Security Basics mailing list archives
RE: ISA server
From: "Jacob Loveless" <jacob.loveless () datascientific com>
Date: Wed, 19 Nov 2003 14:46:08 -0500
Preface: I grew up on Linux, still love it. I work as a government penetration specialist I hate Microsoft Security (or lack there-of) Response: ISA is a great product, no way around it: there is nothing wrong with the ISA security platform. Like most firewalls the major problem is configuration errors. The simple Microsoft Style of Point and Click Configuration allows for better firewall implementations: thereby making better security. ISA is easy to update, has built in IDS modules (such as ISS contributed DNS modules and add-on) as well as reverse proxy (performance is beyond comparison to Apache), VPN, support for load balancing, caching mechanisms, IPsec... Everything you need to implement as baseline perimeter security platform. Unlike many Microsoft Servers, ISA is built in cooperation with other security companies (ISS, Foundstone, @stake to name a few). These companies are paid to make ISA secure. ISA is backed by Microsoft R&D money (see Bill Gate's comment at COMDEX yesterday about ISA 2004). I would recommend using ISA on windows 2003: much better performance and support for Insect enabled connections in conjunction with NLB. Also of note: ISA server clusters protect a large portion of the United States Department of Defense Networks (USMC, NAVY, VA, VHA) where DoD security professionals have proved time and time again its effectiveness: integrated IDS systems into it (Navy SHADOW), Added Smartcard VPN support and RADIUS integration to CISCO products....) ISA server is the perimeter security system for Microsoft Houston Development Team ISA Server on Windows 2000 operates at an interim C2 level ISA Server Clusters have been tested by government organizations for extreamly large multi-input firewalls as a response to Ddos attacks. Preliminary results show that ISA on windows 2003 scales and responds better than 3 other solutions (Cisco, A Scyld Based IPTables/Apache Beowulf Solution, In house secure-linux (Gentoo) HPC cluster) Just my 2 cents Jacob Loveless Chief Security Architect Data Scientific Corporation -----Original Message----- From: Greg Owens [mailto:greg.l.owens () verizon net] Sent: Tuesday, November 18, 2003 1:39 PM To: David Lanagan; security-basics () securityfocus com I do not like it. I do not understand how anyone can use Microsoft as a security solution. Norton and MacAfee have made billions off Microsoft attacks, yet people still want to use it as a Security Solution. People sit home and find ways to hack it, yet people still want to use it as a Security Solution. I do not understand.
From: "David Lanagan" <DLanagan () sterlinginsurancegroup com> Date: 2003/11/18 Tue AM 07:22:29 EST To: <security-basics () securityfocus com> Subject: ISA server Guys, I'm looking for a good quality proxy product. I've got 2 Internet links in 2 sites (connected via WAN) and I want a product that will act as a proxy for each site but also allow the clients to go from one to the other in the event of failure. I know that ISA server does this as part of a Proxy array but the enterprise version is something liek £4.5k a piece!! Way to expensive when I'm not using the firewall side of it! Talking of which, second question.... how do you rate ISA server as a whole? Thanks for your help in advance! Dave. ______________________________________________________________________ __ Dave Lanagan Lead - Infrastructure Development Tel: 020 8334 1548 Fax: 020 8948 0161 Mail: dlanagan () sterlinginsurancegroup com The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of anyaction in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. The views expressed in this message do not necessarily reflect those of Sterling Insurance Group Ltd or any of its subsidiary companies. ---------------------------------------------------------------------- ----- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_0310 27 ---------------------------------------------------------------------- ------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Attachment:
smime.p7s
Description:
Current thread:
- ISA server David Lanagan (Nov 18)
- Re: ISA server Matt Burnett (Nov 19)
- <Possible follow-ups>
- Re: ISA server Greg Owens (Nov 19)
- Re: ISA server Matt Burnett (Nov 20)
- Re: ISA server ~Kevin Davis³ (Nov 20)
- Re: ISA server David Lanagan (Nov 19)
- Re: ISA server Matt Burnett (Nov 20)
- RE: ISA server R. Maheswaran (Nov 19)
- Re: ISA server Ivan Coric (Nov 19)
- FW: ISA server Alex Pimperton (Nov 20)
- RE: ISA server Jacob Loveless (Nov 20)
- RE: ISA server Steven A. Fletcher (Nov 20)