Re: Firewall recommendation ?

From: SuperGumby [SBS MVP] (not_at_your.nellie)
Date: 05/02/04 

Date: Sun, 2 May 2004 13:14:45 +1000

When attending an ISA security workshop some time ago the instructor pointed
out that though his company was certified to train in ISA their public
website was configured

internet
|
|
hardware router capable of packet filtering
|
|
combined unix/hardware based monitoring/control
|
|
standalone ISA -- Webserver DMZ
|
|
LAN

"Dave" <newsATfureyDOTnet> wrote in message
news:e0wYH6MLEHA.3516@TK2MSFTNGP11.phx.gbl...
> I disagree with you on this.
>
> Adding a hardware firewall does increase security, a breach in one type of
> firewall will most likely get caught on the second one (if different).
> Having two different firewall types is pretty much standard in the
> enterprise market. Even Cisco engineers (ones I know and met) agree that
> having two separate types of firewalls, say PIX and Checkpoint, offers
> greater security than two PIX or Checkpoint firewalls.
>
> As for government agencies you will find that many (at least here in AUS)
> have redundant firewalls and separate firewall types in layers. We aren't
> even mentioning the IDS devices.
>
> As for being a failure point... You can always bypass the failed hardware
> piece, very easy to do if planned correctly. The other choice is to stop
> traffic until the hardware piece is examined and repaired/replaced,
security
> takes precedent in some circles.
>
>
>
> "root" <postmaster@buchanangc.com> wrote in message
> news:%2303jHYYKEHA.644@tk2msftngp13.phx.gbl...
> >
> > "Dave" <newsATfureyDOTnet> wrote in message
> > news:u3I5FGLKEHA.1764@TK2MSFTNGP12.phx.gbl...
> > > Ditch ISA!
> > >
> > > If he wants to add a hardware firewall in addition to his ISA system I
> > fully
> > > support the idea,
> >
> > A hardware FW adds nothing to ISA but another support point and/or
failure
> > point and therefore decreases reliability and supportability and
provides
> no
> > increased security. There's never been a documented case of a
penetration
> > of a properly configured ISA server install. Just use ISA.
> >
> >
>
>

Relevant Pages

  • RES: ISA firewall
    ... If we want to judge ISA as a firewall product (or if you want to judge ... Linux) were compromised by a security hole that was identified days ago, ... flaws, so does every single bit of line of code out there. ...
    (Security-Basics)
  • Re: Must I be forced to Upgrade from SBS 4.5?
    ... Just sometimes with security you need to be political, a NAT only customer ... "wrong" if no "industrial strength" firewall is not installed, ... The good thing about ISA is that it can be updated ...
    (microsoft.public.backoffice.smallbiz)
  • Re: RWW authentication
    ... Thanx for your concern about the lack of security. ... Given that you have disabled ISA, you have an external firewall I hope? ... SSL authentication seems to work just fine however on the actual RWW login ...
    (microsoft.public.windows.server.sbs)
  • Re: Firewall recommendation ?
    ... I am confident in ISA doing it's job, ... a result I have a very high standard security wise, ... Most of the SBS clients I have use a hardware ... >> Adding a hardware firewall does increase security, ...
    (microsoft.public.windows.server.sbs)
  • RE: suggestions on a good firewall
    ... Keep your active directory far from your firewall. ... security product and shouldn't be integrated into your internal network ... >made pressure to have MS ISA server as a firewall. ... tight Active Directory integration. ...
    (Security-Basics)
Loading