Microsoft gets serious about security

Sweeping a questionable record on computer security under the carpet, Microsoft announced its first major security solution Thursday: the Internet Security and Acceleration (ISA) Server, an enterprise firewall and Web cache.

By taking the plunge into computer security, the software firm is opening itself up to questions about its security reputation. Microsoft's own corporate network was compromised in October of last year prompting security experts to question the security of the corporate giant.

The company's Web sites disappeared earlier this month following technical difficulties with its DNS (Domain Name System) servers, before again being driven offline by a denial of service (DoS) attack launched by malicious computer hackers.

One security expert welcomes Microsoft's new-found enthusiasm for security. "It's nice to see Microsoft taking security more seriously than people may have perceived them to have in the past," says Tom Watson, senior security auditor with Swedish computer security firm Defcom. "It can only be good."

Gunter Ollmann, principle consultant with Internet Security Systems (ISS), says that other Microsoft products, including its range of Web proxies -- which are used to connect Windows NT systems to the Internet -- have a relatively good security reputation.

Watson is concerned, however, that Microsoft, with its broad range of corporate software solutions, should take a responsible attitude towards security in general. "It's very important not to neglect other aspects of security," he says.

Firewalls control the access to a network by blocking and permitting different traffic. They can protect against known vulnerabilities and block off easy points of access for a malicious hacker. Microsoft's ISA Server is built on a packet-inspection engine capable of monitoring network traffic and blocking those packets that appear suspect.

Microsoft says that the ISA Server is the product of three years research and has been subjected to extensive beta testing and security auditing. "We built ISA Server from the ground up as an enterprise firewall to demonstrate our commitment to secure computing and to our customers," said Mark Buckley, ISA Server product manager at Microsoft UK.

Microsoft is also keen to point out that the firewall has received industry certification, courtesy of ICSA Labs. Joel Scambray, co-author of the best-selling Internet security book Hacking Exposed, says that this is an important step towards acceptance.

"Certification is a gateway feature for many companies considering a firewall, and now ISA Server has entered that select club. That's on top of the other benefits that the product brings to the market," says Scambray.

Is your PC safe? Find out at the Hackers News Special

Take me to ZDNet's Small Business Special.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the ZDNet News forum.

Let the editors know what you think in the Mailroom. And read other letters.