Re: ISA Server & AD

Assuming that the box will also be facing the Internet, it would be pretty
risky.

If anything happened to the Firewall service, then you would basically be
wide open.  Granted, I do not know of any current attacks out there on ISA,
but that does not mean they won't be found.

If I can camp out in your DC, not only do I own all the accounts and other
AD info, I can programmatically execute Group Policy elements that hose the
entire network all at once.

The only thing the client saves is a little money, but, to me anyway, they
would be taking an unnecessary risk.

---------------------------------
Attonbitus Deus
Thor@xxxxxxxxxxxxxxx

----- Original Message -----
From: "Paul Nuernberger" <pen@xxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, August 02, 2001 9:35 AM
Subject: [isalist] ISA Server & AD


> http://www.ISAserver.org
>
>
> A customer wants to run ISA Server on the same W2k server that is his AD
> primary controller.
>
> I've not found any direct information re: this issue. Can anyone on the
> list point out the various pro's & cons of doing this ?
>
> I'm still on the front side of the learning curve of ISA Server (run lots
> of *nix firewalls), so any help is greatly appreciated.  I already use (&
> rely heavily upon) isaserver.org - super useful site.
>
> Paul Nuernberger
> Manager
> BARON Computers Inc.
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
thor@xxxxxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')


Other related posts: