Re: Must I be forced to Upgrade from SBS 4.5?

From: Pal (pal_at_notthisbiticoss.co.uk)
Date: 04/18/04 

Date: Sun, 18 Apr 2004 17:42:29 +0100

Hi Merv,

I think that fits along the way I was thinking

Just sometimes with security you need to be political, a NAT only customer
with a "bozo" enterprise "friend" teling him/her that their system is
"wrong" if no "industrial strength" firewall is not installed, even though
the overall security scheme is solid on the network

Thanks

"Merv Porter [SBS-MVP]" <mwport@hotmail.com_no_spam> wrote in message
news:uwmz8ZLJEHA.1392@TK2MSFTNGP09.phx.gbl...
> ISA is a great product and it is ICSA certified as an *industrial
strength*
> firewall. You can also get this from a hardware firewall such as
Sonicwall,
> Cisco and others. The good thing about ISA is that it can be updated
> (patched) easily and you've got MS doing the heavy lifting for you. One
> problem with ISA is that it may require a fairly steep learning curve and
if
> you don't plan to use it for multiple clients, it may not be worth the
> effort (unless you can charge them for the learning curve).
>
> The problem I see with NAT transversal on the cheap routers is that a
> significant level of logging seems to be left out of the firmware. This
is
> really what ISA and higher end hardware firewalls bring to the table - you
> can see what all your users are doing and can monitor and control ingress
> and egress on the LAN. But, if you can tightly control what the LAN users
> do with email and web surfing, these cheaper routers have a place in the
> small business arena with SBS Standard.
>
> Security is a risk assessment and is implemented (purchased) like any
> insurance policy - your level of risk determines the price you pay up
front
> and the benefits you receive from the policy.
>
> Just my $0.02.
>
> --
> Merv Porter [SBS MVP]
> ===================================
>
> "Gurpal" <pal@notthisbiticoss.co.uk> wrote in message
> news:#kjDBELJEHA.2424@TK2MSFTNGP12.phx.gbl...
> > Good advice there I think !!
> >
> > Thought that a proper undamaged boxed product with proof (invoice) of
> > initial purchase might be clear cut, but I suppose there will always be
a
> > "grey area"
> >
> > My issue with SBS standard is, is the supplied firewall, in combination
> with
> > a standard NAT traversal on the broadband router on the external nic, a
> > "credible industry standard" security combination?
> >
> > Pal
> >
> > "Merv Porter [SBS-MVP]" <mwport@hotmail.com_no_spam> wrote in message
> > news:uCXo9%23KJEHA.3292@TK2MSFTNGP11.phx.gbl...
> > > I would not recommend Ebay as a source for any MS operating systems.
> > > Licensing is just to complex to determine if the product you get can
> > > actually be licensed properly. You could end up having your client
buy
> a
> > > useless piece of software. SBS 2003 Standard (without ISA or SQL) can
> be
> > > had for about $500 via MS Open Licensing. SBS 2K3 CALs will go for
> about
> > > $100 each in packages of 5 (you need to specify either User CALs or
> Device
> > > CALs). As long as your client's server meets the hardware
requirements,
> > > this would be an excellent upgrade (and depending on the number of
> users,
> > a
> > > full install may be easier than actually trying to directly upgrade
SBS
> > 4.5
> > > to SBS 2003).
> > >
> > > A bigger question at this point is whether your client's 3rd party
> > > applications (and licensing) that he is currently running under SBS
4.5,
> > are
> > > compatible with the newer windows operating systems. If he has some
> > > specialty software that the app vendor either can't or won't support
on
> > the
> > > newer OSs, this may be a show stopper for upgrading.
> > >
> > > --
> > > Merv Porter [SBS MVP]
> > > ===================================
> > >
> > > "Gurpal" <pal@notthisbiticoss.co.uk> wrote in message
> > > news:#p$T4pGJEHA.2752@TK2MSFTNGP10.phx.gbl...
> > > > Thanks for prompt reply hiram.
> > > >
> > > > I have;
> > > >
> > > > 1. Monthly ghost backups of the server
> > > > 2. Daily tape backups of the server
> > > > 3. Spare hardware in stock for the server
> > > >
> > > > although I totally appreciate your point !!
> > > >
> > > > Actually this brings me to another question, ebay now has a regular
if
> > > > infrequent stream of SBS 2000's for sale, would i be right in saying
> > that;
> > > >
> > > > 1. The ONLY totally "non grey area" product which can be
legitimately
> > sold
> > > > on is the "full boxed product with the box/security sticker/all
media
> > > still
> > > > intact?
> > > >
> > > > 2. I cannot purchase and sell on the product but my customer can buy
> it
> > > > direct themselves off ebay?
> > > >
> > > > 3. Full boxed products can be re-regesitered with microsoft?
> > > >
> > > > Pal
> > > >
> > > > "Hiram Hackenbacker" <brains@sky.com> wrote in message
> > > > news:40810575.10302944@news.claranews.com...
> > > > > On Sat, 17 Apr 2004 11:14:11 +0100, "Pal"
> <pal@notthisbiticoss.co.uk>
> > > > > wrote:
> > > > >
> > > > > >Basically have a customer who is VERY happy with SBS 4.5 system
> with
> > > > mixture
> > > > > >of XP/2K clients
> > > > > >
> > > > > >But after reading this article;
> > > > > >
> > > > > >http://zdnet.com.com/2100-1104-982220.html
> > > > > >
> > > > > >Looks like end of year means he must update.
> > > > > >
> > > > > >Any alternatives please??
> > > > >
> > > > > One alternative is to not update and wait until the server crashes
> and
> > > > > can't be fixed or the services it provides become incompatible
with
> > > > > the client machines.
> > > > >
> > > > > However the system will crash or become incompatible at the least
> > > > > convenient time to the customer (and you).
> > > > >
> > > > > --
> > > > > Hiram Hackenbacker
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: router/firewall, wireless gateway recommendation for home user
    ... NAT will reduce all of the direct attacks unless you ... firewall appliance for under $100. ... to your wireless nodes, and to protect all internal hosts via NAT, you ... device to reduce direct attacks (additional security layer). ...
    (Security-Basics)
  • RES: ISA firewall
    ... If we want to judge ISA as a firewall product (or if you want to judge ... Linux) were compromised by a security hole that was identified days ago, ... flaws, so does every single bit of line of code out there. ...
    (Security-Basics)
  • Re: Firewall recommendation ?
    ... When attending an ISA security workshop some time ago the instructor pointed ... > firewall will most likely get caught on the second one. ... > have redundant firewalls and separate firewall types in layers. ...
    (microsoft.public.windows.server.sbs)
  • Re: Webproxy und Firewallfehler
    ... Der ISA will der einzige auf dem ... Rechner sein, der NAT anwendet. ... Verbindung die Firewall akiviert hast, wenn ja, dann deaktiviere auch diese. ... Angeblich soll die Netzwerkkarte nicht richtig funktionieren. ...
    (microsoft.public.de.german.isaserver)
  • Re: RWW authentication
    ... Thanx for your concern about the lack of security. ... Given that you have disabled ISA, you have an external firewall I hope? ... SSL authentication seems to work just fine however on the actual RWW login ...
    (microsoft.public.windows.server.sbs)