RE: Anti-virus on Exchange

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
• Date: Tue, 15 Feb 2005 17:08:17 -0600

Hi Danny,

Where is the:

-- RADIUS based pre-authetication for OWA/OMA/ActiveSync/RPC over HTTP
access?
-- Where is the SSL to SSL bridging feature that prevents exploits from
being tunneled inside an SSL tunnel?
-- Where is the forms-based authentication that generates the form at
the firewall, so as to allow for pre-authentication, session limits and
attachment control?
-- Where is the per user/per group, per protocol, per server, per time
of day, stateful filtering and stateful application layer inspection for
VPN remote access client connections?
-- Where is the stateful application layer support for Secure Exchange
RPC publishing, so that your entire organization doesn't have to upgrade
to OL2003, and even if they did, where is the RPC scrubbing for the
de-tunneled connections?

In addition to that, ISA does have:

-Anti-malware (virus, worms, etc.) protection (HTTP, POP3, SMTP, etc.)
as part of its HTTP Security Filter at NO extra cost or licensing
restriction

-Grayware protection
ISA does have this, as part of its built-in and add only suites of
application layer inspection filters

-Signature and custom Intrusion Prevention and Protection
I can use the built-in ISA firewall's IDS/IPS, add-on 3rd party IDS/IPS
or use Snort.

-Anti-spam - RBL, content, etc.
You can add this on to the ISA firewall, and includes basic SMTP
filtering and inspection right out of the box with its SMTP Filter and
SMTP Message Screener.

-Email content and attachment blocking/filtering
The ISA firewall has this right out of the box.

-ActiveX, java, cookie, protection
Again, the ISA firewall has this right out of the box. Just configure
it!

-Web URL and content filtering
The ISA firewall has this right out of the box.

-End-to-end VPN (IPSec, PPTP, L2TP, and multiple encryption level
options) solution
This ISA firewall also has this right out of the box, and also has VPN
Quaratine support right out of the box.

-Client VPN software which includes firewall and anti-virus component
Why use proprietary VPN client software when *every version of Windows*
has a VPN client built-in. Best of all, no finger pointing when
something goes haywire! :)

-Traffic shaping
Not included with the ISA firewall :(

-Syslog output
ISA includes right out of the box, text logging, MDSE logging and SQL
logging. Can get it to work with MySQL and Access if you like.

-Protocol authentication
Not sure what you mean, but I'll bet its not as comprehensive as ISA's,
if you mean that you can control user/group access to ALL protocols
through the miracle of the Firewall client (the generic Winsock Proxy
client)

-VLAN support
ISA supports this right out of the box, we're using in a couple places
in product now.

-HTTPS and SSH admin access
ISA supports FIPS compliant encrypted RDP -- much more secure!

-Support & Maintenance includes virus and attack definitions
Same when we install GFI add-ons

-NAT or transparent mode
The ISA firewall supports both NAT and Route relationships. No
transparent mode though, MAC exploits are too problematic from my point
of view to want support for this.

You can also purchase the ISA firewall as a hardware appliance from
Network Engines, RimApp and Celestix. In fact, not even Microsoft PSS
can break into the Network Engines ISA hardware firewall, even when they
have console access!
 
Fortigate does cost less, but you don't get as much either.

Thanks!

Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: Danny [mailto:nocmonkey@xxxxxxxxx] 
Sent: Tuesday, February 15, 2005 4:28 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Anti-virus on Exchange

http://www.MSExchange.org/

On Tue, 15 Feb 2005 15:42:34 -0600, Thomas W Shinder
<tshinder@xxxxxxxxxxx> wrote:
> http://www.MSExchange.org/
> 
> Hi Danny,
> 
> I prefer to use an ISA based hardware firewall, I think I get better
> protection and more secure remote access too! :)

I respect your preference, however, I find it difficult for ISA
running on a Windows server to provide better protection and more
secure remote access than my deployed Fortigate firewalls, which
provide some of the following at little or no impact to performance
(if you match your network needs to the right model):

-Anti-malware (virus, worms, etc.) protection (HTTP, POP3, SMTP, etc.)
-Grayware protection
-Signature and custom Intrusion Prevention and Protection
-Anti-spam - RBL, content, etc.
-Email content and attachment blocking/filtering
-ActiveX, java, cookie, protection
-Web URL and content filtering
-End-to-end VPN (IPSec, PPTP, L2TP, and multiple encryption level
options) solution
-Client VPN software which includes firewall and anti-virus component
-Traffic shaping
-Syslog output
-Protocol authentication
-VLAN support
-HTTPS and SSH admin access
-Support & Maintenance includes virus and attack definitions
-NAT or transparent mode
...etc.

The Fortigate 60 for example, is well under $600 USD including the
hardware and software; it's an appliance!

(We are providing personal recommendations, and so have I in this
case; I have no affiliation with Fortinet, in fact, a year ago I would
not have recommended them.)

...D

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
tshinder@xxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts:

• » Anti-virus on Exchange
• » RE: Anti-virus on Exchange
• » Re: Anti-virus on Exchange
• » RE: Anti-virus on Exchange
• » RE: Anti-virus on Exchange
• » RE: Anti-virus on Exchange
• » RE: Anti-virus on Exchange
• » RE: Anti-virus on Exchange
• » RE: Anti-virus on Exchange
• » RE: Anti-virus on Exchange
• » RE: Anti-virus on Exchange
• » RE: Anti-virus on Exchange
• » RE: Anti-virus on Exchange
• » RE: Anti-virus on Exchange
• » RE: Anti-virus on Exchange
• » RE: Anti-virus on Exchange
• » RE: Anti-virus on Exchange
• » RE: Anti-virus on Exchange
• » RE: Anti-virus on Exchange
• » RE: Anti-virus on Exchange
• » RE: Anti-virus on Exchange
• » RE: Anti-virus on Exchange
• » RE: Anti-virus on Exchange
• » RE: Anti-virus on Exchange
• » RE: Anti-virus on Exchange
• » RE: Anti-virus on Exchange
• » RE: Anti-virus on Exchange
• » RE: Anti-virus on Exchange

1. Home
2. exchangelist
3. Archive
4. 02-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---