyst with Gartner. Pescatore says, however, the ISA Feature Pack does add some nice features to a bundle of Microsoft products finding favor in the company's core market - small to midsize businesses committed to Microsoft software.

With Feature Pack 1, Microsoft is enhancing the Exchange RPC Filter with rules that enforce 128-bit RPC encryption between Exchange Server and Outlook Web Access, a remote Web-based client. Administrators will have to configure individual clients to work in the encryption mode.

Feature Pack also adds two services for Web servers, including support for RSA SecurID for authentication to Web-based applications. Microsoft has licensed an RSA ACE/Server agent for use on ISA. The agent allows user authentication once at the firewall for access to any number of secured servers.

The other service is called URLScan and prevents the type of buffer overflow attacks that have become popular on Microsoft software. The technology was originally developed for ISS, but running it at the firewall provides consistent configuration and centralized deployment.

"We see application-layer filtering and deep-content inspection as key for security, and what we are doing here is just the tip of the iceberg," says Zachary Gutt, technical product manager for ISA. "Think of ISA as the filtering engine that services plug into such as RPC filtering and URL Scan."

Microsoft also has added a number of wizards to make it easier to configure ISA.

"They are absolutely on the right track with the application-layer filtering because the network firewall has been so successful in blocking other types of attacks," says Pete Lindstrom, research director for Spire Security, an analyst firm. But Lindstrom says Microsoft also is "throwing a lot of things at the wall to see what sticks."

Feature Pack 1 is available now as a free download and comes in three parts: the main installation, the URL scanning filter and the RSA SecurID filter.