RE: ISA 2004 Enterprise is Out
- From: TRadtke@xxxxxxxxxxxx
- To: isalist@xxxxxxxxxxxxx
- Date: Thu, 3 Mar 2005 12:04:43 -0600
Hi Tom,
I've got the same view that you do on it. There really is not a good reason
to not have it in the domain. BUT the audit guys are crazed about systems
that talk directly into an internal network and the internet at large.
So, any advice for use who need a buffer between production networks and the
internet with an ISA array? Even if we really don't want to. Is an array
worth the money then or just go with one beefy system as a stand alone?
Thanks,
Troy
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Thursday, March 03, 2005 11:41 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 Enterprise is Out
http://www.ISAserver.org
Hi Troy,
If I hear that canard one more time, I'm going to chew the last bag of nails
I have :)
The fact is, the ISA firewall, even 2000, has never been reported to be
compromised. The changes are even slimmer that the 2004 firewall will be
compromised. So, i have no compunction at all joining the array to the
domain. You could put it in a subdomain, if that's how you have things
configured for your branches, but I'll never get over the security wankers
(I was formerly one of those wankers, so I have the "ex smoker syndrome" for
this situation) saying that there is some sort of supernatural reason why
you should join the ISA firewalls to the domain because "something could
happen".
Of course, if one, JUST ONE, hacker, sec guru, SOMEBODY, would show me how
they can leverage an "owned" ISA firewall that is a domain member viz.
non-domain member is worse, I'll turn on a time. But if I own the firewall
to that extent, it doesn't matter after I install my sniffer on the
non-domain member :-)
HTH,
Tom
<http://www.isaserver.org/shinder> www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
<http://tinyurl.com/3xqb7> http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
_____
From: TRadtke@xxxxxxxxxxxx [mailto:TRadtke@xxxxxxxxxxxx]
Sent: Thursday, March 03, 2005 11:25 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 Enterprise is Out
http://www.ISAserver.org
Hi Tom,
In a domain/child domain infrastructure, where would you put it? ISA2000 in
an array was always best served by being in it's own domain with a one way
trust to the network behind it, so it's isolated from the rest of the
network in case it's compromised some how, yet trusting the internal network
so it's manageable. In that form it's been passing S.OX. and G.L.B.
compliancy testing and audits. Now I'm seeing you say to toss it into the
domain and let it run. Any comments on that so I can see if we need to
attack ISA2004EE from a different perspective?
Thanks,
Troy
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Thursday, March 03, 2005 10:57 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 Enterprise is Out
http://www.ISAserver.org
Hi Steve,
The primary issues you'll run into are related to a "workgroup"
installation, as its not a no-brainer and not for the those who aren't very
jiggy with PKI. However, if you make the array a member of the domain, ISA
EE is a true pleasure to behold. The integrated NLB feature is fantastic,
the integrated logging and reporting is top shelf, and CARP exceptions are
icing on the cake. I pity the fool who'd by SonicWall :-))
HTH,
Tom
<http://www.isaserver.org/shinder> www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
<http://tinyurl.com/3xqb7> http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
_____
From: SteveC [mailto:stevec@xxxxxxxxxxx]
Sent: Thursday, March 03, 2005 10:51 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA 2004 Enterprise is Out
http://www.ISAserver.org
How'd I miss the release of this one? Dr. Shinder, do you have any
comments/news/tidbits on it before I dive in?
Thanks.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
--
<http://www.atomic9.net/public> http://www.atomic9.net/public
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tradtke@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tradtke@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
