[isalist] Re: SME LAN and ISA
- From: "Greg Mulholland" <greg@xxxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Mon, 22 May 2006 11:33:53 +1000
nice argument! care to elaborate..
TM - i take your point about beta testers and less beta machine available to be
vulnerable but it is my hard and fast rule not to deploy beta software on
mission critical boxes. Mail/Firewall/Database/File etc..
These boxes of mine (big clients) generally operate on SLA's (24x7 99.9% etc
etc) which means that software that is run in production needs to have a
support contract, and these are not normally available on Betas ;)
If the firewall goes balls up, regardless of vulnerability, lets say untested
environment tweaks or configuration then it effects the whole network. So - if
you care about your business data, systems, security, integrity at all - Dont!
but thats my opinion take all then opinions given and weigh up your options..
Greg Mulholland
________________________________
From: isalist-bounce@xxxxxxxxxxxxx on behalf of Steve Moffat
Sent: Mon 22/05/2006 10:25 AM
To: ISA Mailing List
Subject: [isalist] Re: SME LAN and ISA
Absolutely agree.
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Thor (Hammer of God)
Sent: Sunday, May 21, 2006 7:02 PM
To: ISA Mailing List; Greg Mulholland
Subject: [isalist] Re: SME LAN and ISA
Don't listen to Greg. Use ISA2006 all you want (if you know what you are
doing.)
t
On 5/21/06 2:21 PM, "Greg Mulholland" <greg@xxxxxxxxxxxxxx> spoketh to all:
and dont use isa 2006!! its beta.. use 2004..
Greg Mulholland
________________________________
From: isalist-bounce@xxxxxxxxxxxxx on behalf of Egyptian Mind
Sent: Mon 22/05/2006 1:45 AM
To: isalist@xxxxxxxxxxxxx
Cc: gen_sib@xxxxxxxxx
Subject: [isalist] Re: SME LAN and ISA
http://www.ISAserver.org
-------------------------------------------------------
1- install the ISA server after the adsl router and before the switch.
2- put two interface cards in the server
3- attach one interface with the adsl router ( outside ) and the other to the
unmanged switch ( inside )
4- assign an IP from your local lan to the inside interface
5- assign any IP of the range that given from the ISP ( after the router nat )
to the ouside interface
6- make ur own rules on the ISA server
BASIC SME NETWork SETUP
Internet Cloud
|
|
|
|
ADSL (AZTECH ETHERNET USB) Broadband Router
DHCP
| _____________________________
| | |
|___outside interface ( 10.11.1.1/24) | ISA Server
___insdie interface ( 192.168.1.1/24 ) |
| |_____________________________|
|
|______________________
LoCAL AREA NETWORK (Unmanaged Switch)
LAN IP Address 192.168.1.0/24
______________________________
SBS2003-BOX (HP DL3*) LINUX-Box (HP DL3*)
AD OpenSource Helpdesk System
DHCP OpenSource Network Monitoring(nagios, nmis)
DNS SMS Pager
Intranet AV(clamWin Free AV)
Accounting
MAILs (Pulled from ISP thru pop3 connector)
CRM
WSUS
AV (clamWin Free AV + AVG)
!~` Yesterday is a History` ~!
!~` Tomorrow is a Mystery` ~!
!~` Today is a Gift` ~!
!~` So we call it ...............` ~!
!~` Present .......Simple` ~!
Mob : +966 50 2953591
________________________________
From: Gene Sibbs <gen_sib@xxxxxxxxx>
Reply-To: isalist@xxxxxxxxxxxxx
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] SME LAN and ISA
Date: Sun, 21 May 2006 02:25:59 -0700 (PDT)
Greetings,
I have attached a basic LAN setup diagram and I would like to pick
your brains as far as the security is concerned.
My objective is that the In/Outbound traffic must pass thru ISA box
Base on the attached design I feel that the security is lacking. I
have downloaded ISA 2006 BETA version...and I want to introduce ISA Server as
a member of the family to beef-up security.
How can I make ISA Server 2006 beta play with this basic design,
bearing in mind that I don't have a static IP address from my ISP. My ADSL is
dhcp obtaining the IP address from ISP.
I want to run ISA2006 on a separate box completely.
With many thanks!
Gene Sibbs
________________________________
New Yahoo! Messenger with Voice. Call regular phones from your PC
<http://us.rd.yahoo.com/mail_us/taglines/postman5/*http://us.rd.yahoo.com/evt=39666/*http://messenger.yahoo.com>
<http://us.rd.yahoo.com/mail_us/taglines/postman5/*http:/us.rd.yahoo.com/evt=39666/*http:/messenger.yahoo.com>
and save big.
________________________________
Feel free to call! Free PC-to-PC calls. Low rates on PC-to-Phone. Get
Yahoo! Messenger with Voice
<http://us.rd.yahoo.com/mail_us/taglines/postman10/*http://us.rd.yahoo.com/evt=39663/*http://messenger.yahoo.com>
<http://us.rd.yahoo.com/mail_us/taglines/postman10/*http:/us.rd.yahoo.com/evt=39663/*http:/messenger.yahoo.com>
>BASIC SME NETWork SETUP
>
>Internet Cloud
> |
> |
> |
> |
>ADSL (AZTECH ETHERNET USB) Broadband Router
> DHCP
> |
> |
> |
>________|______________________
>LoCAL AREA NETWORK (Unmanaged Switch)
>LAN IP Address 10.11.1.0/24
>
>______________________________
>
>SBS2003-BOX (HP DL3*) LINUX-Box (HP DL3*)
>
>AD OpenSource Helpdesk System
>DHCP OpenSource Network Monitoring(nagios, nmis)
>DNS SMS Pager
>Intranet AV(clamWin Free AV)
>Accounting
>MAILs (Pulled from ISP thru pop3 connector)
>CRM
>WSUS
>AV (clamWin Free AV + AVG)
>______________________________
>
>Security is an issue here...
>
------------------------------------------------------ List Archives:
//www.freelists.org/archives/isalist/ ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and
Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs:
http://blogs.isaserver.org/
------------------------------------------------------ Visit TechGenix.com for
more information about our other sites: http://www.techgenix.com
------------------------------------------------------ To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp Report abuse to
listadmin@xxxxxxxxxxxxx
Other related posts:
