The Next Version of ISA Server (“live” from TechEd EMEA)
Direttamente dal TechEd di Barcellona, cominciano a trapelare indiscrezioni sulla nuova release di ISA Server, che come sappiamo si chiama Forefront TMG.
ISAserver.it, nella mia persona, come membro dell'Advisory Group ha gia' sotto mano una release del nuovo ISA. Purtroppo tutto è coperto da NDA, ma dal post di Roger Halbheer si comincia già a vedere di cosa si tratta...
- (...)ISA Server will be renamed in Threat Management Gateway and will be part of the Forefront Suite. Therefore TMG (the new abbreviation for Threat Management Gateway) will collaborate and share information with the other Forefront products in your network (e.g. Forefront Client Security, NAP etc) in order to assess the threats and protect information. This would mean that if a client sends out information to the Internet on an unusual level, we will block it, but it into Quarantine and Scan it… Way cool.
- It you want to, you can block encrypted zip-files :)
- Web Protection:
- Scan files that are downloaded by the users for malware and block them on the gateway by the TMG server.
- We can even inspect outbound SSL traffic as we are bridging SSL on the server if you want it. The user is informed that SSL will be inspected. This is very important from a privacy perspective. So, with this technology we can block invalid or expired certs. Last but not least here, you can exclude certain sites or site groups (e.g. Finance and Banking) from the SSL inspection. So, you can configure it the way that you do not inspect the traffic but the certificate will be validated or nothing is done at all.
- For large files, the user gets a page to inform him/her that the file is downloaded by the TMG server and scanned there. If it is ok, it is forwarded to the client. Whether this is kicked off it decided by the download time (more than 10s).
- We can handle files in cache as well.
- We include URL filtering
- Block sites you do not want the users to browse to
- We can even categorize sites (e.g. to categorize them as Malicious) and you can override the setting as you need.
- Logging and Reporting
- The console itself still looks very similar to what you are used to from ISA Server 2006 – there is no need to change a lot, isn’t it?
- We enhanced logging with e.g. the information we just touched upon above.
- There is a new node called Web Access Policy where you configure all the different policies above. There is even a really good wizard to deploy these policies.
- Active Protection Technology (Network Intrusion System from Microsoft Research named GAPA)
- GAPA will be part of Forefront Client Security as well.
- As I said above, there will be quite some ways to protect your network from attacks. By determining unusual behavior we can block traffic from infected machines and in addition we would be able to kick off actions in the rest of the product suite.
- We will deliver signatures to help you a little bit in order to gain some time before you patch as we learned that the average customer needs more than a month to deploy a security update. To be clear here: This does not replace proper patch management!
- Network Access Protection
- We include NAP into the VPN part of the product. We had quarantine in the VPN implementation of ISA Server 2004 already. However, for a lot of customers that took them a long time to deploy as they had to write customer scripts. With NAP you can build on the same technology you can deploy on your network and it is much easier than the scripting version. However, do not just switch it on – this is a project not just a feature…..
- The nice thing is that you not only check the machine during the logon but during the whole session. So, if the machine falls out of compliance during a session, it is taken into quarantine, fixed and brought back to the network again..
- Array Support
- You will be able to take two Standard server, join them and have an array. There will still be an Enterprise version to manage multiple arrays but for smaller deployments, this is definitely good news.
- And a lot more (...)
fonte: Blog Microsoft Technet
Il post completo è consultabile sul blog di Roger qui.