Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

ISA and Websense differences

Posted on 2012-03-27
9
Medium Priority
?
1,238 Views
Last Modified: 2012-04-12
Can I ask some real novice management tier questions about the difference between a web filter such as Websense and a proxy server such as ISA server? I understand it’s common you use both, but what does the ISA server actually “do” in terms of staff’s internet access/activity? And what security issues/misconfigurations in ISA server can have an impact on user’s internet access? Please keep answers basic. Would much prefer some comments as opposed to links.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 5

Accepted Solution

by:
abhishek1986 earned 668 total points
ID: 37770522
ISA is internet security and acceleration. It basically has a cache which locally stores webpages and gets output from them in order to attend to request to the users. In case the page is not there in cache, it goes and queries it to give output. It enhances facilities where many users can go to internet with only one ISP.
Websense is more of a dynamic Parent control tool which will block sites intelligently. It keeps on monitoring internet traffic and blocks traffic as per the requirements of the user.
In practical terms, websense works with ISA to be effective.
0
 
LVL 3

Author Comment

by:pma111
ID: 37770566
So if you were doing an audit of ISA, what would you look at?

What ISA risks are there? I.e. what if configured wrong in ISA carries a risk to the users? I cant see what can go wrong.
0
 
LVL 5

Expert Comment

by:abhishek1986
ID: 37770592
If you are looking at something that ISA will not be able to do that Websense can do, it is content filtering. I mean with ISA you can block sites with keywords but that is not that great help as you may not be able to enter all the sites that need to block. But if you are looking for security issues, there are no security threats that ISA will encounter that could have been avoided by Websense. ISA has an in-built firewall too which gives protection.
In terms of auditing, what is the criteria that need to be fulfilled? I don't think that there are any direct or indirect threats to the network or users, but if some QOS policies are needed or stuff like that then there may be a need of something else.
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 3

Author Comment

by:pma111
ID: 37770611
>In terms of auditing, what is the criteria that need to be fulfilled?

Just general best practice security config and management of ISA
0
 
LVL 14

Assisted Solution

by:Ehab Salem
Ehab Salem earned 668 total points
ID: 37770774
I think that the question Why use Websense with ISA is obvious: ISA does not filter by categories (News, sports, streaming, Adult,...). If you want to filter web access ISA will not do it at all.
The other question is why use ISA with Websense. Well, Websense will filter internet access but will not provide users with internet access, i.e. without ISA there will be no internet at all.
To make things clear: for a user/computer to access internet from a corp LAN, it has to go thru a proxy or firewall. ISA is both a proxy and a firewall.
So basically: ISA gives internet access and Websense controls this access.
ISA as a firewall also must be secured to prevent intruders from gaining access to your LAN.
Finally: ISA protects your network from outside, controls access of network ports, and Websense controls internet by Categories.

ISA also integrates with active directory which faciliates Websense configuration.

Auditing ISA depends much on your company's requirements.
0
 
LVL 5

Expert Comment

by:abhishek1986
ID: 37770798
That is again dependent on your company policies. There are organizations that do not use Websense. Just ISA is good enough for them. There are others that use websense or related software which is mainly for enhancement. So it all boils down to what standards have been set that are required to achieve for auditing.
0
 
LVL 3

Author Comment

by:pma111
ID: 37771793
But there are no general best practice guides for either? Ie best practices that everyone should adhere to. Like a benchmark.
0
 
LVL 5

Expert Comment

by:abhishek1986
ID: 37771867
That is the point. There are no such guidelines. So for auditing purpose, there must be some guidelines for your company. If not all is well and good. Else you will have to follow them. There are never guidelines regarding using of software, only about maintaining network and data security and I don't think that websense will help you in that any way that ISA won't do.
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 664 total points
ID: 37773051
ISA Server is a full blown layer 3 - layer 7 firewall, proxy and cache server and an application gateway. It was build from the ground up to do this role but it is down to the administrator to create the allowed/denied groups either as specific url/domain sets or to import pre-created lists which you can acquire from varous sources. Websense provides a plug-in for ISA that undertakes the automation and provision of URL categories plus their updating. Combined, it is a good set.

ISA is no longer a supported product and has been replaced by Forefront TMG 2010 - which now has the categories and sets built into removing the need for Websense.

The normal rule of thuumb is that there should be no access to the Internet from the internal network unless it is required and the same for blocking, by default, any traffic coming from the Internet to the internal networks unless their is a business requirement - balanced by a security rating.

There is a significant difference between documenting a security perimeter and auditing one. To document it requires literally checking every rule and device and documenting the settings, configuration and impact of each device and rule. Auditing (as mentioned above) is validating the installed environment against a documented set of requirements - generally an IT security policy plus a list of business or service requirements. Further, it could be that you need to undertake a penetration test to identify some of the open access points.

Keith
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question