Solutions Fast Track - Dr. Tom Shinderamp;#039;s Configuring ISA Server 1002004 [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Dr. Tom Shinderamp;#039;s Configuring ISA Server 1002004 [Electronic resources] - نسخه متنی

Thomas W. Shinder; Debra Littlejohn Shinder

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Back Cover Dr. Tom Shinder's Configuring ISA Server 2004 Introduction Acknowledgments About the Authors Technical Editor A Note From the Publisher From Deb and Tom Shinder, Authors Chapter 1: Evolution of a Firewall: From Proxy 1.0 to ISA 2004 The Book: What it Covers and Who It's For It's in the Book: What We Cover This Book's For You: Our Target Audience Security: The New Star of the Show Security: What's Microsoft Got to Do with It? Security: A Policy-Based Approach Security: A Multilayered Approach Firewalls: The Guardians at the Gateway Firewalls: History and Philosophy Firewalls: Understanding the Architecture Firewalls: Features and Functionality Firewalls: Role and Placement on the Network ISA: From Proxy Server to Full-Featured Firewall ISA: A Glint in MS Proxy Server's Eye ISA: A Personal Philosophy Summary Chapter 2: Examining the ISA Server 2004 Feature Set The New GUI: More Than Just a Pretty Interface Examining the Graphical Interface Examining The Management Nodes Teaching Old Features New Tricks Enhanced and Improved Remote Management Enhanced and Improved Firewall Features Enhanced and Improved Virtual Private Networking and Remote Access Enhanced and Improved Web Cache and Web Proxy Enhanced and Improved Monitoring and Reporting Multi-Networking Support New Application Layer Filtering (ALF) Features VPN Quarantine Control Missing in Action: Gone but Not Forgotten Live Media Stream Splitting H.323 Gateway Bandwidth Control Active Caching Summary Solutions Fast Track New GUI: More Than Just a Pretty Face Teaching Old Features New Tricks New Features on the Block Missing in Action: Gone But Not Forgotten Frequently Asked Questions Chapter 3: Stalking the Competition: How ISA 2004 Stacks Up Firewall Comparative Issues The Cost of Firewall Operations Specifications and Features Comparing ISA 2004 to Other Firewall Products ISA Server 2004 Comparative Points Comparing ISA 2004 to Check Point Comparing ISA 2004 to Cisco PIX Comparing ISA 2004 to NetScreen Comparing ISA 2004 to SonicWall Comparing ISA 2004 to WatchGuard Comparing ISA 2004 to Symantec Enterprise Firewall Comparing ISA 2004 to Blue Coat SG Comparing ISA 2004 to Open Source Firewalls Summary Comparing Architecture Comparing Functionality Comparing Cost Solutions Fast Track Firewall Comparative Issues Comparing ISA 2004 to Other Firewall Products Frequently Asked Questions Chapter 4: ISA 2004 Network Concepts and Preparing the Network Infrastructure Our Approach to ISA Firewall Network Design and Defense Tactics Defense in Depth ISA Firewall Fallacies Software Firewalls are Inherently Weak You Can't Trust Any Service Running on the Windows Operating System to be Secure ISA Firewalls Make Good Proxy Servers, but I Need a 'Real Firewall' to Protect My Network ISA Firewalls Run on an Intel Hardware Platform, and Firewalls Should Have 'No Moving Parts' 'I Have a Firewall and an ISA Server' Why ISA Belongs in Front of Critical Assets A Better Network and Firewall Topology Tom and Deb Shinder's Configuring ISA 2004 Network Layout Creating the ISALOCAL Virtual Machine How ISA Firewall’s Define Networks and Network Relationships ISA 2004 Multinetworking The ISA Firewall’s Default Networks Creating New Networks Controlling Routing Behavior with Network Rules The ISA 2004 Network Objects ISA Firewall Network Templates Dynamic Address Assignment on the ISA Firewall’s External Interface Dial-up Connection Support for ISA firewalls, Including VPN Connections to the ISP “Network Behind a Network” Scenarios (Advanced ISA Firewall Configuration) Web Proxy Chaining as a Form of Network Routing Firewall Chaining as a Form of Network Routing Configuring the ISA Firewall as a DHCP Server Summary Solutions Fast Track Our Approach to the ISA Firewall Network Design and Defense Tactics Tom and Deb Shinder's Configuring ISA 2004 Network Layout How ISA Firewalls Define Networks and Network Relationships Frequently Asked Questions Chapter 5: ISA 2004 Client Types