RE: Array in the domain or not?

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 17 Aug 2005 13:42:31 -0500

Hi Troy,

Always part of the user domain. Even in edge firewall deployments. No
one has ever "owned" a properly configured ISA firewall and unlike
Cisco, no one on the outside has the source code ;-)

For the hardening guides, check out:

http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/securityharde
ningguide.mspx

And

http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/hardeningwind
ows.mspx

HTH,

Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: Troy Radtke [mailto:TRadtke@xxxxxxxxxxxx] 
> Sent: Wednesday, August 17, 2005 1:35 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Array in the domain or not?
> 
> http://www.ISAserver.org
> 
> Oh wait, maybe my question was a bit vague now that I think about
> it.....
> 
> How about the ISA array in it's own domain vs. the production 
> domain vs.
> a one way trust between domain?
> 
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
> Sent: Wednesday, August 17, 2005 1:11 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Array in the domain or not?
> 
> 
> http://www.ISAserver.org
> 
> ALWAYS domain members if they want me to do it. 
> 
> Create a GPO for the domain members and use the recs from ISA firewall
> hardening guides. Of course, ALWAYS test GPO settings in the 
> lab before
> deploying, unless your production network is your test platform ;-)
> 
> HTH,
> 
> Tom
> www.isaserver.org/shinder
> Tom and Deb Shinder's Configuring ISA Server 2004
> http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
>  
> 
> > -----Original Message-----
> > From: Troy Radtke [mailto:TRadtke@xxxxxxxxxxxx] 
> > Sent: Wednesday, August 17, 2005 1:09 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Array in the domain or not?
> > 
> > http://www.ISAserver.org
> > 
> > Hi everyone,
> > 
> > For everyone (or anyone) running an array of ISA servers 
> (either 2k or
> > 2k4), do you have then as part of your domain or do you have them in
> > their own domain?  Looking in from the aspect of high 
> > security GPO's and
> > hardening the entire array from an OS standpoint.
> > 
> > I don't have enough available licenses to play around with 
> > this, so I'm
> > looking for some input.
> > 
> > Thanks!
> > Troy
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion 
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tradtke@xxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 

Other related posts:

• » Array in the domain or not?
• » RE: Array in the domain or not?
• » RE: Array in the domain or not?
• » RE: Array in the domain or not?
• » RE: Array in the domain or not?
• » RE: Array in the domain or not?

1. Home
2. isalist
3. Archive
4. 08-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---