ISA Server 2000 with Service Pack 1 and Feature Pack 1, Firewall

Product type: Network and Network Related Devices and Systems
Product Status: Completed
Assurance Level: EAL2

Product Details

Product Description

Certification Country: GERMANY (2003)
Certificate Details: BSI-DSZ-CC-0218-2003, September 2003
Certification Method: CC
Crypt Evaluation: Not Required
Manufacturer/Vendor/Distributor: Microsoft Corporation

Microsoft Corporation

One Microsoft Way
Redmond WA 98052 United States
Product Website:


Microsoft Corporation
Microsoft Corporation
Phone: +61 13 20 58
Fax: +1 650 786 5731
Email: [email protected]


Certification Report
Security Target

ISA server is a firewall that helps to provide secure Internet connectivity. ISA Server is an integrated solution optimised for application-layer defence, stateful packet inspection, and secure web publishing.

ISA Server can be installed as a dedicated (software) firewall that runs on a Windows 2000 Server operating system. It acts as the secure gateway to the Internet for internal clients and protects communication between internal computers and the Internet.

As a multi layered firewall, ISA Server provides security at different levels. IP packet filtering provides security by inspecting individual packets passing through the firewall. Application-level filtering allows ISA Server to intelligently inspect and secure popular protocols (such as HTTP, FTP and others). ISA Server also performs dynamic-filtering using stateful packet inspection to open communication ports only when requested by clients and close them when they are no longer needed. This reduces the number of communication ports that are statically open to inbound connections.

With ISA Server's filtering capabilities it is possible to create filters that allow or deny traffic on the packet layer and with data-aware filters to determine if packets should be accepted, rejected, redirected, or modified. ISA Server has built -in identification and authentication capabilities which can be configured separately for incoming and outgoing requests. The firewall also features detailed security and access logs. The log files can be configured and enable for packet and application filters. They are human readable and can be reviewed with additional tools.

Although this product contains cryptographic functionality, it was not evaluated as a part of the TOE. As such, this functionality is not suitable for Australian Government use and should not be enabled.