Management of ISA?
- From: "epoole@xxxxxxxxxxxxxxxxxxxx" <epoole@xxxxxxxxxxxxxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Tue, 18 Jan 2005 10:54:10 -0700
I know I've probably asked this before, but we've got a bit of turmoil
between our Network team and Information Security. Which Group should
manage ISA? Our Network team is not security minded, have no interest in
security and are not disciplined in any way. I know I may sound biased,
but in Information Security we have had ISA Server 2000 running with Surf
Control and no downtimes for about 2 years. It's constantly patched,
updated (we currently have ISA Server 2004 in testing), logs reviewed,
etc. Anyway, I got blindsided yesterday. The Network team feels it is
more of a network device as opposed to a security device and want to take
over administration. Our Director has asked that we prepare something
that demonstrates where ISA should belong. So, I thought I would ask the
experts. Side note - Unfortunately, we only use ISA as an authenticating
proxy and limited firewall. The network team has yet to build ISA into
their architecture.
Other related posts:
