Re: ISA Server for Microsoft Exchange

["Rowe, Ken" <kenrowe () UILLINOIS EDU>]

ISA is the Microsoft application-level firewall that enforces a
black-listing approach to block access to inappropriate sites. This can
help protect Microsoft Exchange users from phishing attacks if they
click on embedded links. However, since it is black-list based, the
sites have to be explicitly denied. I think this is a problematic
solution for an academic environment. It works fine for banks with
strong controls and restrictions. Note that it is very difficult to
audit the rules on the ISA appliance; you need to painstakingly walk
through every configuration screen (or dump it as a 700-page XML
printout). Please feel free to contact me directly if you need
additional information.

Ken.

Ken Rowe
Director of Enterprise Systems Assurance and Information Security
University Office of Administrative Information Technology Services
University of Illinois
50 Gerty Drive, MC-673
Champaign, IL 61820
E kenrowe () uillinois edu
O 217.265.0415
C 217.778.7693
F 217.333.6991
________________________________________
From: The EDUCAUSE Security Constituent Group Listserv
[SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Connie Sadler
[csadler11 () GMAIL COM]
Sent: Wednesday, October 22, 2008 5:11 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] ISA Server for Microsoft Exchange

I am told that we need an ISA Server for Microsoft Exchange. I am asking
for the Reader's Digest condensed "english" explanation, but I am having
a hard time getting it.  :)  Can anyone here offer an explanation that
will help me to create a business case for this - for a non-technical
audience? There is a lot of info on the web, but nothing pops out as
useful. I need a translation from techno-speak to executive business
need.

Thanks!

Connie Sadler
CISO, Lucile Packard Children's Hospital at Stanford