Securing the network using Microsoft ISA Server 2004

This is a great article discussing the features of ISA Server as a layer 7 firewall (without the usual zealous bubble from Dr T. Shinder)

The Industry Insiders: Securing the network using Microsoft ISA Server 2004
http://blogs.technet.com/industry_insiders/articles/404588.aspx

Whilst on the subject of layer 7 - here’s why outbound HTTP/S should be authenticated (and users should not have admin access to their workstations)- HTTP Tunnels:

HTTP Tunnel (I think this one is particularly insidious, because they sell it as a “service”, lets hope the CEO does’nt stumble across this site)
Zebedee

HTTP tunnel software allows for tunneling almost any protocol over HTTP. For example, a user could use a HTTP tunnel to bypass the firewall to use their peer-to-peer software and download stuff from the Internet.