MCSE Microsoft Internet Security and Acceleration Server 2000
The book itself is a step backwards from Microsoft's usually excellent beginners' series, and is neither fish nor fowl--it doesn't offer the gentle introduction to the basic concepts that most Microsoft training kits do, and yet it contains a howling vacuum when it comes to real-life examples. What's left is a book that outlines each of ISA's functions in loving detail, without ever telling you why you would want to use any of them.
Let's give a real-life instruction from the book to explain what we mean:
On the Cache tab, select one of the following options contained in the Cache Content section:
- If you want all content to be cached, select the All Content, Including Dynamic Content, Will Be Cached radio button.
- If you want content to be cached only if source and request headers indicate to cache, select the If Source and Request Headers Indicate to Cache, Then the Object Will Be Cached radio button.
- If retrieved objects should not be cached, select the No Content Will Ever Be Cached radio button.
See what's missing? At no point does this book actually say what the drawbacks or advantages of caching dynamic content are.
Why would you want to do it? When would it be a bad idea? What are the real-world differences between caching dynamic content and caching only the content that the headers indicate should be cached--and what option do most system admins choose? From this book alone, you'd have no idea. And this is a constant problem throughout the book. You're told what ISA can do without being told the reasons behind the options, or even a hint as to what the best option usually is.
Admittedly, most Microsoft training kits are notoriously bad when it comes to actually preparing you for what you'll face on the exam--their sample questions aren't even in the standard multiple-choice MCSE/MCSA format, for gosh sake--but they do excel at providing basic introductions for novices and are excellent refresher courses, making them perhaps the best starting points in the business for any serious certification student. This book, on the other hand, is more of a documentation of the ISA application itself--it tells you quite clearly what ISA does. The book discusses the attacks that Microsoft can automatically detect, but doesn't tell you what to look for in the logs, nor what common approaches hackers take, or even what to do when you're under a Denial of Service attack.
Which is not to say that you can't learn anything from the book--it actually has more content than many other training kits. However, it does mean that if you haven't used ISA server in the real world until now, you'll know exactly how to specify a locally bound TCP port, list, or range in the Firewall Client Applications setting.
The short version: The incredible software savings here is worth the cost of the book alone, and then some. And the book is not a bad reference for those who've used ISA in the real world--or at least have configured firewalls and proxy servers. But most users will probably install the software and buy at least one other book to pass the exam with flying colors. --William Steinmetz
Images and descriptions provided by Amazon