Re: ISA & Cisco...

• From: "Don McCall" <DMcCall@xxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 11 Jun 2004 21:13:07 +1000

Hi Tom,

I guess it is a personal preference (and it also pasifies nuerotic
management/directors and the like who have heard of security
breaches)... however especially if you run your own mail servers as we
do using the PIX mail guard option along with other filtering
capabilities disguises the make and identity of your mail servers which
the ISA does not. If they do not know what they are dealing with it
makes it a little more difficult. It also gives one more layer for the
potential hacker to work their way through. I am impressed with the ISA
however Microsoft products tend to be the target of hackers, when a
vulnerability is found, we may not get the warning/patch before
potential damage is done. The PIX has vulnerabilities too and I have had
one incident where the intruder made their way as far as the ISA and
were stopped there. However these days social engineering will
deffinitely yeild easier results. The real vulnerabilities are not
through the front door (firewall connection to the Internet) but are
through lose policies, physical access (including wireless access
points)and poor training of personnel and rogue laptops. Well I'm sure
you know all that and I have a few other reasons for using a packet
filter and ISA servers ;-) As they say aside from my political point of
view, my religious beliefs, and preconceived ideas I am totaly flexable!
Using the two in series does require interesting configurations...

Regards

Don


-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Friday, 11 June 2004 5:21 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA & Cisco...


http://www.ISAserver.org

Hi Don,

I'm curious as to what kind of security you think the packet filter
affords you? I see this assumption a lot, but no one has ever explained
to me how a simple packet filter like a Cisco device actually perform
any level of security for the ISA firewall? I'm asking this not to be
confrontational, but in the sincere wish for a cogent answer, because I
have never got one other than "I would not feel comfortable putting an
ISA firewall in without putting a [fill in the blank] firewall". Which
is just a restatement of the original statement they made. 

Thanks!
Tom 

-----Original Message-----
From: Don McCall [mailto:DMcCall@xxxxxxxxxx] 
Sent: Friday, June 11, 2004 2:12 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA & Cisco...

http://www.ISAserver.org

I would have to agree with that statment... at the same time I would be
very reluctent to install a single device of either of these products...
or for that matter any other... by the way I managed to get it working
(NTP) for cisco routers that sit behind my ISA that sits behind a PIX
that faces the world....

Have a good weekend

Don   

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Friday, 11 June 2004 3:27 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA & Cisco...


http://www.ISAserver.org

There's really no comparison between the two.
The Cisco device is simply a router, ISA is a firewall.

If they have a routed subnet coming from their ISP, then they can use it
between the ISA and the ISP.
If they don't then they can use it internally to segregate a couple of
subnets.

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Thu, 10 Jun 2004 22:22:45 -0400
 "Marvin Cummings" <marvc@xxxxxxxxxxxxxxx> wrote:
http://www.ISAserver.org

I've seen topics mentioned here in the past and now I have one where a
client wants to know if their Cisco 2501 router can be used in any way
with ISA? I myself am not familiar enough with setting up Cisco devices
or to answer that question therefore I suggested using ISA but I figured
I'd try here for a 2nd opinion.

Anyone have any docs on configuring this type of setup? I'm talking
dummy proof with either pictures or detailed explanations of where
everything would go. 

Any responses are appreciated. 

 

Thanks 



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
dmccall@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist

This message is intended for the addressee named and may contain
confidential information. If you are not the intended recipient, please
delete it and notify the sender. Views expressed in this message are
those of the individual sender, and are not necessarily the views of
Baptist Community Services. 2 


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
dmccall@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist

This message is intended for the addressee named and may contain
confidential information. If you are not the intended recipient, please
delete it and notify the sender. Views expressed in this message are
those of the individual sender, and are not necessarily the views of
Baptist Community Services. 2 

Other related posts:

• » ISA & Cisco...
• » Re: ISA & Cisco...
• » Re: ISA & Cisco...
• » Re: ISA & Cisco...
• » Re: ISA & Cisco...
• » Re: ISA & Cisco...
• » Re: ISA & Cisco...
• » Re: ISA & Cisco...
• » Re: ISA & Cisco...
• » Re: ISA & Cisco...
• » Re: ISA & Cisco...
• » Re: ISA & Cisco...
• » Re: ISA & Cisco...
• » Re: ISA & Cisco...

1. Home
2. isalist
3. Archive
4. 06-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---