[isalist] Re: Real Newbie Question
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Tue, 23 May 2006 16:20:27 -0700
http://www.ISAserver.org
-------------------------------------------------------
There are lots of "Microsoft" articles that we (the ISA team) are trying to get
changed.
Basically, if you don't find it in the ISA list of articles, we didn't' write
it.
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Reimer, Mark
Sent: Tuesday, May 23, 2006 15:12
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Real Newbie Question
Actually, it came from Microsoft. It was in an article about ISA, as a best
practice. I've read a bunch of different articles today, and can't seem to
quickly find it.
Thanks for the advice though. I do want to make it a domain member. I will
continue on with my testing.
Mark.
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Thomas W Shinder
Sent: Tuesday, May 23, 2006 10:57 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Real Newbie Question
ACK!!!! Where did you read that drivel? If someone has the ability to break
into the ISA firewall, domain membership is immaterial. You end up gaining a
ton more security by joining the ISA firewall to the domain. In your scenario,
I ALWAYS join the ISA firewall to the domain. To do otherwise would be foolish,
IMO.
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Reimer, Mark
Sent: Tuesday, May 23, 2006 10:31 AM
To: ISA Mailing List
Subject: [isalist] Real Newbie Question
Hi folks,
Design question. We are going to install ISA 2004 as our perimeter
firewall with 3 legs (outside, dmz, internal). I've read that the ISA box
should not be part of the internal domain for security reasons (if someone
breaks into the ISA server box, they haven't compromised the internal AD). But,
I basically want to only allow internal AD users to have access to the internet
through the ISA server. There will be some short term (a few hours at a time)
exceptions, but this is the general plan.
What do most people do? Use a Radius server on the internal side to
accomplish the above goals? Or install ISA as a member server of the internal
domain?
We are a windows shop, Win2K3 servers all around.
Is there a source of info that would help explain the best method of
setting up and ISA server.
Thanks.
Mark
-------------------------------
Mark Reimer
Windows Servers & Networking
Prairie Bible Institute
Box 4000
Three Hills, AB T0M-2N0
Canada
403-443-5511
www.prairie.edu
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
