[ExchangeList] Re: Microsoft Exchange and VPN

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: <exchangelist@xxxxxxxxxxxxx>
  • Date: Thu, 13 Jul 2006 14:50:33 -0500

Hi George,
 
That's an old canard that is no longer applicable and is mental "knee
jerk" reaction that has no basis in fact. You have to understand how the
ISA firewall works to understand it, though. The ISA firewall EAL4+
certified, which is quite impressive, but it should be, it's developed
by many of the same people who developed the Check Point firewall. 
 
You do realize that the underlying operating system is immaterial if no
one can get to it, don't you? Since the ISA firewall has never been
successfully hacked (what would you expect from the firewall programming
talent from MS and Check Point?), it's obvious that the underlying OS is
completely protected by the Firewall components. To think otherwise is
playing Chicken Little and promoting the false concept that "hardware
falls from Heaven impervious to all attackers" which you know isn't
true. 
 
But if you want to learn how is doesn't matter that the ISA firewall
runs on Windows, read this: 
http://www.microsoft.com/isaserver/2006/prodinfo/Firewall_Corewp.mspx
 
Saying "but it runs on Windows" is the cowards (and the uninformed)
persons assessment of the ISA firewall.
 
I've run the ISA firewall in hundreds of deployments and never has it
been hacked and all these ISA firewalls purr like a Lion, plus they
update themsevles and don't run antiquated firmware that often is
multiple revisions out of date.
 
Also, check this:
 
http://secunia.com/product/232/
 
http://secunia.com/product/223/
 
 
Now check this:
 
http://secunia.com/product/3687/
 
The point is that ISA firewalls are definitely more secure than any
Sonicwall in a remote access to Exchange scenario. I think that would be
pretty clear once you study the ISA firewall a bit.
 
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls

 


________________________________

        From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Taylor, George
        Sent: Thursday, July 13, 2006 2:11 PM
        To: exchangelist@xxxxxxxxxxxxx
        Subject: [ExchangeList] Re: Microsoft Exchange and VPN
        
        
        I know it's ICSA certified, but remember, it's still a Microsoft
server, the target of 90% of the world's hackers.  :-)  Someone will
hack it some day.  Actually I've never touched it, the
firewall/vpn/router/network whatever decisions here are handled by
another group and I have to admit, they have our network purring.
         
        George Taylor
        Systems Programmer
        Regional Health Inc.
         

________________________________

        From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
        Sent: Thursday, July 13, 2006 12:55 PM
        To: exchangelist@xxxxxxxxxxxxx
        Subject: [ExchangeList] Re: Microsoft Exchange and VPN
        
        
        Even better and more secure:
         
        http://www.isaserver.org/pages/search.asp?query=Exchange
         
        Thomas W Shinder, M.D.
        Site: www.isaserver.org <http://www.isaserver.org/> 
        Blog: http://blogs.isaserver.org/shinder/
        Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
        MVP -- ISA Firewalls

         


________________________________

                From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Taylor, George
                Sent: Thursday, July 13, 2006 12:05 PM
                To: exchangelist@xxxxxxxxxxxxx
                Subject: [ExchangeList] Re: Microsoft Exchange and VPN
                
                
                Steve,
                 
                There are some good whitepapers here:
                 
                
https://partners.mysonicwall.com/WhitePaper/DownloadCenter/WhitePapers.a
sp
                 
                We use Sonicwalls at many of our Home Transcriptionist
and Dr.s offices.  They work fairly well and are a piece of cake to
setup.  We also use a Cisco VPN concentrator as well as a Neoteris CVPN
box at this end, but unless your looking at several hundred site-to-site
VPNs that would be way overkill.  Check to see if your current router is
VPN capable, if so put a small sonicwall at the other end, follow thier
doco and you should be set.
                 
                George Taylor
                Systems Programmer
                Reginal Health Inc.
                 

________________________________

                From: Steve Frechette [mailto:stevef@xxxxxxxxxx] 
                Sent: Thursday, July 13, 2006 10:48 AM
                To: exchangelist@xxxxxxxxxxxxx
                Subject: [ExchangeList] Microsoft Exchange and VPN
                
                
                I setup an Exchange Server by using a book. So pretty
much everything I know is self-taught so excuse me if this is a bit out
there.
                 
                I know that to get Exchange to work outside of the
network you need to VPN in. Does anyone have a good information tool for
how to setup a simple VPN to work with Exchange? I know I could google
it but I get back too many varied links that I don't know which one is
the right option.
                 
                Hopefully thanks for the help!
                 

                Steve Frechette


                Network Administrator


                CCI

                2156 S. 4th St., 3rd Floor

                Milwaukee, WI  53207

                phone: 414.435.0520

                fax: 414.431.8766

                toll free: 1.888.622.4727

                stevef@xxxxxxxxxx

                www.ccierp.com <http://www.ccierp.com/>

JPEG image

Other related posts:

  1. Home
  2. exchangelist
  3. Archive
  4. 07-2006