RE: FW: ISA Server 2004 is a pleasant security surprise

• From: "Quillman Shawn (RBNA/CSA1) *" <Shawn.Quillman@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 28 Sep 2004 10:30:39 -0500

ISA 2004 CD still sitting on my desk so I won't count the errors at this point 
:)  I do like, however, the reference to Acceleration.  I guess he's not all 
that up on caching...
 
-Shawn

-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CSA1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-6969 (F)
shawn.quillman@xxxxxxxxxxxx 

 

  _____  

From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Tuesday, September 28, 2004 11:10 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] FW: ISA Server 2004 is a pleasant security surprise


http://www.ISAserver.org
http://www.ISAserver.org

I'll send a free copy of our new ISA 2004 book to the person who can come up 
with the most errors in this review.
 
This is the kind of guy who thinks firewalling is about "opening ports"

Have fun,
Tom

 -----Original Message-----
From: USEast News Service [mailto:USEastNewsService@xxxxxxxxxx] 
Sent: Tuesday, September 28, 2004 8:27 AM
To: USEast News Service
Subject: ISA Server 2004 is a pleasant security surprise


ENTERPRISE WINDOWS: OLIVER RIST 
Monday, September 27, 2004 
         ISA Server 2004 is a pleasant security surprise
Not known for getting security right, Microsoft seems to have done well this 
time
 

By  Oliver Rist <mailto:oliver_rist@xxxxxxxxxxxxx>      September 24, 2004      

I take a snip <http://newsletter.infoworld.com/t?ctl=8F4851:1F62787>  here, 
make a snide remark <http://newsletter.infoworld.com/t?ctl=8F4850:1F62787>  
there, even endure a cheap shot 
<http://newsletter.infoworld.com/t?ctl=8F4852:1F62787>  every so often, but for 
the most part, nothing happens. Microsoft and security are two things that 
simply don't want to mix. Such is the life of the Microsoft pundit. But just 
when I'm ready to start writing about Gameboys, I get a chance to check out 
something new. 

A buddy installed Internet Security and Acceleration (ISA) Server 2004  
<http://newsletter.infoworld.com/t?ctl=8F484F:1F62787>  at one of his sites. 
Knowing that I was nigh upon a depressive episode due to Redmond's rank 
security reputation, he invited me over to grope and fondle the thing for a 
while, luring me there with a series of comments on how pleasantly surprised he 
was. OK. I'm a practical man, and ISA has never been what I'd call a practical 
firewall, but what the heck. Worst case, he's buying beers afterward. 

Well, worst case it wasn't, which is a pleasant surprise all by itself. I 
wasn't around for the install, but the bud said it went smoothly. What got me 
were the new configuration screens. Administering firewall rules is right up 
there with tax preparation on my list of favorite things to do, but once again, 
Microsoft does what it seems to do best: Concentrate on the user interface. 

There's a set of configuration wizards that are so simple, it's almost comical. 
Choose your basic network topology from a drop-down list, fill in the 
appropriate addressing information, and then you can open a really slick and 
highly visual rules editor that lets you very quickly define even complex rules 
based on specific users, groups, traffic types, or destination addresses among 
other variables. InfoWorld's had me looking at a whole 
<http://newsletter.infoworld.com/t?ctl=8F484B:1F62787>  bunch of 
<http://newsletter.infoworld.com/t?ctl=8F4854:1F62787>  firewalls 
<http://newsletter.infoworld.com/t?ctl=8F484D:1F62787>  this past year, and 
I've got to give credit where credit is due: This is one of the easiest and 
slickest firewall configuration wizards I've ever seen. 

For remote offices, there's even a VPN wizard that lets remote users configure 
their own VPN connections as long as they have just a little basic information 
first. That's a big load off the central IT staff when it comes to VPN 
configuration, although woe unto you if some of that basic information gets out 
into the wild. 

SharePoint Portal and Exchange are still fully supported, including their 
Web-based access modules. Nothing really new here, other than configuration is 
a mite simpler. Active Directory is still ISA's preferred AAA source server, 
but the software does include hooks to outside RADIUS servers should something 
like Funk Steel-Belted RADIUS be more to your liking. 

And for those that don't know what the "Acceleration" stands for, Redmond has 
actually placed some functionality in ISA that makes the inclusion of the word 
apt: The company has sped up ISA's payload inspection, which enables the 
solution to peek into a payload and decide whether the content is genuine. The 
capability is still limited, although it's more than what the average firewall 
offers. Lots of others will turn a blind eye to things like encrypted packets 
as long as they pass a header inspection. 

I'd very much like to test ISA against something with real content-filtering 
chops, such as CheckPoint's SmartDefense 
<http://newsletter.infoworld.com/t?ctl=8F4853:1F62787>  line, and see who has 
better success. Unfortunately, my beer-buying buddy wasn't keen on me infecting 
his production network for the sake of my column, so we'll need to wait on that 
until the editors here give me the go-ahead. 

That's not my only point of concern, however. The price tag is another problem. 
We're talking $1,500 per CPU for this thing, and it doesn't even include 
anti-spam or anti-virus modules. That's a serious setback when compared against 
something dedicated, such as a ServGate EdgeForce Plus or Check Point 
Safe@Office. 

I'm using those two as examples because big chunks of their customers are SMBs 
and the standard edition of ISA 2004 certainly seems aimed at the SMB market. 
The wizards are great, but any larger corporation will have too much network 
complexity to fit neatly enough into those dropdown parameters. They say that 
the enterprise edition has more flexibility muscle, but final word on that will 
have to wait for a real lab test. 

I think ISA is an excellent SMB firewall provided you've already got an 
anti-spam and anti-virus solution. And you'll also need a fairly deep wallet 
because ISA is most likely to cost you about $3,000 for the software and 
another $2,800 to $4,000 for the hardware. Then again, for an IT admin who's 
harried for time, those wizards and tight AD integration may make every penny 
worthwhile. 

Oliver Rist <mailto:oliver_rist@xxxxxxxxxxxxx;letters@xxxxxxxxxxxxx>  is a 
senior contributing editor at InfoWorld.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=alist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?typeúQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
shawn.quillman@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=alist
Report abuse to listadmin@xxxxxxxxxxxxx 
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=alist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?typeúQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
shawn.quillman@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=alist
Report abuse to listadmin@xxxxxxxxxxxxx 

Other related posts:

• » FW: ISA Server 2004 is a pleasant security surprise
• » RE: FW: ISA Server 2004 is a pleasant security surprise
• » RE: FW: ISA Server 2004 is a pleasant security surprise
• » RE: FW: ISA Server 2004 is a pleasant security surprise
• » RE: FW: ISA Server 2004 is a pleasant security surprise
• » RE: FW: ISA Server 2004 is a pleasant security surprise
• » Re: FW: ISA Server 2004 is a pleasant security surprise
• » RE: FW: ISA Server 2004 is a pleasant security surprise
• » RE: FW: ISA Server 2004 is a pleasant security surprise

1. Home
2. isalist
3. Archive
4. 09-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---