and Automating Client Provisioning Understanding ISA 2004 Client Types Understanding theISA 2004 SecureNAT Client Name Resolution for SecureNAT Clients Name Resolution and 'Looping Back' Through the ISA 2004 Firewall Understanding the ISA 2004 Firewall Client ISA 2004 Web Proxy Client ISA 2004 Multiple Client Type Configuration Deciding on an ISA 2004 Client Type Automating ISA 2004 Client Provisioning Configuring DHCP Servers to Support Web Proxy and Firewall Client Autodiscovery Configuring DNS Servers to Support Web Proxy and Firewall Client Autodiscovery Special Considerations for VPN Clients Automating Installation of the Firewall Client Configuring Firewall Client and Web Proxy Client Configuration in the ISA Management Console Group Policy Software Installation Silent Installation Script Systems Management Server (SMS) Summary Solutions Fast Track Understanding the ISA 2004 SecureNAT Client Understanding the ISA 2004 Web Proxy Client Understanding the ISA 2004 Firewall Client Frequently Asked Questions Chapter 6: Installing and Configuring the ISA Firewall Software Pre-installation Tasks and Considerations System Requirements Configuring the Routing Table DNS Server Placement Configuring the ISA Firewall's Network Interfaces Unattended Installation Installation via a Terminal Services Administration Mode Session Performing a Clean Installation on a Multihomed Machine Default Post-installation ISA Firewall Configuration The Post-installation System Policy Performing an Upgrade Installation Performing a Single NIC Installation (Unihomed ISA Firewall) Quick Start Configuration for ISA Firewalls Configuring the ISA Firewall's Network Interfaces Installing and Configuring a DNS Server on the ISA Server Firewall Installing and Configuring a DHCP Server on the ISA Server Firewall Installing and Configuring the ISA Server 2004 Software Configuring the Internal Network Computers Hardening the Base ISA Firewall Configuration and Operating System ISA Firewall Service Dependencies Service Requirements for Common Tasks Performed on the ISA Firewall Client Roles for the ISA Firewall Lockdown Mode Connection Limits DHCP Spoof Attack Prevention Summary Solutions Fast Track Pre-installation considerations Performing a clean installation Default Post-install System Policy and Firewall Configuration Frequently Asked Questions Chapter 7: Creating and Using ISA 2004 Firewall Access Policy Introduction ISA Firewall Access Rule Elements Protocols User Sets Content Types Schedules Network Objects The Rule Action Page The Protocols Page The Access Rule Sources Page The Access Rule Destinations Page The User Sets Page Access Rule Properties The Access Rule Context Menu Options Configuring RPC Policy Configuring FTP Policy Configuring HTTP Policy Ordering and Organizing Access Rules How to Block Logging for Selected Protocols Disabling Automatic Web Proxy Connections for SecureNAT Clients Using Scripts to Populate Domain Name Sets Using the Import Scripts Extending the SSL Tunnel Port Range for Web Access to Alternate SSL Ports Avoiding Looping Back through the ISA Firewall for Internal Resources Anonymous Requests Appear in Log File Even When Authentication is Enforced For Web (HTTP Connections) Blocking MSN Messenger using an Access Rule Allowing Outbound Access to MSN Messenger via Web Proxy Changes to ISA Firewall Policy Only Affects New Connections Configure the Routing Table on the Upstream Router Configure the Network Adaptors Install the ISA Server 2004 Firewall Software Install and Configure the IIS WWW and SMTP Services on the DMZ Server Create the DMZ Network Create the Network Rules Between the DMZ and External Network and for the DMZ and Internal Network Create Server Publishing Rule Allowing DNS from DMZ to Internal Create an Access Rule Allowing DNS from Internal to External Create an Access Rule Allowing DNS from Internal to External Create an Access Rule Allow HTTP from External to DMZ Create an Access Rule Allowing SMTP from External to DMZ Test the Access Rules from External to DMZ Test the DNS Rule from the DMZ to the Internal Network Change the Access Rule Allowing External to DMZ by Disabling the Web Proxy Filter Allowing Intradomain Communications through the ISA Firewall Solutions Fast Track Configuring Access Rules for Outbound Access through the ISA Firewall Using Scripts to Populate Domain Name Sets Creating and Configuring a Public Address Trihomed DMZ Network Frequently Asked Questions Chapter 8: Publishing Network Services with ISA 2004 Firewalls Overview of Web Publishing and Server Publishing Web Publishing Rules Server Publishing Rules The Select Rule Action Page The Define Website to Publish Page The Public Name Details Page The Select Web Listener Page and Creating an HTTP Web Listener The User Sets Page The Web Publishing Rule Properties Dialog Box Creating and Configuring SSL Web Publishing Rules SSL Bridging Importing Web Site Certificates into The ISA Firewall's Machine Certificate Store Requesting a User Certificate for the ISA Firewall to Present to SSL Web Sites Creating an SSL Web Publishing Rule Creating Server Publishing Rules The Server Publishing Rule Properties Dialog Box Server Publishing HTTP Sites Creating Mail Server Publishing Rules The Web Client Access: Outlook Web Access (OWA), Outlook Mobile Access, Exchange Server ActiveSync Option The Client Access: RPC, IMAP, POP3, SMTP Option Summary Solutions Fast Track Overview of Web Publishing and Server Publishing Creating and Configuring Non-SSL Web Publishing Rules Creating and Configuring SSL Web Publishing Rules Frequently Asked Questions Chapter 9: Creating Remote Access and Site-to-Site VPNs with ISA Firewalls Overview of ISA Firewall VPN Networking Firewall Policy Applied to VPN Client Connections Firewall Policy Applied to VPN Site-to-Site Connections VPN Quarantine User Mapping of VPN Clients SecureNAT Client Support for VPN Connections Site-to-Site VPN Using Tunnel Mode IPSec Publishing PPTP VPN Servers Pre-shared Key Support for IPSec VPN Connections Advanced Name Server Assignment for VPN Clients Monitoring of VPN Client Connections Creating a Remote Access PPTP VPN Server Enable the VPN Server Create an Access Rule Allowing VPN Clients Access to Allowed Resources Enable Dial-in Access Test the PPTP VPN Connection Issue Certificates to the ISA Firewall and VPN Clients Test the L2TP/IPSec VPN Connection Monitor VPN Clients Using a Pre-shared Key for VPN Client Remote Access Connections Creating a PPTP Site-to-Site VPN Create the Remote Site Network at the Main Office Create the Network Rule at the Main Office Create the Access Rules at the Main Office Create the VPN Gateway Dial-in Account at the Main Office Create the Remote Site Network at the Branch Office Create the Network Rule at the Branch Office Create the Access Rules at the Branch Office Create the VPN Gateway Dial-in Account at the Branch Office Activate the Site-to-Site Links Enable the System Policy Rule on the Main Office Firewall to Access the Enterprise CA Request and install a Web Site Certificate for the Main Office Firewall Configure the Main Office ISA Firewall to Use L2TP/IPSec for the Site-to-Site Link Enable the System Policy Rule on the Branch Office Firewall to Access the Enterprise CA Request and Install a Web Site Certificate for the Branch Office Firewall Configure the Main Office ISA Firewall to Use L2TP/IPSec for the Site-to-Site Link Activate the L2TP/IPSec Site-to-Site VPN Connection Configuring Pre-shared Keys for Site-to-Site L2TP/IPSec VPN Links IPSec Tunnel Mode Site-to-Site VPNs with Downlevel VPN Gateways Using RADIUS for VPN Authentication and Remote Access Policy Configure the Internet Authentication Services (RADIUS) Server Create a VPN Clients Remote Access Policy Remote Access Permissions and Domain Functional Level Changing the User Account Dial-in Permissions Changing the Domain Functional Level Controlling Remote Access Permission via Remote Access Policy Enable the VPN Server on the ISA Firewall and Configure RADIUS Support Create an Access Rule Allowing VPN Clients Access to Approved Resources Make the Connection from a PPTP VPN Client Using EAP User Certificate Authentication for Remote Access VPNs Configuring the ISA Firewall Software to Support EAP Authentication Enabling User Mapping for EAP Authenticated Users Issuing a User Certificate to the Remote Access VPN Client Machine Supporting Outbound VPN Connections through the ISA Firewall Installing and Configuring the DHCP Server and DHCP Relay Agent on the ISA Firewall Creating a Site-to-Site VPN Between an ISA Server 2000 and ISA Firewall Run the Local VPN Wizard on the ISA Server 2000 firewall Change the Password for the Remote VPN User Account Change the Credentials the ISA Server 2000 Firewall uses for the Demand-dial Connection to the Main Office Change the ISA Server 2000 VPN Gateway's Demand-dial Interface Idle Properties Create a Static Address Pool for VPN Clients and Gateways Run the Remote Site Wizard on the Main Office ISA firewall Create a Network Rule that Defines the Route Relationship Between the Main and Branch Office Create Access Rules Allowing Traffic from the Main Office to the Branch Office Create the User Account for the Remote VPN Router Test the connection A Note on VPN Quarantine Summary Solutions Fast Track Overview of ISA Firewall VPN Networking Creating a Remote Access PPTP VPN Server Creating a Remote Access L2TP/IPSec Server Frequently Asked Questions Chapter 10: ISA 2004 Stateful Inspection and Application Layer Filtering Introduction Application Filters The SMTP Filter and Message Screener The DNS Filter The POP Intrusion Detection Filter The SOCKS V4 Filter The FTP Access Filter The H.323 Filter The MMS Filter The PNM Filter The PPTP Filter The RPC Filter The RTSP Filter Web Filters The HTTP Security Filter (HTTP Filter) The ISA Server Link Translator The Web Proxy Filter The SecurID Filter The OWA Forms-based Authentication Filter The RADIUS Authentication Filter IP Filtering and Intrusion Detection/Intrusion Prevention Common Attacks Detection and Prevention DNS Attacks Detection and Prevention IP Options and IP Fragment Filtering Summary Solutions Fast Track Application Layer Filters Web Filters Intrusion Detection and Prevention Frequently Asked Questions Chapter 11: Accelerating Web Performance with ISA 2004 Caching Capabilities Understanding Caching Concepts Web Caching Types Web Caching Architectures Web Caching Protocols Understanding ISA Server 2004's Web Caching Capabilities Using the Caching Feature Understanding Cache Rules Understanding the Content Download Feature Configuring ISA Server 2004 as a Caching Server Enabling and Configuring Caching How to Configure Caching Properties Creating Cache Rules Configuring Content Downloads Summary Fast Track Frequently Asked Questions Chapter 12: Using ISA Server 2004's Monitoring, Logging, and Reporting Tools Introduction Exploring the ISA Server 2004 Dashboard Dashboard Sections Configuring and Customizing the Dashboard Creating and Configuring ISA Server 2004 Alerts Alert-triggering Events Viewing the Predefined Alerts Creating a New Alert Modifying Alerts Viewing Triggered Alerts Monitoring ISA Server 2004 Connectivity, Sessions, and Services Configuring and Monitoring Connectivity Monitoring Sessions Monitoring Services Working with ISA Server 2004 Logs and Reports Understanding ISA Server 2004 Logs Generating, Viewing, and Publishing Reports with ISA Server 2004 Using ISA Server 2004's Performance Monitor Solutions Fast Track Exploring the ISA Server 2004 Dashboard Creating and Configuring ISA Server 2004 Alerts Monitoring ISA Server 2004 Sessions and Services Working with ISA Server 2004 Logs and Reports 1Using ISA Server 2004's Performance Monitor Frequently Asked Questions Appendix: Network Security Basics Introduction Security Overview Defining Basic Security Concepts Knowledge is Power Think Like a Thief Security Terminology Addressing Security Objectives Controlling Physical Access Preventing Accidental Compromise of Data Preventing Intentional Internal Security Breaches Preventing Unauthorized External Intrusions Recognizing Network Security Threats Understanding Intruder Motivations Classifying Specific Types of Attacks Designing a Comprehensive Security Plan Evaluating Security Needs Understanding Security Ratings Legal Considerations Designating Responsibility for Network Security Designing the Corporate Security Policy Educating Network Users on Security Issues Incorporating ISA Server in your Security Plan ISA Server Intrusion Detection Implementing a System Hardening Plan with ISA Summary Index Numbers Index A Index B Index C Index D Index E Index F Index G Index H Index I Index J Index K Index L Index M Index N Index O Index P Index Q Index R Index S Index T Index U Index V Index W Index Z List of Figures List of Tables List of Sidebars

توضیحات
افزودن یادداشت جدید





















Solutions Fast Track





Firewall Comparative Issues








If you take a look at the product lines of most of the major firewall 'appliance' vendors, you'll find from three to ten or more different models, not to mention a variety of different licensing schemes and plenty of 'add-ons' that enhance functionality and come at extra cost.











Constructing an intelligent comparison of the products of different vendors can be a daunting task, and often there is no clear-cut 'winner' in such a comparison. Instead, you find that making the right choice depends very much on your existing network infrastructure, the role you want the firewall to play, and a tradeoff of some features for others.











As you dig deeper into the comparative features, you begin to realize that a simple cost comparison is meaningless. A comparative analysis must also take into account the administrative overhead, licensing structure, and feature sets of the products being compared.











To those who may have the ultimate decision-making authority (the Chief Financial Officer, purchasing agent, or small business owner), cost is a very important consideration. It's important to remember, however, that cost involves a lot more than just the initial purchase price of an appliance or software/hardware package.











In comparing different products, you need to address each of the following: Capital investment, Add-on modules and enhancements, Licensing structures, Support, Upgrade, and Total Cost of Ownership (TCO)











In calculating the TCO for each of the competing products, you must consider not only each of the direct costs we discuss in the preceding paragraphs, but also indirect costs such as learning curve, administrative overhead, productivity and downtime costs.











Once we get cost issues out of the way and determine a budget within which we must work, the second broad category for comparison deals with the features and functionalities of each product.











General specifications relate to the included hardware (for appliances) or the minimum hardware requirements (for software firewalls), as well as how scalable, extensible and reliable the product has proven to be in deployment, and whether and how it supports high availability/fault tolerance features such as clustering/failover and load balancing.











Product data sheets from vendor Web sites can provide a starting point, but as you narrow down your choices, you'll want to dig deeper and read independent product reviews and/or talk to IT professionals who have personally worked with the particular products you're considering.











Some important firewall features to compare include Application Layer Filtering (ALF), protocol support, intrusion detection, firewall throughput and number of simultaneous connections supported, logging and reporting capabilities.











Most modern firewalls, other than those intended only as personal firewalls or 'telecommuter' models, include integrated VPN gateways. There are several factors to consider when comparing VPN support of different security devices.











Some factors to consider when comparing VPN functionality include VPN protocol support, types of VPN supported (remote access and/or site-to-site), VPN client costs and functionality, number of simultaneous VPN connections allowed, VPN throughput, VPN quarantine capabilities.











There are a number of features to consider in comparing Web-caching solutions. Which features you need will be dependent on factors such as the size and structure of your organization, how and how much external Web access is used by those on your network, and whether your organization hosts its own Web servers.











Some factors to consider when comparing Web-caching capability include forward-caching capability, reverse-caching capability, support for distributed and hierarchical caching, and use of caching rules.











Another factor that may or may not be important to your organization is whether the firewall product you're considering has been 'certified.' To be meaningful, certification should be done by an independent entity (not a vendor) based on a standardized course of hands-on testing in a lab (not just a 'paper' comparison of features).











ICSA Labs is the most well recognized organization providing testing and certification of firewalls and other network security products.











Comparing ISA 2004 to Other Firewall Products








Microsoft defines ISA Server 2004 as 'an advanced application layer firewall, VPN, and Web cache solution that enables customers to easily maximize existing IT investments by improving network security and performance.'











ISA Server 2004 includes the following key features: multi-layer inspection, advanced application layer filtering, secure inbound traffic and protection from 'inside attacks' via VPN client connections, integrated multi-networking capabilities, network templates, and stateful routing and inspection.











ISA Server 2004's ease of use features include: simple, easy to learn and use management tools; prevention of network access downtime; savings on bandwidth costs; integration with Windows Active Directory, third party VPN solutions and other existing infrastructure; a thriving community of partners, users and Web resources.











ISA Server 2004's high-performance features include: ability to provide fast, secure anywhere/anytime access; a safe, reliable and high-performance infrastructure; an integrated single-server solution; a way to scale out the security infrastructure; enhanced network performance, and reduced bandwidth costs.











ISA Server 2004 is a software firewall, which can be installed on Windows 2000 Server (with Service Pack 4 or above) or Windows Server 2003. Internet Explorer 6, or later, must be installed.











ISA Server is reliable, scalable, and extensible, and supports high availability through the Windows Server 2003 Network Load Balancing (NLB) service.











ISA Server offers compatibility and interoperability with Active Directory, with Exchange server and other Microsoft Server System products, and in a mixed network environment.











ISA Server 2004 provides administrators with a friendly graphical interface that not only has many advantages over most of its competitors, but also is a big improvement over the ISA Server 2000 interface.











ISA Server 2004 provides remote management capability through the ISA Server management console and the Remote Desktop Protocol (RDP).











ISA Server 2004 provides improved logging and reporting through the dashboard, alerts, the sessions panel, connectivity monitors, the report configuration wizard, and the ability to view connection information in real time.











One of the major strengths of ISA Server 2004 is its ability to perform application layer filtering (ALF). The application layer filtering feature allows the ISA Server 2004 firewall to protect against attacks that are based on weaknesses or holes in a specific application layer protocol or service.











