Re: ISA Server for Microsoft Exchange

["Dobbins, Gary" <dobbins () ND EDU>]

To some degree, it’s like the old “no one ever got fired for buying IBM” parable.
ISA is “Microsoft’s Firewall” for their servers which must be exposed to the Internet.

Since most MS products are designed to be exposed to the InTRAnet only, it makes some sense that they would have a 
special prophylactic for when they need InTERnet exposure, and ISA is it.  Whether you consider that sufficient - or 
want to augment it with your own app-layer shield - is a matter of taste, but I would definitely not recommend exposing 
any of their servers to the unfiltered Internet without *at least* having their own recommended layer in front.  
Minimum defensible diligence.



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Connie 
Sadler
Sent: Wednesday, October 22, 2008 8:11 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] ISA Server for Microsoft Exchange


I am told that we need an ISA Server for Microsoft Exchange. I am asking for the Reader's Digest condensed "english" 
explanation, but I am having a hard time getting it.  :)  Can anyone here offer an explanation that will help me to 
create a business case for this - for a non-technical audience? There is a lot of info on the web, but nothing pops out 
as useful. I need a translation from techno-speak to executive business need.

Thanks!

Connie Sadler
CISO, Lucile Packard Children's Hospital at Stanford