Sorry, I must respectfully, vehemently disagree. Placing IIS on any firewall (ISA or otherwise) is the least secure option. Using the default website isn't insecure in and of itself, it's how well that web site has been cleared of the default vroots and settings. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Gabriel O. Zabal" <gabriel@xxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, September 22, 2003 08:47 Subject: [isalist] RE: Using SUS on ISA Server http://www.ISAserver.org I saw that by default SUS is installed on the default web site, something that is not likely secure. I didn't try to make it work a non default web site. The best would be IIS on ISAServer, binded to the Internal IP address of the ISA, and also installed on a specific directory and using a new website that uses a host-header name. If that could be done it will be great. Gabriel Zabal gabriel@xxxxxxxxxx -----Mensaje original----- De: Amy Babinchak [mailto:Amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Enviado el: lunes, 22 de septiembre de 2003 17:35 Para: [ISAserver.org Discussion List] Asunto: [isalist] RE: Using SUS on ISA Server http://www.ISAserver.org The SUS installation also installs urlscan and sets up IIS only on the internal IP by default. But still if you have another machine I'd use it. The more things that are on your firewall the more likely it is that a security issue can be overlooked. Amy -----Original Message----- From: Bill Kuhn - MCSE [mailto:bkuhn@xxxxxxxxxxxxx] Sent: Monday, September 22, 2003 11:29 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Using SUS on ISA Server http://www.ISAserver.org My thought was to enable IIS only on the internal IP. Is that still a bad move? -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Monday, September 22, 2003 9:44 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Using SUS on ISA Server http://www.ISAserver.org That would mean adding IIS to the ISA. If you already have it, then it won't add any more weakness. If you don't, then choose another server. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gabriel@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^* All mail from this domain is virus-scanned with RAV. www.ravantivirus.com ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*