RE: RES: Off topic: SBS Liscensing
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 2 Apr 2003 11:13:15 -0600
Hi Amy,
It is blasphemy, but not enough to get you off the list ;-)
A back to back firewall configuration is great, and its better than
putting a fulled SBS'ed server on the edge. But you still end up in the
same place were you started: a server in the early stage of compromise
:-) However, its better than no protection at all.
But, like almost all things in life, you get what you pay for.
Thanks!
Tom
Thomas W Shinder
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
ISA Server and Beyond: http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1>
Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp>
-----Original Message-----
From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
Sent: Wednesday, April 02, 2003 8:25 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: RES: Off topic: SBS Liscensing
http://www.ISAserver.org
http://www.ISAserver.org
Maybe this is blasphemy but what about using a nice little
Sonicwall firewall on the perimeter? It's not as configurable or full
featured but it would add the additional layer you are looking for and
it would be a lot less expensive. (please don't throw me off this list,
I'm learning a lot here)
Amy
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Wednesday, April 02, 2003 8:47 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: RES: Off topic: SBS Liscensing
http://www.ISAserver.org
Hi Amy,
While you can make ISA Server work on an "all purpose" server, I
could never justify such a configuration from a security point of view.
Putting an Exchange Server, SQL Server, FAX server, etc. on the firewall
is a bad security proposition, no matter how you cut it. There are also
other drawbacks, such as how logging is affected by publishing services
located on the ISA Server itself. The ISA Server is a firewall and
perimeter defensive device and should be treated like one. I wouldn't
install all these extraneous services on a PIX or CP/Nokia and I
wouldn't do it on an ISA Server.
What I'm trying to determine is the cost effectiveness of using
two Win2k servers and a separate installation of ISA Server. From what I
can tell so far, you can still profit from getting SBS to put on the
internal network to use as an Exchange, SQL, FAX, etc. server and get
separate licenses for Win2k and ISA Server to run on the perimeter. The
cost would be comparable to black box solutions, but you can easily
configure and integrate with the existing Microsoft network, and you
don't pay extra for VPN or "connectors" to connect to the user database.
Thanks!
Tom
Thomas W Shinder
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
ISA Server and Beyond: http://tinyurl.com/1jq1
<http://tinyurl.com/1jq1>
Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp>
Other related posts:
