ISA and Websense differences

Can I ask some real novice management tier questions about the difference between a web filter such as Websense and a proxy server such as ISA server? I understand it’s common you use both, but what does the ISA server actually “do” in terms of staff’s internet access/activity? And what security issues/misconfigurations in ISA server can have an impact on user’s internet access? Please keep answers basic. Would much prefer some comments as opposed to links.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ISA is internet security and acceleration. It basically has a cache which locally stores webpages and gets output from them in order to attend to request to the users. In case the page is not there in cache, it goes and queries it to give output. It enhances facilities where many users can go to internet with only one ISP.
Websense is more of a dynamic Parent control tool which will block sites intelligently. It keeps on monitoring internet traffic and blocks traffic as per the requirements of the user.
In practical terms, websense works with ISA to be effective.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pma111Author Commented:
So if you were doing an audit of ISA, what would you look at?

What ISA risks are there? I.e. what if configured wrong in ISA carries a risk to the users? I cant see what can go wrong.
If you are looking at something that ISA will not be able to do that Websense can do, it is content filtering. I mean with ISA you can block sites with keywords but that is not that great help as you may not be able to enter all the sites that need to block. But if you are looking for security issues, there are no security threats that ISA will encounter that could have been avoided by Websense. ISA has an in-built firewall too which gives protection.
In terms of auditing, what is the criteria that need to be fulfilled? I don't think that there are any direct or indirect threats to the network or users, but if some QOS policies are needed or stuff like that then there may be a need of something else.
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

pma111Author Commented:
>In terms of auditing, what is the criteria that need to be fulfilled?

Just general best practice security config and management of ISA
Ehab SalemIT ManagerCommented:
I think that the question Why use Websense with ISA is obvious: ISA does not filter by categories (News, sports, streaming, Adult,...). If you want to filter web access ISA will not do it at all.
The other question is why use ISA with Websense. Well, Websense will filter internet access but will not provide users with internet access, i.e. without ISA there will be no internet at all.
To make things clear: for a user/computer to access internet from a corp LAN, it has to go thru a proxy or firewall. ISA is both a proxy and a firewall.
So basically: ISA gives internet access and Websense controls this access.
ISA as a firewall also must be secured to prevent intruders from gaining access to your LAN.
Finally: ISA protects your network from outside, controls access of network ports, and Websense controls internet by Categories.

ISA also integrates with active directory which faciliates Websense configuration.

Auditing ISA depends much on your company's requirements.
That is again dependent on your company policies. There are organizations that do not use Websense. Just ISA is good enough for them. There are others that use websense or related software which is mainly for enhancement. So it all boils down to what standards have been set that are required to achieve for auditing.
pma111Author Commented:
But there are no general best practice guides for either? Ie best practices that everyone should adhere to. Like a benchmark.
That is the point. There are no such guidelines. So for auditing purpose, there must be some guidelines for your company. If not all is well and good. Else you will have to follow them. There are never guidelines regarding using of software, only about maintaining network and data security and I don't think that websense will help you in that any way that ISA won't do.
Keith AlabasterEnterprise ArchitectCommented:
ISA Server is a full blown layer 3 - layer 7 firewall, proxy and cache server and an application gateway. It was build from the ground up to do this role but it is down to the administrator to create the allowed/denied groups either as specific url/domain sets or to import pre-created lists which you can acquire from varous sources. Websense provides a plug-in for ISA that undertakes the automation and provision of URL categories plus their updating. Combined, it is a good set.

ISA is no longer a supported product and has been replaced by Forefront TMG 2010 - which now has the categories and sets built into removing the need for Websense.

The normal rule of thuumb is that there should be no access to the Internet from the internal network unless it is required and the same for blocking, by default, any traffic coming from the Internet to the internal networks unless their is a business requirement - balanced by a security rating.

There is a significant difference between documenting a security perimeter and auditing one. To document it requires literally checking every rule and device and documenting the settings, configuration and impact of each device and rule. Auditing (as mentioned above) is validating the installed environment against a documented set of requirements - generally an IT security policy plus a list of business or service requirements. Further, it could be that you need to undertake a penetration test to identify some of the open access points.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.