Re: Firewall Appliance Needed?
From: Stuart Mackie [MCP, MSP] (newsgroups_at_--REMOVE_THIS-NO_SPAM--stu.uk.com)
Date: 10/03/04
- Next message: Merv Porter [SBS-MVP]: "Re: Sharepoint on SBS 2003"
- Previous message: MikeD: "RE: test"
- In reply to: Aaron Boone: "Re: Firewall Appliance Needed?"
- Next in thread: Javier Gomez [SBS MVP]: "Re: Firewall Appliance Needed?"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 3 Oct 2004 23:37:02 +0100
I agree with Aaron. For security to be effective and resilient a layered
approach in my opinion is always best. ISA is a very effective firewall and
could be used on its own securely without problem. But at the same time, if
a hardware firewall is used in front of your ISA server there are a number
of advantages. Since you are only making a few services publicly/remote
accessible, you can configure you hardware firewall to block all incoming
data traffic other than to those ports, or if in response to an internal
request. This leads on to the second advantage which is removal of
inappropriate or non-required traffic from you network or in this case ISA
server. Although ISA will comfortably handle all traffic directed at it,
using a layered approach allows you to filter traffic in stages with the
idea of only legitimate traffic reaching the server.
Monitoring logs alone for ISA where non-required traffic is removed in
advance can be a benefit in itself :)
-- Hth, Stuart Mackie [MCP, MSP] www.stu.uk.com "Aaron Boone" <anonymous@discussions.microsoft.com> wrote in message news:157401c4a958$4b302880$a501280a@phx.gbl... >I think the hardware firewall in front of ISA is the way > to go. > > ABoone > >>-----Original Message----- >>Thanks Frank. I'm really trending in that direction. >> >>I do have a bridging firewall that I built a few years > ago that's >>fronting my home SBS2k3 server (less ISA) but I'd prefer > not to >>install such a glutton for maintenance in a client > site. :) >> >>But there's SO MUCH F.U.D. out there. >> >>And a great weekend to all. >> >>A Selene >> >>On Fri, 1 Oct 2004 12:57:56 -0500, "Frank McCallister" > <anonymous> >>wrote: >> >>>Hi Adam >>> >>>I feel that ISA is a very secure Firewall and an > additional Firewall >>>appliance is unnecesary. An inexpensive router to keep > your DSL modem >>>connected will provide some basic initial firewall > protection but that is >>>all I suggest. See >>>http://www.smallbizserver.net/Default.aspx?tabid=52 for > ideal setup >>> >>>Frank McCallister >>>COMPUMAC >>>"Adam Selene" <as@freeluna.org> wrote in message >>>news:n84rl0dljmkg183mgu1ubrrpf851an5ft5@4ax.com... >>>> I'm about to deploy a SBS 2k3 Premium server and the > question of a >>>> firewall appliance has arisen. I know that a > firewall appliance was >>>> recommended in certain configurations but I can't > recall what these >>>> were. >>>> >>>> Does anyone feel strongly about this issue? I see > that ISA Server is >>>> the basis for some new firewall appliances and this > suggests to me >>>> that I may not truly need an appliance if I deploy > ISA from the >>>> Premium Technologies disk. >>>> >>>> The server I'm about to deploy will not offer public > access and it >>>> will probably NOT host email although it MAY support > OWA for mail >>>> retrieved via the POP3 Connector. It would also be > desirable to allow >>>> Remote System Administration/Support. >>>> >>>> I'm just undecided about the subject of a firewall > appliance and I'm >>>> wondering if anyone has developed a strong enough > sense of trust in >>>> ISA to feel that an appliance may not be necessary. >>>> >>>> Thanks in advance for any advice, >>>> >>>> >>>> -- >>>> ASelene >>> >> >>-- >> ASelene >>. >>
- Next message: Merv Porter [SBS-MVP]: "Re: Sharepoint on SBS 2003"
- Previous message: MikeD: "RE: test"
- In reply to: Aaron Boone: "Re: Firewall Appliance Needed?"
- Next in thread: Javier Gomez [SBS MVP]: "Re: Firewall Appliance Needed?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
