Re: ISA 2004 PPTP VPN--Multiple Client Connections

  • From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
  • To: "[ Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 6 Oct 2005 22:08:05 -0700

Jeez; get a clue, whydoncha?

Common Criteria is decided by the governing body, not the developers.
Those aren't caveats; they're the scenario that was tested and evaluated
by the CC folks.
CC requirements can be applied equally well to hardware as it does to
hardware - try reading it through once.

In fact, CC *does* matter.   A great many governmental entities won't
buy a product unless it's been through the CC wringer.

-----Original Message-----
From: barrett [mailto:barrett.mcguire@xxxxxxxxxxxx] 
Sent: Thursday, October 06, 2005 8:15 PM
To: [ Discussion List]
Subject: [isalist] Re: ISA 2004 PPTP VPN--Multiple Client Connections

Common Criteria is NOT an absolute (nor good) indication of the
of a product. The developer gets to write the Security target and define
the Target of Evaluation. The product then gets evaluated, in the case
ISA by the Germans. So while those damn Ruskies may have the Cisco
those damn Germans (yes, their lab evaluated ISA) get to put the little
certification stamp on the product that lets you sleep at night

Common Criteria.....Below are a coupla of quick notes on CC Validation

ISA 2004 (EAL 4+)
--Thought it was in evaluation. If you can find the Security Target or
Certification Report, please post.
--Can't wait to see the caveats like the ones below for ISA2000

ISA 2000 (EAL 2)
--Must be installed on Windows 2000 Server
--No Active Directory Integration allowed (WoW!!)
--Local Administration only (who cares about the neat little Admin
you can run from your desktop instead of walking up to the server room
--ISA must be installed on a HP/Compaq Proliant ML330 G2 hardware. (May
able to pick one up on Ebay)
--Must run in Firewall Mode only (What a shame, the cache feature was
pretty cool)
--You can not change the evaluated configuration. (So, please do not
install Win2k Server Serice Pack 4)

So, does Common Criteria really matter?

List Archives:
ISA Server Newsletter:
ISA Server FAQ:
Visit for more information about our other sites:
You are currently subscribed to this Discussion List as:
To unsubscribe visit
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.

Other related posts: