Firewall Wizards mailing list archives
RE: Microsoft ISA Server
From: "Bill Royds" <lists () royds net>
Date: Fri, 21 Jun 2002 18:42:05 -0400
It is basically an extension of the Microsoft Proxy Server and its roots sometime shows. Advantages - can use NT domains for authentication - is a true Application Gateway server, but has limits on which services it provides - can cache web pages to speed up subsequent access (not a security feature though). - can provide RADIUS/Kerberos authentication to other servers Disadvantages - As an App Gateway, can be a bottleneck - Already has had several severe security bugs - has not a proven track record and has limited proxying capability. What I would recommend is to use it behind a stateful filter firewall like a PIX or ipchains or FW-1 to handle NT authentications, caching and some extra application level firewalling, while the FW-1 etc. faces the big bad Internet. That takes advantage of its strengths while limiting its possible weaknesses. You could put you web server farm between the FW-1 and the ISA server, with your internal users going through the ISA. This will cache what the internal users surf, speeding up access and the ISA can be used as an authenticator for the FW-1 firewall for access control. -----Original Message----- From: firewall-wizards-admin () nfr com [mailto:firewall-wizards-admin () nfr com]On Behalf Of RWoerner () dor state ne us Sent: Wed June 19 2002 09:37 To: firewall-wizards () nfr com Subject: [fw-wiz] Microsoft ISA Server We are looking at possibly using Microsoft's ISA Server as our organization's firewall. There are few reviews of it and it doesn't appear that it is used by many organizations. Is anyone on the list using it? Does anyone have an opinion on it? How well does it work as a firewall? What are its pros and cons? Any insights would be most appreciated. Ron Woerner, CISSP Information Security Officer Nebraska Department of Roads P.S. My instincts say "don't trust Microsoft", however I want to be fair. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Microsoft ISA Server RWoerner (Jun 21)
- RE: Microsoft ISA Server B. Scott Harroff (Jun 21)
- RE: Microsoft ISA Server Bill Royds (Jun 21)
- Re: Microsoft ISA Server Mikael Olsson (Jun 22)
- Re: Microsoft ISA Server R. DuFresne (Jun 22)
- Re: Microsoft ISA Server Patrick M. Hausen (Jun 22)
- RE: NTLM on firewalls (was: Microsoft ISA Server) Ben Nagy (Jun 24)
- Re: NTLM on firewalls (was: Microsoft ISA Server) Darren Reed (Jun 25)
- RE: NTLM on firewalls (was: Microsoft ISA Server) Ben Nagy (Jun 24)
- <Possible follow-ups>
- Re: Microsoft ISA Server R. DuFresne (Jun 26)