Key IT Administrator Concerns | ISA Server 2006 Provides | IAG 2007 Provides |
|---|
Control Access | | |
Users (employees, partners and customers) need simple browser-based access to business-critical applications and data, without creating multiple logins and increasing my risk from password leaks. | Smooth user experience for published Web applications, document libraries, and content with single sign-on and automatic link translation help ensure secure and consistent access. | Simplified user experience with an easy to use, customizable SSL VPN portal defined by user identity, including multiple portal configurations. Single sign-on to multiple and custom directories (with integrated password management) and strong/two-factor authentication (such as SecurID and X.509) helps reduce the threat of password attacks. |
Need to enforce policy and enhance IT asset control, and make better use of Active Directory-based authentication while enabling a wide array of different access devices. | Enhanced multi-factor authentication (smartcards, one-time passwords), flexible integration with Microsoft Windows Server Active Directory (lightweight directory access protocol [LDAP] authentication support), and customizable forms-based pre-authentication for almost any Web application and client device, increasing security and deployment flexibility for Web application servers throughout the organization. | Microsoft Windows Active Directory integration, with full support for LDAP and RADIUS. IAG can also combine authentication against one repository (such as RSA SecurID) with authorization data from another (such as Active Directory). |
Business rules dictate stronger authentication methods for servers. Mobile users often connect and then walk away without logging off. | Compatability with your existing authentication infrastructure through enhanced authentication delegation (including NT LAN Manager [NTLM], Kerberos, and SecurID), and provides more access control with improved session management that detects non-user traffic through automatic idle-based timeouts. | Custom authentication schemas enable tight access security while allowing users to enter all credentials on the same page. Multi-factor custom forms and script support includes X.509 client certificates and smartcards, as well as two-factor authentication schemas such as RSA SecurID, VASCO Digipass, and Swivel PINsafe. |
Business rules dictate stronger authentication methods for servers. Mobile users often connect and then walk away without logging off. | Compatability with your existing authentication infrastructure through enhanced authentication delegation (including NT LAN Manager [NTLM], Kerberos, and SecurID), and provides more access control with improved session management that detects non-user traffic through automatic idle-based timeouts. | Custom authentication schemas enable tight access security while allowing users to enter all credentials on the same page. Multi-factor custom forms and script support includes X.509 client certificates and smartcards, as well as two-factor authentication schemas such as RSA SecurID, VASCO Digipass, and Swivel PINsafe. |
Protect Assets | | |
Need to ensure proper application behavior and protect infrastructure from malicious Internet traffic. | Compatability with your existing authentication infrastructure through enhanced authentication delegation (including NT LAN Manager [NTLM], Kerberos, and SecurID), and provides more access control with improved session management that detects non-user traffic through automatic idle-based timeouts. | Custom authentication schemas enable tight access security while allowing users to enter all credentials on the same page. Multi-factor custom forms and script support includes X.509 client certificates and smartcards, as well as two-factor authentication schemas such as RSA SecurID, VASCO Digipass, and Swivel PINsafe. |
Configuring settings for publishing servers is cumbersome. For example, I frequently do not know if certificates are valid while configuring SSL. | Application-layer firewall with protocol validation and command filtering helps protects Outlook Web Access (OWA), Microsoft SharePoint, and other Web-based applications from intrusions. | Policy-driven access to intranet tools, resources, and files with ACL-level control. A Web application firewall with application-specific content, command, and URL filtering helps block malformed HTTP requests and data inputs. In addition, .EXE identification and policy control help prevent malware from being uploaded to application servers. |
Safeguard Information | | |
My business is at risk legally and financially if sensitive data is compromised or exploited. | Application filters for HTTP and RPC include command filtering to prevent unauthorized server requests. | Security-enabled session termination and inactivity timeouts, combined with on-the-fly content validation and manipulation that controls data displayed to the end user, helps protect vulnerable information. |
I don’t always know what devices are connecting … protect my network from compromised clients. | Windows Server-based IPsec VPN quarantine provides control over client health and remediation before granting network access. | Endpoint compliance check and client state monitoring and clean-up (browser history, user ID, …) helps reduce risk of information leaks. |
I need an adaptable portal that can be used from a wide variety of PC and mobile devices. | Customizable forms-based authentication can be used as a simple gateway to intranet tools and applications such as OWA and SharePoint Portal Server. | An endpoint policy-defined micro-portal for mobile devices, with automatic detection of the client browser, increases usability for low-bandwidth or limited devices. |
I need to limit exposure to data threats by controlling what a user can do through the portal if I don’t trust the client’s network. | Per-network routing policies give macro-level control over intranet access. | Comprehensive access policy, monitoring and logging help ensure network integrity by restricting client access based on endpoint security profile, up to and including policy controls over actions within an application. |
