Yes. Really. I'm not quite clear on this statement, though: "Does it means no SQL server availabe at ISA2K4 server end in terms of security concern"? SBS2003 doesn't have ISA (yet) and when it does ship, co-location and security concerns will be addressed by whole teams of folks that do this for a living. If you mean "is there a security concern with MSDE on ISA?", the answer is "no". The MSDE instance on ISA is not even listening to the network. All MSDE logging is done via memory-mapped networking, not physical or logical devices. With the default MSDE instance, unless the ISA itself is compromised, you simply "can't get there from here". You can't say the same for SQL, which listens on all available adapters by default. Combine this with the prevalence of "allow all because I'm too damn lazy to understand my traffic profile" rules and you have the makings of Slammer-like virus victim. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -----Original Message----- From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx] Sent: Saturday, December 11, 2004 9:05 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SQLSERVE.EXE MSDE instance for ISA 2k4 http://www.ISAserver.org Oh...Really, Does it means no SQL server availabe at ISA2K4 server end in terms of security concern? Then what about SBS 2003 plus ISA2K4. I think I can put it into one basket if port could Be blocked at firwall side like I block acess to SQL Server from Wan side. Moreover, I did upgrade instance of ISA2K4, it works Fine under full version of SQL2000, may I understand The log is still working under MSDE I/O SQL2000? -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Sunday, December 12, 2004 12:44 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SQLSERVE.EXE MSDE instance for ISA 2k4 http://www.ISAserver.org No. Bad. Unsupported. DO NOT REPLACE MSDE WITH SQL ON THE ISA SERVER ITSELF If you want to replace MSDE with SQL logging, then do it off-box. The MSDE that's shipped with ISA is "tweaked" to be as secure as possible. If you replace it, you open your ISA to potential SQL vulnerabilities. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -----Original Message----- From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx] Sent: Saturday, December 11, 2004 6:51 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SQLSERVE.EXE MSDE instance for ISA 2k4 http://www.ISAserver.org Sorry, the mail sent directly from my OE to discussion list always change mal-coding. To the question of MSDE instance, my idea/suggestion for best performance is: a) install ISA2K4 bundled with MSDE b) upgrade SQL instance "server/msfw" into full version of SQL 2000 though SQL2000 server instllation c) use the same instance for Surfcontrol Both of ISA2K4 and Surfcontrol is now being managed under SQL2000 server I/O MSDE. Any comment -----Original Message----- From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] Sent: Saturday, December 11, 2004 10:24 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SQLSERVE.EXE MSDE instance for ISA 2k4 http://www.ISAserver.org Who here can read Roy Tsao posts, all I see is gibberish characters in his messages, can someone translate it?? Regards, Andrew -----Original Message----- From: Mike Anderson [mailto:mike@xxxxxxxxxxxx] Sent: Saturday, December 11, 2004 12:19 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SQLSERVE.EXE MSDE instance for ISA 2k4 http://www.ISAserver.org In cases like this, isn't it better to just run a dedicated instance of SQL Server (if you got it) which resides on a separate box, OR have a single instance of MSDE host both Databases? If I remember correctly, MSDE is just a crippled version of SQL Server 7.0 - in which concurrent connections are just limited. Otherwise, it's pretty much the same animal. In fact, since I have a dedicated super fast SQL Server on my network, I was hoping to uninstall MSDE on the ISA Box, and redirect all the Database activity to my SQL Server. Can this be done - anybody do this yet? I don't mean to steal the fire away from your original post, but I think this sort of parallels what I suggest doing, which goes back to the question: "why have two instances of MSDE running?". Use the one that is working better (the one with less memory consumption), and host the database on that instance. I am just throwing out ideas here... Mike -----Original Message----- From: Crockett, Gregory [mailto:Gregory.Crockett@xxxxxxxxx] Sent: Friday, December 10, 2004 5:40 PM To: [ISAserver.org Discussion List] Subject: [isalist] SQLSERVE.EXE MSDE instance for ISA 2k4 http://www.ISAserver.org Anyone notice the MSDE instance for ISA 2k4 memory increase to over 1gb mem usage? We host two instances of MSDE on the ISA2k4 machine, one for Surf Control and the other for ISA2K4. Surf Control instance is stable, while the ISA 2k4 instance hogs a lot of memory. Current mem usage = 786,004k. Wait, wait -- 786,012k , 786,528k and growing. MSDE versions: SurfControl = 8.00.761 ISA2k4 = 8.00.818 Server has 3gb memory ISA2K4 version = trial TIA Have fun! greg ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mike@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: andrew@xxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: roy_tsao@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: roy_tsao@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.