ISA Server 2004 includes the following features that set it apart from the competition: secure Exchange RPC filter, link translation filter, and the OWA forms-based filter.











ISA Server 2004 includes a collection of intrusion detection filters that are licensed from Internet Security Systems (ISS). These intrusion detection filters are focused on detecting and blocking network layer attacks. In addition, ISA Server 2004 includes intrusion detection filters that detect and block application layer attacks.











ISA Server 2004 supports the following VPN protocols: Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol/IPSec (L2TP/IPSec), and IPSec Tunnel Mode.











The ISA Server 2004 VPN feature supports two types of VPN connections: Remote Access VPN and Site-to-site VPN.











The ISA Server 2004 VPN quarantine feature increases the security of VPN client connections by 'pre-qualifying' VPN clients before they are allowed to connect to the corporate network.











In addition to ISA Server 2004's firewall and VPN features, the ISA Server 2004 firewall can also act as a Web proxy server. The ISA Server 2004 machine can be deployed as a combined firewall and Web-caching server, or as a dedicated Web-caching server.











ISA Server 2004 supports forward and reverse caching, and multiple ISA servers can be configured to use distributed and hierarchical caching.











Check Point's add-on modules have to be purchased at extra cost, in many cases for functionality that is included at no extra charge with ISA Server.











Check Point includes no Web-caching functionality; this must be added as an off-box solution or via add-on modules.











Check Point's SecureClient software costs extra, and is needed to add VPN client configuration verification, similar to ISA Server's VPN quarantine feature that is included at no extra cost.











Cisco PIX requires add-on third party products to provide functionalities such as deep content inspection that are included with ISA Server at no cost.











Cisco PIX includes no Web caching functionality; this must be added by purchasing a Cisco Content Engine or a third-party caching solution.











Enforcement of VPN configuration policy for PIX requires the proprietary Cisco Secure VPN client v3.x or above.











NetScreen requires that additional appliances or third party products be purchased to provide functionalities included with ISA Server (more sophisticated intrusion detection/deep content inspection, caching).











NetScreen uses a proprietary VPN client or security client (which includes personal firewall) that must be purchased at extra cost.











VPN configuration enforcement with NetScreen only enforces client firewall policy.











SonicWall requires that additional appliances or third-party products be purchased to provide functionalities included with ISA Server (more sophisticated intrusion detection/deep content inspection, caching).











NetScreen uses a proprietary VPN client that must be purchased at extra cost.











Downloading of client configuration data from VPN gateway requires security client.











WatchGuard does not include application proxies on its low cost models. ALF includes only HTTP, FTP, DNS.











WatchGuard provides no Web-caching functionality. Cost of adding a caching solution must be factored in when comparing cost with ISA server.











WatchGuard uses proprietary remote VPN client software that must be purchased at extra cost.











Symantec requires that additional appliances or third party products be purchased to provide functionalities included with ISA Server (more sophisticated intrusion detection/deep content inspection, caching).











Symantec provides no Web-caching functionality. Cost of adding a caching solution must be factored in when comparing cost with ISA server.











Symantec uses proprietary remote VPN client software that must be purchased at extra cost.











Blue Coat is the only one of ISA Server 2004's major competitors that includes Web-caching functionality.











Blue Coat does not include site-to-site VPN gateway or remote access VPN functionality.











Blue Coat requires that content filtering be done through a third-party service.











Open source firewalls are more popular with highly technical individuals (such as hackers) and those who advocate and are familiar with open source operating systems.











The cost advantage of open source firewalls is often offset by difficulty of use, lack of documentation, lack of technical support, and weak or missing logging and alerting features.











IPChains provides rudimentary firewall functionality and does not include services usually taken for granted in commercial firewall products such as ALF, VPN gateway, IDS, and others.











The Juniper Firewall ToolKit was developed by Obtuse Systems to run on Linux and BSD/FreeBSD. It was based on ipfirewall and offered as a toolkit for building proxy firewalls.











Ipfirewall is a kernel packet filter that comes with FreeBSD. It performs network-layer packet filtering only; application-layer filtering must be done by another program/service.











IPCop is a user-friendly firewall that runs on Linux and is managed from a Web UI, thus it can be managed remotely. It includes NAT functionality to protect a small LAN. It is based on the Smoothwall code and licensed under the GNU GPL. The firewall is based on ipchains.











IPCop was designed for home and SOHO users rather than enterprise-level networks.











/ 145