Re: DMZ zone
- From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
- Date: Mon, 30 Apr 2007 09:51:35 -0500
"Daniel" <danieltbt04@xxxxxxxxx> wrote in message
news:%239tmN8WiHHA.4704@xxxxxxxxxxxxxxxxxxxxxxx
Phillip, does edge firewall considered to be secure from hacker?
Yes.
How do i know that ISA if being tampered from external?
Since ISA2000 came out almost 8 years ago there has never ever been an occurance
of ISA ever being "hacked". There may have been issues created by Admins who
don't know what they are doing, but no flaw in ISA itself has ever allowed that.
Attempting to do something isn't the same thing as doing something. Worrying
about someone attempting something against the ISA is like worrying about guys
looking at your girlfriend,...it is going to happen,..forget it and move
on,...or get an ugly girlfriend. ISA does have some alerting features if you
want to use them. But all the alerts tell you is that "nothing happened, but
someone *might* have tried" and there are a lot of false positives and it is
the same with any firewall product but whether the manufacture is willing to be
honest and tell you that is another story. After all, they make $$$ by scaring
the crap out of you,...a lot of "alerts" (valid or not) works in their best
favor.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------
Daniel
"Phillip Windell" <philwindell@xxxxxxxxxxx> wrote in message
news:Ojbeln1hHHA.5008@xxxxxxxxxxxxxxxxxxxxxxx
"Daniel" <danieltbt04@xxxxxxxxx> wrote in message
news:eetu3s0hHHA.4952@xxxxxxxxxxxxxxxxxxxxxxx
Currently isa is implemented as edge firewall behind a router and isa is
then connected to internal network with 2 interfaces. External interface for
internet that link to router and internal is for proxy,firewall and
authentication purpose.What i trying to do is to hardending on isa server
from hacked from external since my mail server and dc is behind it.
You don't harden ISA. ISA is the tool that does the hardening. ISA starts
out fully "hardened" and you have to "soften" it to allow things to work.
Nothing aside from System Policies "work" when freshly installed.
The only thing you may want to do is
1. Configure the external Nic to not be dynamically added to the AD/DNS. This
isn't really a security issue as much as it is a functionality issue.
2. Unbind everything from the external nic except TCP/IP. You don't need
Client for MS Networks, File & Print sharing, etc. But even if you don't do
that,...none of those are ever available to the outside world anyway. ISA
doesn't allow it.
3. There really isn't a #3
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
.
- References:
- DMZ zone
- From: Daniel
- Re: DMZ zone
- From: Daniel
- Re: DMZ zone
- From: Phillip Windell
- Re: DMZ zone
- From: Daniel
- DMZ zone
- Prev by Date: Re: ISA 2006 and PIX
- Next by Date: ISA 2006 Workgroup Mode and 2 Domains...
- Previous by thread: Re: DMZ zone
- Next by thread: Re: Impersonation error \ prevention
- Index(es):
Relevant Pages
|
Loading
