For the record it's called SBS 2003 "Premium" not Enterprise in case you want to google... and I've yet to see a SBS box get hacked. ISA is ISA. And Microsoft has not built a "vulnerable" product.------------------------------------------------------
We get nailed from stupid users running with admin rights. We get nailed with professionals that don't use the connect to Internet Wizard to set up the firewall and set it up incorrectly. That's how we get nailed. As has been stated.. a properly configured network will be just fine. We're not big business, we're small business and it's a reasonable risk. Day in and day out Amy Babinchak, an ISA professional showcases that ISA works for small businesses.
Make ISA on a standalone box into a reasonable price range in the Cougar or Centro era and let's talk.
Folks these days either go with a hardware firewall on the outside for a smidge of paranoia protection, ISA in a two nic setup ...or they do a one nic with a Sonicwall because ISA just is not cost effective... or ..quite bluntly.. they don't trust it.
Those of us who believe in ISA (and yes that's those of us who run real businesses in the real world) we show every day that it can protect even when it's on the same server with the DC.
So out here in the real world.... it's ISA or you lose the sale.
That's the real world out here.
There are..however.. those in the SBS mvp community like Jeff Middleton who want it off the SBS box because of the annoying ways that it interferes with troubleshooting issues.
Will I want it on the same box in the Cougar era? Ask me when that ships (whenever that may ship) I might be doing Centro by that time which probably will peel off that server role. Who knows. I evaluate my risks and threats and right now I'm comfortable with ISA on the box with Dana Epp's Firewall dashboard adding more reports that give me the info I need.
From: "John T \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx> Subject: [isalist] Re: Error during install Date: Fri, 11 Aug 2006 00:26:48 -0700
As the good doctor has said, most ISA professionals will tell you that including ISA server with SBS Enterprise was a dumb idea.
eServices For You
"Seek, and ye shall find!"
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of ISA
Sent: Thursday, August 10, 2006 8:15 PM
Subject: [isalist] Error during install
OK, this is where I get confused. I thought ISA 2004 was impenetrable when
properly configured. Why should it make a difference that AD is running on
the same box?
How does SBS 2003 Ent do it? Are there different versions of ISA 2004 (one
out of the retail box and one that comes with SBS 2003)?
Has MS built a vulnerable product i.e. SBS 2003 Ent? If so, that would be a
shame being that it is a quickly growing market.
Regardless of 'why' I don't have the answers to my own questions - I usually
follow Tom's advice to the T. And while following Tom's advised (HAVE DC, NO
ISA) I have purchased Sonic Walls instead; at an increasing rate. Oh..and I
make some additional cash at it too. Client pays $600/$700 vs. $3,000 $4,000