Re: ISA 2004 PPTP VPN--Multiple Client Connections
- From: "barrett" <barrett.mcguire@xxxxxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Thu, 6 Oct 2005 21:14:56 -0600
Common Criteria is NOT an absolute (nor good) indication of the "security"
of a product. The developer gets to write the Security target and define
the Target of Evaluation. The product then gets evaluated, in the case of
ISA by the Germans. So while those damn Ruskies may have the Cisco source,
those damn Germans (yes, their lab evaluated ISA) get to put the little
certification stamp on the product that lets you sleep at night
Common Criteria.....Below are a coupla of quick notes on CC Validation for
ISA
ISA 2004 (EAL 4+)
--Thought it was in evaluation. If you can find the Security Target or
Certification Report, please post.
--Can't wait to see the caveats like the ones below for ISA2000
ISA 2000 (EAL 2)
--Must be installed on Windows 2000 Server
--No Active Directory Integration allowed (WoW!!)
--Local Administration only (who cares about the neat little Admin console
you can run from your desktop instead of walking up to the server room
floor)
--ISA must be installed on a HP/Compaq Proliant ML330 G2 hardware. (May be
able to pick one up on Ebay)
--Must run in Firewall Mode only (What a shame, the cache feature was
pretty cool)
--You can not change the evaluated configuration. (So, please do not
install Win2k Server Serice Pack 4)
So, does Common Criteria really matter?
Other related posts:
