Solved

ISA and Websense differences

Posted on 2012-03-27
9
1,195 Views
Last Modified: 2012-04-12
Can I ask some real novice management tier questions about the difference between a web filter such as Websense and a proxy server such as ISA server? I understand it’s common you use both, but what does the ISA server actually “do” in terms of staff’s internet access/activity? And what security issues/misconfigurations in ISA server can have an impact on user’s internet access? Please keep answers basic. Would much prefer some comments as opposed to links.
0
Comment
Question by:pma111
9 Comments
 
LVL 5

Accepted Solution

by:
abhishek1986 earned 167 total points
ID: 37770522
ISA is internet security and acceleration. It basically has a cache which locally stores webpages and gets output from them in order to attend to request to the users. In case the page is not there in cache, it goes and queries it to give output. It enhances facilities where many users can go to internet with only one ISP.
Websense is more of a dynamic Parent control tool which will block sites intelligently. It keeps on monitoring internet traffic and blocks traffic as per the requirements of the user.
In practical terms, websense works with ISA to be effective.
0
 
LVL 3

Author Comment

by:pma111
ID: 37770566
So if you were doing an audit of ISA, what would you look at?

What ISA risks are there? I.e. what if configured wrong in ISA carries a risk to the users? I cant see what can go wrong.
0
 
LVL 5

Expert Comment

by:abhishek1986
ID: 37770592
If you are looking at something that ISA will not be able to do that Websense can do, it is content filtering. I mean with ISA you can block sites with keywords but that is not that great help as you may not be able to enter all the sites that need to block. But if you are looking for security issues, there are no security threats that ISA will encounter that could have been avoided by Websense. ISA has an in-built firewall too which gives protection.
In terms of auditing, what is the criteria that need to be fulfilled? I don't think that there are any direct or indirect threats to the network or users, but if some QOS policies are needed or stuff like that then there may be a need of something else.
0
 
LVL 3

Author Comment

by:pma111
ID: 37770611
>In terms of auditing, what is the criteria that need to be fulfilled?

Just general best practice security config and management of ISA
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 14

Assisted Solution

by:Ehab Salem
Ehab Salem earned 167 total points
ID: 37770774
I think that the question Why use Websense with ISA is obvious: ISA does not filter by categories (News, sports, streaming, Adult,...). If you want to filter web access ISA will not do it at all.
The other question is why use ISA with Websense. Well, Websense will filter internet access but will not provide users with internet access, i.e. without ISA there will be no internet at all.
To make things clear: for a user/computer to access internet from a corp LAN, it has to go thru a proxy or firewall. ISA is both a proxy and a firewall.
So basically: ISA gives internet access and Websense controls this access.
ISA as a firewall also must be secured to prevent intruders from gaining access to your LAN.
Finally: ISA protects your network from outside, controls access of network ports, and Websense controls internet by Categories.

ISA also integrates with active directory which faciliates Websense configuration.

Auditing ISA depends much on your company's requirements.
0
 
LVL 5

Expert Comment

by:abhishek1986
ID: 37770798
That is again dependent on your company policies. There are organizations that do not use Websense. Just ISA is good enough for them. There are others that use websense or related software which is mainly for enhancement. So it all boils down to what standards have been set that are required to achieve for auditing.
0
 
LVL 3

Author Comment

by:pma111
ID: 37771793
But there are no general best practice guides for either? Ie best practices that everyone should adhere to. Like a benchmark.
0
 
LVL 5

Expert Comment

by:abhishek1986
ID: 37771867
That is the point. There are no such guidelines. So for auditing purpose, there must be some guidelines for your company. If not all is well and good. Else you will have to follow them. There are never guidelines regarding using of software, only about maintaining network and data security and I don't think that websense will help you in that any way that ISA won't do.
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 166 total points
ID: 37773051
ISA Server is a full blown layer 3 - layer 7 firewall, proxy and cache server and an application gateway. It was build from the ground up to do this role but it is down to the administrator to create the allowed/denied groups either as specific url/domain sets or to import pre-created lists which you can acquire from varous sources. Websense provides a plug-in for ISA that undertakes the automation and provision of URL categories plus their updating. Combined, it is a good set.

ISA is no longer a supported product and has been replaced by Forefront TMG 2010 - which now has the categories and sets built into removing the need for Websense.

The normal rule of thuumb is that there should be no access to the Internet from the internal network unless it is required and the same for blocking, by default, any traffic coming from the Internet to the internal networks unless their is a business requirement - balanced by a security rating.

There is a significant difference between documenting a security perimeter and auditing one. To document it requires literally checking every rule and device and documenting the settings, configuration and impact of each device and rule. Auditing (as mentioned above) is validating the installed environment against a documented set of requirements - generally an IT security policy plus a list of business or service requirements. Further, it could be that you need to undertake a penetration test to identify some of the open access points.

Keith
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now