Re: What to use for a Firewall device?

Hello,

No matter witch firewall you use in regards to SBS2003 in order to use RWW
and OWA you still have to open and forward ports with any device you use so
does it really matter witch device is on the outside of the external nic?
When you open ports you open your self up so why not use the firewall that
was made to work your server. Just Today I performed the following scan on
my system and here are the reults:

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000

0 Ports Open
0 Ports Closed
26 Ports Stealth
---------------------
26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

Now I am no security expert and this was done by a third party but I would
have to say that this is a prettty good report useing ISA2000 with SBS2003.

What I would really like to do is setup an SBS2003 server with ISA2000 or
ISA2004 and put it to the test. Give some testers the IP and let them go to
town on it :)

Thanks,

ebrind




"Leythos" <void@xxxxxxxxxxx> wrote in message
news:MPG.1d34d3796f160bc598997b@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> In article <#YDomvagFHA.2180@xxxxxxxxxxxxxxxxxxxx>,
> les.connor@xxxxxxxxxxxx says...
>> I'm a long way from a security expert; I lean heavily towards the
>> productivity side of things. And we all know that the concepts of
>> security
>> and productivity are quite often at loggerheads with each other ;-).
>>
>> But I do listen to what the security people have to say. And, the
>> security
>> people have previously said that ISA, while good, has credentials, etc. -
>> has not given them the confidence they seek, and they preferred to use
>> other
>> methods.
>>
>> However, I've heard some of the same security people speak (including
>> several whos opinions I highly value) and their tune has changed
>> significanly with ISA2k4. I want to trust expert opinions. No, I have to
>> trust expert opinions.
>>
>> You may in fact be a security expert, Leythos, but this statement:
>>
>> > My experience with ISA has been limited these last few years,
>>
>> Might indicate that it's time to evaluate ISA in it's current form ;-).
>
> I have never considered myself an Expert in anything, as that would mean
> I've learned more than most and I always look at it as though I need to
> learn a LOT more - it's that driven type of thing.
>
> As for reviewing 2004, well, lets say that when I want a firewall
> solution on a server that I use FW1 or a nix based solution. When it
> comes to ISA, my experience and others has given me reason to not
> trust/use it in the past.
>
> With the ability to drop in an appliance, have remote user VPN's and
> branch office IPSec tunnels up and running in minutes, to have the
> ability to restrict users at the firewall without any connection to the
> domain account, to restrict B/O tunnels and remote users differently and
> down to the IP:port<>IP:Port with a few simple clicks, etc.... I'll
> stick with my appliances as I know for sure they will keep the bad guys
> at bay 99.9% of the time - and I can setup the server while getting all
> the patches and updates without having to keep it disconnected from the
> network :)
>
> I have ISA, all the latest versions on DVD and CD in my MSDN and Action
> Pack, and I will look at it, but I would run it on a dedicated machine,
> not on a server doing anything else if I were to use it.
>
> --
> --
> spam999free@xxxxxxxxxx
> remove 999 in order to email me


.

Relevant Pages

  • OT: What will he do next?
    ... That was National Security. ... President Bush said Tuesday that a deal allowing an Arab company to take ... Senate Republican Leader Bill Frist urged the administration to ... Ports World, a state-owned business in the United Arab Emirates. ...
    (comp.sys.hp.mpe)
  • Re: Returned vulnerabilities, Messenger Spam, pls. HELP
    ... You should not enable XP's firewall if you are also running ... check for verification I achieved stealth status for all ports it can check. ... As a result for one or two days there was no Messenger Spam on my screen. ... But the messenger spam returned in a series and rechecked security did find ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Political Analysis of Security Products
    ... > bee collected nor has any evidence of such a backdoor ever really been ... send several packets to ports on the target system. ... be used for booth sides of the security game. ...
    (Pen-Test)
  • Re: P2P and Firewall
    ... > wireless network use. ... First off, firewalls are for security. ... them specific ports to use and configuring the firewall to allow them to use ... Bottom line, it's my opinion that the two, firewall and p2p, tend to be ...
    (comp.security.firewalls)
  • Re: Tool to find hidden web proxy server
    ... >> This problem is strictly with in company internet access firewall and in the ... policy for Internet access says it is through IP ... >> default ports and distributed the internet access to their friends. ... admin & senior security consultant: ...
    (Pen-Test)
Loading