Search This Blog

Wednesday, December 18, 2013

ISAserver.org - Monthly Newsletter - December 2013

ISAserver.org - Monthly Newsletter - December 2013

Hi Security World,

Welcome to the ISAserver.org newsletter by Debra Littlejohn Shinder <http://www.isaserver.org/Deb_Shinder/>, MVP. Each month we will bring you interesting and helpful information on ISA Server. We want to know what all *you* are interested in hearing about.

1. Farewell to ISAserver.org Newsletter: Reflecting on the End of an Era
--------------------------------------------------------------------------

Back in the late 1990s, Tom and I made a decision that would change our lives in ways we could never have predicted. We had already both made huge mid-life career changes. Tom had left his medical practice and I had given up my police badge so we could launch an IT consulting business. Computers and networking were our passion and we wanted to work, together, to build a company where we could do what we loved doing.

We started as generalists supporting Windows NT networks, but just as in medicine the best opportunities are for specialists, in the IT field it seemed those who were considered experts in a particular technology had the best chance for success. At that time, we both needed to pass one more (elective) exam to earn our MCSEs. We picked Microsoft Proxy Server and our course was set.

The choice didn't really come to fruition, though, until the new millennium, when Microsoft released the successor to Proxy Server 2.0 with the somewhat unwieldy name of Microsoft Internet Security and Acceleration Server. It soon became affectionately known as ISA and the name change was fitting because it was much more than just a proxy server. ISA Server 2000 was Microsoft's entry into the enterprise firewall market, and it became a successful contender against formidable competitors such as Cisco and Check Point.

Tom and I liked it so much, we decided to write a book about it. We had already written a few books on general networking topics that were moderate sellers. Our Configuring ISA Server 2000 was published by Syngress and to our surprise, rose to a low double digit ranking on Amazon. It also brought in a surprising amount of money in royalties. But more important, it led to much better things â€" including our relationship with the wonderful folks at TechGenix who publish this newsletter.

We started writing for ISAserver.org and in 2002, Tom took over editing and providing the content for this newsletter, along with blog posts and articles and the gradual building of an ISA community here. He held that position until the end of 2009, when he finally decided that resistance was futile and was assimilated by Microsoft as a full time employee. I took over his work here in December of that year, around the same time ISA morphed into Forefront Threat Management Gateway (TMG) 2010.

During those years, I heard from many IT pros who were deploying TMG in their networks, as well as those who were still running various versions of ISA. It didn't dominate the firewall market, but it was generally very popular with those who were using it.

However, soon after TMG's release, Microsoft changed its focus. Going "all in" with the cloud and pressured by industry-wide predictions that the PC was on its way out in the wake of rising popularity of Apple and Android tablets, Microsoft decided to remake itself as a "devices and services" company. Unfortunately, TMG didn't really fit into either of those categories.

The handwriting was on the wall, but naturally steadfast ISA/TMG fans didn't want to see it. As Microsoft began to prune its product slate, many held out hope that TMG would escape the axe. We didn't get lucky. In September 2012, Microsoft announced that they were discontinuing development on the product and it would no longer be available for purchase in 2013. Thus began a long year, for ISA/TMG users, of planning for the time when Microsoft would inevitably end support and we would have to find a replacement for our beloved TMG.

Microsoft has promised extended support until 2020 (mainstream support ends in 2015) for TMG, and extended support for ISA 2006 until 2017, but with no new development and the end clearly in sight even if it's several years away, enthusiasm for ISA/TMG has understandably waned.

And that brings us to the sad news I have to deliver in today's editorial: as this year ends, so does the ISAServer.org newsletter. This will be our last edition. Much as I hated to hear it, the decision makes sense. There just isn't much "news" about ISA Server or TMG these days. The advertisers who support this publication are moving on. It's time to make way for new projects, and a new year is an apt time for new beginnings.

This doesn't mean the ISAServer.org site is going away now. For the time being, we'll still be publishing articles and the blog will stay active. It also doesn't mean I'll be producing any less content â€" it just means the subject matter of some of that content will be different. We invite you join us on a brand new site: CloudComputingAdmin.com, where we'll be addressing all things cloud. I've started an article series there that gives some comprehensive advice on selecting a cloud provider, and we'll be talking about public cloud, private cloud, hybrid cloud and how to deploy and manage the components within your own cloud.

Change is part of the circle of life, and my family is honored and happy to have had the ISAserver.org newsletter as part of our lives for all these years. And I have to say we could never have done all we've done without our good friends at ISAserver.org (including fellow authors who contributed so) and TechGenix and within the ISA/TMG firewall community. The fantastic folks at ISAserver.org gave us our first break into the world of "Web Publishing 2.0" back when we were based primarily in the print world, and also helped us get the word out on our ISA 2000 book. Those were exciting and fast paced days! Thanks to everyone who made this such a great ride. I started to name names and then realized there are so many, it would double the length of the newsletter (plus, I don't want to risk leaving anyone out). You know who you are. :-)

Thanks! â€"Deb.

dshinder@isaserver.org

----------------------------------------------------------------------------------------
Quote of the Month - Don't cry because it’s over, smile because it happened. â€" Dr. Seuss
----------------------------------------------------------------------------------------

2. ISA Server 2006 Migration Guide - Order Today!
---------------------------------------------------

Dr. Tom Shinder's best selling books on ISA Server 2000 and 2004 were the "ISA Firewall Bibles" for thousands of ISA Firewall administrators. Dr. Tom and his illustrious team of ISA Firewall experts now present to you , ISA Server 2006 Migration Guide. This book leverages the over two years of experience Tom and his team of ISA Firewall experts have had with ISA 2006, from beta to RTM and all the versions and builds in between. They've logged literally 1000's of flight hours with ISA 2006 and they have shared the Good, the Great, the Bad and the Ugly of ISA 2006 with their no holds barred coverage of Microsoft's state of the art stateful packet and application layer inspection firewall..

Order your copy of ISA Server 2006 Migration Guide. You'll be glad you did.

Click here to Order your copy today <http://www.amazon.com/exec/obidos/ASIN/1597491993/isaserver1-20/>

3. ISAserver.org Learning Zone Articles of Interest
-----------------------------------------------------

1. Considerations for the TMG Firewall in Supporting Services (Part 1)
<http://www.isaserver.org/articles-tutorials/configuration-general/considerations-tmg-firewall-supporting-services-part1.html>

2. Forefront UAG authentication options
<http://www.isaserver.org/articles-tutorials/configuration-general/forefront-uag-authentication-options.html>

3. TMG and UAG Network Topologies
<http://www.isaserver.org/articles-tutorials/general/tmg-and-uag-network-topologies.html>

4. Configure Windows Azure Multi-Factor Authentication with Forefront Threat Management Gateway (TMG) 2010
<http://www.isaserver.org/articles-tutorials/configuration-security/configure-windows-azure-multi-factor-authentication-forefront-threat-management-gateway-tmg-2010.html>


4. ISA/TMG/UAG Content of the Month
------------------------------------

The TMG firewall is a Swiss Army Knife of firewalls and that's one of the great things about it. It can do so many things, sometimes you lose track of all the things that it can do. Sure, we think about how it can be a firewall for outbound access, for inbound access, for remote access VPN connections and site to site VPN connections, and web proxy activities. But what about a filtering SMTP gateway? Didn't know about that one? Surprise! The TMG firewall can be an inbound and outbound SMTP gateway. It can do spam and virus filtering just like the bigger boys. While most of this functionality is built right into the Exchange Server these days, if you don't have Exchange or if you're using an older version of Exchange, then this feature might be a big help.

Check out TechNet for more information on this capability over at <http://technet.microsoft.com/en-us/library/dd441084.aspx>

5. Tip of the Month
----------------------

If you're running your TMG firewalls on physical hardware, the best thing that you can do is move it to a virtual machine. Since the TMG firewall is a stateless service, it's the ideal application to put into a virtual machine. I was an early adopter of virtualization and I remember using the very early versions (even beta versions prior to the first release) of VMware. I did almost all of my testing for ISA 2000 scenarios in virtual machines, although I had a lot of ISA 2000 boxes (and ISA 2004, ISA 2006 and TMG) that were running on production hardware too. If you plan on virtualizing your TMG firewalls, you can choose between VMware or Hyper-V (and it might work on other virtualization platforms, too, but I haven't tried that). Just keep in mind when you virtualize the TMG firewall, you need to put it on a physical server that belongs to the same security zone as the firewall itself. While it's unlikely that there will be any "hypervisor jumping" the physical machine might be compromised â€" so keep that in mind when redeploying your TMG firewalls into a virtual environment.

6. ISA/TMG/IAG/UAG Link of the Month
--------------------------------------

Since this is our farewell edition of the newsletter, I wanted to share with the community a blast from the past. While the era of ISA 2000 was a great and exciting time for our favorite firewall, where there were dozens of ISV offerings for the great firewall, the ISA firewall finally became an "adult" when the ISA 2004 release went RTM. That was also a great time and just about everyone thought that the ISA 2004 firewall was going to take a big chunk out of the Check Point software firewall space. It was a fantastic time for writing ISA firewall books, too. I did a Bing search today and found a book that Tom and I wrote during the heyday of ISA that I had almost forgotten about! The title of the book is "How to Cheat at Configuring ISA Server 2004". I can't claim the credit for coming up with the name â€" it was part of a larger brand our publisher was pushing at the time â€" but it did make it stand out in a crowd. You can find a historical reference to the book here: <http://www.powells.com/biblio/9780080488950>


7. Blog Posts
-----------------

- DirectAccess Security Issues
<http://www.isaserver.org/blogs/shinder/directaccess-security-issues.html>

- Automatically Configure UAG with AutoIT
<http://www.isaserver.org/blogs/shinder/automatically-configure-uag-autoit.html>

- Configuring Back to Back TMG Firewalls
<http://www.isaserver.org/blogs/shinder/configuring-back-back-tmg-firewalls.html>

- Publishing SharePoint with the TMG Firewall
<http://www.isaserver.org/blogs/shinder/publishing-sharepoint-tmg-firewall.html>

- Issues with Corrupt Web Proxy Cache
<http://www.isaserver.org/blogs/shinder/issues-corrupt-web-proxy-cache.html>

- DNS Name Resolution Issues with TMG
<http://www.isaserver.org/blogs/shinder/dns-name-resolution-issues-tmg.html>

- Edge Security in a Post-TMG Firewall World
<http://www.isaserver.org/blogs/shinder/edge-security-post-tmg-firewall-world.html>

- It's not too late to move from TMG to UAG
<http://www.isaserver.org/blogs/shinder/its-not-too-late-move-tmg-uag.html>

- Azure Multifactor Authentication and the TMG Firewall
<http://www.isaserver.org/blogs/shinder/azure-multifactor-authentication-and-tmg-firewall.html>

- DirectAccess Fun at TechEd 2014
<http://www.isaserver.org/blogs/shinder/directaccess-fun-teched-2014.html>


8. Ask Sgt Deb
-----------------

QUESTION:

Hey Deb,

I want to thank you and Tom for the help you've given the ISA and TMG firewall community over the years. I started with Proxy 2.0 and met both of you at various TechEd's over the years. I'm just curious as to what you folks might be doing in the future. Are you going to stay in the firewall space and talk about other software firewalls? Are you going to do something completely new, like maybe getting into Linux? I'd like to know so that I can keep on following you guys â€" you do great work and I always enjoy what you write.

Thanks! â€"Leslie T.

ANSWER:

Hi Leslie,

Thanks for the kind words about our work. The ISA and TMG firewall work we've done over the last decade was a real passion for us and a significant labor of love. Tom now works for Microsoft and his role has changed a bit. His audience was mostly the IT implementer when he was doing his Windows Server and ISA/TMG work. Now he does more IT architecture based work, and his primary focus is cloud architecture â€" especially hybrid cloud architecture. You can see an example of his work over at <http://blogs.technet.com/b/cloudsolutions/archive/2013/08/22/hybrid-it-infrastructure-solution-for-enterprise-it-overview.aspx>. He also spends a lot more time in meetings and developing his leadership and management skills.

As for me, I'm doing a lot of things. I will continue to write for both TechGenix and GFI, as well as my own tech blog at <http://debshinder.wordpress.com>. I'm really looking forward to writing for the new <http://www.CloudComputingAdmin.com> site. I think cloud computing is the next big thing, and I'm enthusiastic about sharing the numerous possibilities with everyone. Tom works in the cloud computing space at Microsoft, and he's hoping that Microsoft will allow him write some "insider" articles about Microsoft cloud architectures and strategies for the site, too. This might be a new wild ride for us, and looking forward to sharing this ride with everyone!

On a more personal note, I've started doing more traveling. I'm excited about cruises to the Caribbean and Alaska that I have scheduled for the next year. I'm considering branching out to write about travel and other non-techie topics, as well â€" although I suspect there will always be a technology spin to what I write. As for getting into Linux, well, I never say "never." Those who read my more consumer-oriented content on TechRepublic and my blog know that I'm a big fan of Android phones (to Tom's chagrin). Anything could happen.




ISAserver.org Sections
-----------------------------------------------------------------
- Articles & Tutorials (http://www.isaserver.org/articles-tutorials/)
- Products (http://www.isaserver.org/software/)
- Reviews (http://www.isaserver.org/articles-tutorials/product-reviews/)
- Free Tools (http://www.isaserver.org/software/Free-Tools/)
- Blogs (http://www.isaserver.org/blogs/)
- Forums (http://forums.isaserver.org/)
- Contact Us (http://www.isaserver.org/pages/contact-us.html)



Techgenix Sites
-----------------------------------------------------------------
- MSExchange.org (http://www.msexchange.org/)
- WindowsNetworking.com (http://www.windowsnetworking.com/)
- WindowSecurity.com (http://www.windowsecurity.com/)
- VirtualizationAdmin.com (http://www.virtualizationadmin.com/)
- CloudComputingAdmin.com (http://www.cloudcomputingadmin.com/)
- WServerNews.com (http://www.wservernews.com/)


--
Visit the Subscription Management (http://www.techgenix.com/newsletter/) section to unsubscribe.
ISAserver.org is in no way affiliated with Microsoft Corp.
For sponsorship information, contact us at advertising@ISAserver.org
Copyright ISAserver.org 2013. All rights reserved.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)