MORE INFORMATION

Securing E-mail Servers

ISA Server Feature Pack 1 helps protect the corporate network from unwanted e-mail messages. It does this by building on the application layer inspection capability of ISA Server to help filter e-mail messages by using several criteria, including keywords. ISA Server Feature Pack 1 also provides protection for remote Outlook users who access Exchange Server e-mail messages over untrusted networks without a virtual private network (VPN). This leads to higher productivity while minimizing security risk.

ISA Server Feature Pack 1 includes the following:

• An enhanced Simple Mail Transfer Protocol (SMTP) filter. This feature helps filter e-mail messages with increased reliability and security. The filtering is based on the name, size, or extension of an attachment, sender, domain, keyword, and any SMTP command and its length.
• An enhanced Exchange remote procedure call (RPC) filter. ISA Server protects Outlook e-mail communication to Exchange Server computers over untrusted networks without setting up a VPN. This ability has been enhanced in ISA Server Feature Pack 1 to do the following:
  • Enforce RPC encryption. Administrators can now enforce encryption of RPC traffic between Outlook and Exchange Server.
  • Enable outbound RPC communication. ISA Server Feature Pack 1 permits Outlook clients that are behind an ISA Server computer to access external Exchange Server computers.

Securing Web Servers and OWA Servers

ISA Server Feature Pack 1 adds URLScan functionality. URLScan enhances the protection of Web servers and Outlook Web Access (OWA) servers from evolving types of Internet attacks. It helps stop malicious Web requests at the ISA Server computer before the requests enter the network. Configuration is also simplified; the administrator can define security settings on the firewall only, instead of having to define the settings on every Web and OWA server in the internal network.

Additionally, ISA Server Feature Pack 1 helps control access to Web and OWA servers by using improved authentication through Basic Delegation and RSA SecureID Authentication.

Basic Delegation of authentication helps increase security by allowing ISA Server to authenticate Internet clients before passing the credentials to the protected server. This also eliminates multiple logon prompts. Delegation is possible with basic authentication (username and password) and can be enabled for each Web publishing rule.

RSA SecureID authentication allows ISA to authenticate Web users to an RSA ACE SecureID authentication server.

Ease of Use

ISA Server Feature Pack 1 includes the following:

• The OWA wizard. With this wizard, you can quickly and easily configure ISA Server to help protect an OWA deployment.
• The RPC filter configuration wizard. With this wizard, you can provide precise access to RPC services on the internal network instead of allowing all RPC traffic.
• A link translator. Some intranet Web pages may include references to internal names for computers. These references may appear as broken links to users on the Internet. Using the link translator, you can create a dictionary of definitions of internal computers that translate to the names of externally available computers, including translating HTTP to HTTPS or HTTPS to HTTP.
• Scenario walk-throughs and troubleshooting documentation. You can use scenario walk-throughs and troubleshooting documentation to easily configure and maintain Exchange Server and IIS deployments.

ISA Server Feature Pack 1 includes three download packages:

• Main Feature Pack Package: The installation file is Isafp1.exe.
• URLScan Package: The installation file is Isafp1ur.exe.
• RSA SecureID Package: The installation file is Isafp1sd.exe.

To download ISA Server Feature Pack 1, visit the following Microsoft Web site:

Previous Fixes Included with Feature Pack 1