Despite the attention paid toward protecting computers from viruses and spam there is often little attention given to the threat presented by common, everyday web browsing.  When internet access is made available to staff with no restrictions in place it opens up the business to several risks such as:

•    Viruses and other malware downloaded from websites
•    Inappropriate content such as pornography accessed by staff
•    “Cyberslacking”, or wasting time on non-work related websites and instant messaging

GFI WebMonitor for ISA Server solves these problems for business by providing comprehensive security features that can scan file downloads for malware, limit or block access to undesirable websites, and prevent instant messaging communication.  By installing GFI WebMonitor on your Microsoft ISA Server firewall or web proxy you can prevent viruses from getting inside of your network and improve staff productivity.

Read the full tutorial here.

Related posts:

• Review of GFI Backup Business Edition
• GFI MailEssentials Winners
• GFI MailEssentials Giveaway Contest Closes Soon
• Win GFI MailEssentials for Your Business
• Review of GFI MailEssentials

This article GFI Web Monitor Tutorial is © 2009 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

I was drawn to a particular quote in his article about the relative security of ISA Server to other popular firewalls in the context of the number of reported security vulnerabilities for each product.

A quick look at www.secunia.com shows that the ISA Firewall (2004 and 2006) have no active security issues. Compare this with any “hardware” firewall and you will see that the ISA Firewall is more secure than just about any hardware firewall.

There are a lot of firewall appliances out there so I didn’t do an exhaustive search of their stats on Secunia, but I did take a look at the stats for ISA Server, Cisco Pix, and OpenBSD as those are the three firewalls I am most familiar with in my professional life.

ISA Server

Cisco Pix

OpenBSD

I found those numbers to be pretty interesting. It is not unusual to have a customer request that a two-tiered firewall infrastructure be implemented on their environment. Often this means they request that some type of “appliance”, be that a Cisco Pix or some other third party box painted red and given a secure sounding name, be placed between the internet and the ISA Server that we are implementing for them. Sometimes this is based on the principle of defense in depth, whereas other times it is based on a false belief that a product from Microsoft couldn’t possibly be secure. Maybe if they saw the stats above they would think otherwise.

Related posts:

• Well-designed security systems fail gracefully, SonicWALL does not
• Microsoft Exam 70-350: Implementing Microsoft Internet Security and Acceleration (ISA) Server 2004
• Security hole found in OpenBSD
• SSL Certificate Trust Errors for New Thawte Certificates
• How to Configure a Relay Connector for Exchange Server 2010

This article Tom Shinder on “hardware” firewalls is © 2007 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com