RE: Installing ISA 2004 in workgroup.

From: "Alex Gonzalez" <AGonzalez@xxxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Date: Tue, 9 Aug 2005 10:39:09 -0400
They just basically feel that having a machine joined to the domain
inside the DMZ is exposing AD.  I asked them how they felt that but they
couldn't give me a reason why they did and I couldn't give them a reason
why it couldn't.  

 

Alex

 

________________________________

From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Tuesday, August 09, 2005 10:21 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Installing ISA 2004 in workgroup.

 

http://www.ISAserver.org

Hi Alex,

 

Common problem -- based on no facts on the side of those "concerned"

 

Ask them how the AD is exposed. 

How would someone access the AD from the ISA firewall?

Where is there a single report anywhere that an ISA firewall has ever
been compromised to enable this exposure?

What are they doing on the inside, where the overwhelming majority of
attacks source form, to protect against AD exposure, and have they
considered that exposure to be orders of magnitude higher than what
theoretical *might* take place if the ISA firewall were "owned" (which
won't happen if properly configured)

 

HTH,

 

Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder> 
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls

 

         

        
________________________________


        From: Alex Gonzalez [mailto:AGonzalez@xxxxxxxxxxxxxxxxxxx] 
        Sent: Tuesday, August 09, 2005 9:08 AM
        To: [ISAserver.org Discussion List]
        Subject: RE: [isalist] RE: Installing ISA 2004 in workgroup.

        Hi Tom:

         

        Actually while on the topic, what is the main reason to join it
to the domain?  I joined the one I am setting up and people disagreed.
I told them it was standard but they didnt want Active Directory
exposed.  What can I tell them to calm them down?

         

        Alex

         

        
________________________________


        From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
        Sent: Tue 8/9/2005 9:56 AM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: Installing ISA 2004 in workgroup.

        http://www.ISAserver.org
        
        It *is* complex.
        
        Join the firewall to the domain. There's no reason not to.
        
        Tom
        www.isaserver.org/shinder
        Tom and Deb Shinder's Configuring ISA Server 2004
        http://tinyurl.com/3xqb7
        MVP -- ISA Firewalls
        
        
        
        > -----Original Message-----
        > From: Faraz [mailto:f_hkhan@xxxxxxxxx]
        > Sent: Tuesday, August 09, 2005 8:54 AM
        > To: [ISAserver.org Discussion List]
        > Subject: [isalist] Installing ISA 2004 in workgroup.
        >
        > http://www.ISAserver.org
        >
        > hi everybody
        > can anyone tell me the link where i can talk through the
procedure of
        > installing ISA server 2004 in workgroup, [i have read
microsoft KB
        > article(but that looks complex(i have to install even
certificate
        > service))], i want to install both Configuratio Storage server
& ISA
        > services on same computer, please send me a good
link??????????
        >
        > ------------------------------------------------------
        > List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        > ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        > ------------------------------------------------------
        > Visit TechGenix.com for more information about our other
sites:
        > http://www.techgenix.com
        > ------------------------------------------------------
        > You are currently subscribed to this ISAserver.org Discussion
        > List as: tshinder@xxxxxxxxxxxxxxxxxx
        > To unsubscribe visit
        > http://www.webelists.com/cgi/lyris.pl?enter=isalist
        > Report abuse to listadmin@xxxxxxxxxxxxx
        >
        >
        
        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Visit TechGenix.com for more information about our other sites:
        http://www.techgenix.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: agonzalez@xxxxxxxxxxxxxxxxxxx
        To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
agonzalez@xxxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
RE: Installing ISA 2004 in workgroup.

Other related posts:
