ISA Webpub - How secure?

[rubbaninja]

did a free Qualys scan on an IP address that I am publishing to the Internet and it found several vulnerabilities on the internal web server itself.
Is this supposed to happen?
How does the ISA server publishing scan for attacks from the Internet?
Is it as good as a Veliciraptor (Application layer firewall)?
Is it a real Application firewall?
Is it vulnerable to all the MS w2k server vulnerabilities?
I am not satisfied this product is giving me adequate security for Interenet publishing.

 

[joeb1kenobe]

ISA is not an application layer firewall. It is a nice stateful firewall but does not have any IDS capibilities. When you publish a website, It is the same as having that server on the internet. The ISA server uses NAT to hide the internal address, but allows all data to come in the to open port. For example...

If you publish OWA behind an ISA server on port 80. If the OWA web server did not have any patches, then someone could send a xss attack through the ISA server.

I believe this information to be correct, although, I have been know to be wrong on occasion. ;-)

 

[jcneil1]

If you install feature pack 1 with service pack 1 on ISA you can use the urlscan to publish your webserver and it can detect malicious code coming into your webserver and deny access. check it out at

http://www.microsoft.com/technet/tr...docs/en-us/urlscan/html/VP_URLScanDefault.asp

 

[rubbaninja]

Thanks for the information