ISAServer.org has published a guide for creating an ISA reports web server. It is a quick and easy solution to making the reports available to managers and other interested parties.
For my ISA Server deployments I like to take it a step further and use a little ASP code to generate some nicer looking tables that are a more visually appealing than the IIS directory browsing view. Just follow the instructions from ISAServer.org, and then drop the ASP file into the same web folder on the IIS server. You may also need to enable the Active Server Pages web extension for the IIS server.
The report page will look something like this.
Download the ISA Reports ASP Code
Tom Shinder of ISAServer.org takes an amusing shot at the myth in some circles that a “hardware” firewall or “firewall appliance” offers more security than a Microsoft ISA Server firewall.
I was drawn to a particular quote in his article about the relative security of ISA Server to other popular firewalls in the context of the number of reported security vulnerabilities for each product.
A quick look at www.secunia.com shows that the ISA Firewall (2004 and 2006) have no active security issues. Compare this with any “hardware” firewall and you will see that the ISA Firewall is more secure than just about any hardware firewall.
There are a lot of firewall appliances out there so I didn’t do an exhaustive search of their stats on Secunia, but I did take a look at the stats for ISA Server, Cisco Pix, and OpenBSD as those are the three firewalls I am most familiar with in my professional life.
ISA Server
Cisco Pix
OpenBSD
I found those numbers to be pretty interesting. It is not unusual to have a customer request that a two-tiered firewall infrastructure be implemented on their environment. Often this means they request that some type of “appliance”, be that a Cisco Pix or some other third party box painted red and given a secure sounding name, be placed between the internet and the ISA Server that we are implementing for them. Sometimes this is based on the principle of defense in depth, whereas other times it is based on a false belief that a product from Microsoft couldn’t possibly be secure. Maybe if they saw the stats above they would think otherwise.
This morning I sat the Microsoft certification exam 70-350 for ISA Server 2004. I’d been putting this one off for a while, having already worked through the Microsoft Press training guide, a lot of whitepapers, and worked with the product for a lot of different customers over the last couple of years. I passed the exam with plenty of room to spare.
Someone gave me the tip that the exam is not particularly difficult. I tend to agree, but that would largely have to do with all of the work and study I’ve put into it beforehand. ISA Server 2004 is a great product, and the new versions are excellent too. The biggest hurdles in understanding it seem to be early on when you first start using it.
If you’re looking to do some training on ISA Server 2004 with the goal of certifying then I would strongly recommend the Microsoft Press training guide. The books contents will thoroughly prepare you for the exam provided you work through the material properly and don’t skimp on the practical exercises or review questions.
You can also make use of the extensive ISA 2004 Technical Library on the Microsoft website. The documentation there could be used for all of your training instead of using the training guide, but won’t take you through the subject in the same fashion. However it does make for excellent complimentary material for your training and for your real world work with the product.
I would give you tips on which areas to focus on but really the exam questions I faced pretty well broadly covered the entire product. There was no particular areas to focus on to the exclusion of others. I would certainly recommend though that you do not sit the exam until you are thoroughly familiar with fundamental networking concepts such as subnetting and routing, and with the ISA Server 2004 networking model.
