Microsoft Internet Security and Acceleration (ISA) Server 2004 Unleashed

Electronic mail systems were originally designed without a great deal of security in mind, and were essentially a convenient way to send messages from one system to another through a common medium. Eventually, however, messaging systems become a common target for hacking and exploit attempts, and organizations were forced to make a decision between opening up a messaging system to increased security threats, or closing it down and sacrificing the increased productivity that remote access could provide them.

Some of the original designs for allowing access did not necessarily take security in mind, and they subsequently suffered from security breaches and attacks. During the time that messaging was not of large consequence, this may have been brushed off, but modern communications require a high degree of confidentiality and accountability, which these platforms did not provide. Indeed, auditors and governmental regulations such as HIPAA, Sarbanes-Oxley, and others stipulated that these methods of remote access be secured or shut down, which many were, greatly affecting productivity.

Weighing the Need to Communicate Versus the Need to Secure

The security versus productivity realities of modern messaging provided the backdrop to the development of ISA Server 2004's security capabilities. These capabilities enable many organizations to provide for secured, auditable access to their messaging environments. This helps to satisfy the governmental and industry compliance concerns that plagued some of the past messaging access methods.

Outlining ISA Server 2004's Messaging Security Mechanisms

As a backdrop to these developments, ISA Server 2004 was designed with messaging security in mind. A great degree of functionality was developed to address email access and communications, with particularly tight integration with Microsoft Exchange Server built in. To illustrate, ISA Server 2004 supports securing the following messaging protocols and access methods:

  • Simple Mail Transport Protocol (SMTP)

  • Message Application Programming Interface (MAPI)

  • Post Office Protocol (POP3)

  • Internet Message Access Protocol (IMAP4)

  • Microsoft Exchange Outlook Web Access (OWA,) with or without Forms-Based Authentication (FBA)

  • Microsoft Exchange Outlook Mobile Access (OMA)

  • Exchange ActiveSync

  • Remote Procedure Call over Hypertext Transfer Protocol (RPC over HTTP/HTTPS), also called Exchange over HTTP

  • Third-party web-based mail access using Hypertext Transfer Protocol and/or Secure Sockets Layer (SSL) encryption

Securing each of these types of messaging access methods and protocols is detailed in subsequent sections of this chapter. For web-related mail access with OMA and ActiveSync, it may be wise to review Chapter 12; this chapter deals with integrating OMA and ActiveSync with existing OWA deployments.

    Категории