Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: suggestions on a good firewall

From: "David Ellis" <David.Ellis () unicam com>
Date: Sat, 24 May 2003 20:23:32 -0400
Let me ask a question here? Why would anyone want tight active directory
integration on a firewall which by all means constitutes a security
flaw?
Keep your active directory far from your firewall. A firewall is a
security product and shouldn't be integrated into your internal network
at all, besides VPN into your lan.

-----Original Message-----
From: Chris Berry [mailto:compjma () hotmail com] 
Sent: Thursday, May 22, 2003 2:31 PM
To: security-basics () securityfocus com
Subject: RE: suggestions on a good firewall


From: silvia ghezzi <ghezzi_silvia () yahoo de>
Talking about firewalls, I have experience only with
Gauntlet, and I was not really happy with it.
It was too much complicated to understand and to be
used and here was a real lack of support.
Now I have been using PIX for a couple of months, and
I am happy.

But I still had to fight with my management (which is
not really IT oriented). Since we have a full Windows
2000 environment with Windows experienced people, they
made pressure to have MS ISA server as a firewall.
Right now I could got PIX for our remote office, but
they are still thinking to go for ISa for oher future
remote offices.

I have only a little experience on ISA, so I cannot
judge. but I still consider it not as a firewall but
as a HTTP proxy.

Is there someone more into it than me, that can tell
me about the advantags and/or disadvantages of having
ISA as a firewall?


I'm using ISA here, and it's not bad as long as you use ONLY microsoft 
products.  I chose it originally because when I started here MS was all
I 
knew, now that I'm picking up Linux knowledge as well, I highly
recommend 
IPCOP instead (plus its free, and you know how much manager love that
word). 
  IPCOP has firewall/proxy/ids/ssh etc. all built in, and it's
ridiculously 
easy to set up.  I use it for our remote office and I never have to do 
anything with it, just install and forget (well, check for patches once
in a 
while, but not very often)  The only real advantage I can see to ISA is 
tight Active Directory integration.

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"All I want is a few minutes alone with the source code for the universe
and 
a quick recompile."

_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail


------------------------------------------------------------------------
---
Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check
Point, 
Hacking & Assessment, Cisco Security, Wireless Security & more! Register
Now!
--UP TO 30% off classes in select cities-- 
http://www.securityfocus.com/Vigilar-security-basics
------------------------------------------------------------------------
----


**************************************************************************************************
** eSafe-portsmouth scanned this email for viruses, vandals and malicious content **
**************************************************************************************************


---------------------------------------------------------------------------
Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check Point,
Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
--UP TO 30% off classes in select cities--
http://www.securityfocus.com/Vigilar-security-basics
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: