• The need for Internet access
• The need for anti-virus and content filtering
• Malicious code on web pages
• Combating harmful scripts at ISA Server level

The Internet is an essential tool for most employees within a company. Online ordering of goods, customer & product research and more make it a requirement for most employees to have HTTP and FTP access at work. Yet, many companies do without Internet access simply because they do not have the right products and in-house know-how to easily manage Internet access as well as secure their network. Microsoft ISA Server, with its unique active directory integration, will change all this.

Microsoft's new ISA Server promises to revolutionise corporate Internet access. Unlike other firewalls to date, ISA Server provides a clear and easy-to-use interface for securing your network, as well as the power to control outbound Internet access. Microsoft's open APIs allow third-party vendors to build on top of this firewall platform, ensuring that the customer enjoys a wide choice of add-on tools and products. Rather than having to implement and manage security tools and products through different interfaces and with diverse concepts, ISA Server now brings all this together in a scalable and extendable security platform.

Once you have deployed ISA Server, it is a good idea to implement additional protection against Web-borne viruses, malicious code in web pages, and files available for download which can include Trojans, viruses, objectionable material and more.

The need for anti-virus and content filtering
Virus contamination is widespread. The Computer Security Institute's "2001 Computer Crime and Security Survey", released in March, reported that 94% of respondents detected computer viruses in 2000. An ICSA survey, issued in October 2000, found that for a typical company, losses in productivity associated with viruses are rising, estimated to cost between $100,000 and $1m per company annually.

Email is currently the top distribution mechanism for the world's most dangerous electronic viruses, such as deadly viruses transported through Word macros (e.g., Melissa), infected attachments (e.g., Love Bug) and commands embedded in HTML mail. However, fast on the trail of email viruses are those contracted through web browsing and HTTP and FTP downloads, some of which do not even require human intervention to be activated. Corporations simply cannot afford to overlook the danger of users encountering infected files or web pages on the Internet.

Malicious code on web pages
While on the web, users might unknowingly download a file that is actually a Trojan or is infected, or worse, they might stumble on a virus that can be triggered simply by visiting a web page that includes hidden malicious code.

Java applets and ActiveX controls are commonplace design tools used to add movement and dimension to web pages to make them more user-friendly. ActiveX controls and Java applets are featured in a number of widely used applications and can perform a variety of valuable tasks. When a user visits a web page that includes Java applets and ActiveX controls, these web applications automatically download to the user's PC cache - and herein lies the danger.

If a hacker secretly inserts malicious code in the Java applets and ActiveX controls, then they can be used to gain unauthorised access to your PC and network, enabling the hacker to access RAM, reformat your hard drive, and read, delete or corrupt files - including confidential or sensitive information. The key issue is that they can do this automatically: Simply visiting a web page that hosts malicious code is enough to set the virus off.

To counteract this, various programs have been created to certify applets and controls, and alert users that they are accessing pages that contain scripting or code. However these programs are not much of a solution, as they do not verify the nature of the code. Besides, it remains the user's responsibility to accept or reject the warning. Most users do not perceive such alerts to be critical - particularly because in most cases, pages with Java applets and ActiveX controls are harmless.

Another possibility is to disable all Java and ActiveX scripts through the corporate firewall - but this is an impractical solution that would result in a diminished experience/use of the Internet.

The ideal solution lies in the scanning of web browsing and downloads at the ISA Server level. One tool that can do this is GFI's LANguard Content Filtering & Anti-virus for ISA Server.

Combating harmful scripts at ISA Server level
LANguard Content Filtering & Anti-virus for ISA Server provides content filtering and anti-virus checking of inbound material at server level. It scans incoming traffic for viruses, Trojans or objectionable material. Using its powerful rules engine, you can define which files you wish to allow users to have. You can also configure LANguard to quarantine file downloads for administrator approval. In addition, LANguard enables you to set rules that can stop unproductive use of the Internet at the workplace.

LANguard was built from the ground up to work with ISA Server. As a result, installation and administration are easy: No dedicated machine or specialized know-how is required and there is no need to change anything to your network configuration. LANguard hooks in ISA Server as an ISAPI extension and can leverage features such as alerts, reporting and so on, that are already found in ISA Server.

LANguard's anti-virus module scans incoming traffic - such as HTTP and FTP files that are being downloaded - and checks them for viruses. Additionally, LANguard automatically downloads virus updates whenever necessary to keep your protective set-up up-to-date.

Working hand in hand with this is LANguard's content filtering module. This allows you to quarantine suspicious file types such as .exe files, zip files and other files that could contain harmful content, including Java applets and ActiveX controls. It is true that you can block all these files at the firewall level, but this would substantially restrict the usefulness of the Internet and therefore employee productivity. Instead, LANguard quarantines the files for review and approval by the administrator. This way, users can still download the files they need, but these can be checked for malicious content before being delivered.

As a further defence, LANguard protects against present and future Word macro viruses. If it detects a Word or Excel attachment that contains a macro, it automatically disables the macro. This means you do not have to worry about users downloading documents that contain Word macros, which could potentially harbour a virus.

LANguard can also prevent unproductive use of the Internet at the workplace by checking for keywords in URLs and web pages to determine whether a site is appropriate or not. LANguard can detect specific keywords in Internet traffic - for example, if a user is reading a web page with a certain keyword, or doing a Search for that keyword. You can also specify combinations of keywords. This allows you to block searches for objectionable material, without having to prevent access to an entire search engine site.

Just as MS Exchange Server revolutionized corporate email, GFI expects that ISA server will do the same for security and corporate Internet access. As a result, LANguard Content Filtering & Anti-virus builds on ISA Server's ability to help organizations protect, accelerate and control their network access by bringing content and virus filtering and Internet access control functions to this new Microsoft platform, resulting in a highly scalable and integrated way of implementing corporate security.