Re: ISA Server & AD

  • From: Thor@xxxxxxxxxxxxxxx
  • To: isalist@xxxxxxxxxxxxx
  • Date: Thu, 2 Aug 2001 10:11:31 -0700

Assuming that the box will also be facing the Internet, it would be pretty
risky.

If anything happened to the Firewall service, then you would basically be
wide open.  Granted, I do not know of any current attacks out there on ISA,
but that does not mean they won't be found.

If I can camp out in your DC, not only do I own all the accounts and other
AD info, I can programmatically execute Group Policy elements that hose the
entire network all at once.

The only thing the client saves is a little money, but, to me anyway, they
would be taking an unnecessary risk.

---------------------------------
Attonbitus Deus
Thor@xxxxxxxxxxxxxxx

----- Original Message -----
From: "Paul Nuernberger" <pen@xxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, August 02, 2001 9:35 AM
Subject: [isalist] ISA Server & AD


> http://www.ISAserver.org
>
>
> A customer wants to run ISA Server on the same W2k server that is his AD
> primary controller.
>
> I've not found any direct information re: this issue. Can anyone on the
> list point out the various pro's & cons of doing this ?
>
> I'm still on the front side of the learning curve of ISA Server (run lots
> of *nix firewalls), so any help is greatly appreciated.  I already use (&
> rely heavily upon) isaserver.org - super useful site.
>
> Paul Nuernberger
> Manager
> BARON Computers Inc.
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
thor@xxxxxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')


Other related posts: