Re: Security experts criticize an SBS installation
- From: "Victor Banks" <vic@xxxxxxxxxxxx>
- Date: Mon, 4 Sep 2006 17:08:25 -0400
Why is it that all I see in this newsgroup is almost common sense,
while the "expert" is spouting nonsense? If he wanted to add hardware in
front of ISA that would be one thing, but flattening because ISA is too
risky even to have on the server is stupid. Now, if they don't trust the
server because the office manager had the administrator password, that's
something also, but that is not the reason that I've been given for
flattening. And we could flatten and reinstall ISA and have two great
firewalls instead of one.
My problem is that I"ve lost control of this client. Unless I can
get this guy alone and talk some sense into him away from the lawyer and all
these "experts" I don't know if the situation is salvageable.
"Joe" <joe@xxxxxxxxxxxxxx> wrote in message
news:utT87G1zGHA.3908@xxxxxxxxxxxxxxxxxxxxxxx
Victor Banks wrote:
<snip details>
Here is my question. I have another 30 or so of these networks
out there. Do I take this seriously or are my SBS installations
reasonably secure? I have to provide straight answers to my clients. If
it's as bad as these guys say, I have no business selling it to anyone.
I wouldn't worry. What you hear is the delicate sound of hugely overpaid
people justifying their existences. You probably have to write off this
client as being too traumatised to see reason after this.
How long is a piece of string? Any system is hackable if the incentive
is high enough, like the burglary of premises. If the CIA wants to break
into a system, they will, whether it runs on an SBS or an IBM Z.
Probably they'll do it the easy way, by bribing or blackmailing an
employee.
There's no reason to believe SBS is seriously at risk. It is potentially
less safe than a system with its services all running on separate
servers, but hey, what system can't be improved by spending a lot more
money on it? (Wisely, of course).
I'd agree with the use of a separate firewall, for a variety of reasons
which don't include thinking that ISA is a heap of rubbish. I'm paranoid
enough not to connect a Microsoft OS straight to the Internet, without
at least a packet filter between, but that's just a personal preference.
A great many problems seen in this newsgroup could be solved much more
quickly with a separate box capable of logging traffic in and out of
SBS, but that's a network admin issue, not security. Mostly, two
entirely different devices controlling traffic is safer than one, and
safer than two identical devices.
If the security newsgroups and mailing lists were full of woe about SBS,
I'd be worried. If one particular commercial organisation is spreading
FUD around, my reaction would be to try an alternative supplier. Clearly
your client is not in a position to do this, for reasons you don't know.
.
- References:
- Security experts criticize an SBS installation
- From: Victor Banks
- Re: Security experts criticize an SBS installation
- From: Joe
- Security experts criticize an SBS installation
- Prev by Date: Re: Security experts criticize an SBS installation
- Next by Date: Re: Backup to multiple tape drives
- Previous by thread: Re: Security experts criticize an SBS installation
- Next by thread: Re: Security experts criticize an SBS installation
- Index(es):
Relevant Pages
|
