Educause Security Discussion mailing list archives
Re: ISA Server for Microsoft Exchange
From: "Rowe, Ken" <kenrowe () UILLINOIS EDU>
Date: Thu, 23 Oct 2008 10:33:43 -0500
ISA is the Microsoft application-level firewall that enforces a black-listing approach to block access to inappropriate sites. This can help protect Microsoft Exchange users from phishing attacks if they click on embedded links. However, since it is black-list based, the sites have to be explicitly denied. I think this is a problematic solution for an academic environment. It works fine for banks with strong controls and restrictions. Note that it is very difficult to audit the rules on the ISA appliance; you need to painstakingly walk through every configuration screen (or dump it as a 700-page XML printout). Please feel free to contact me directly if you need additional information. Ken. Ken Rowe Director of Enterprise Systems Assurance and Information Security University Office of Administrative Information Technology Services University of Illinois 50 Gerty Drive, MC-673 Champaign, IL 61820 E kenrowe () uillinois edu O 217.265.0415 C 217.778.7693 F 217.333.6991 ________________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Connie Sadler [csadler11 () GMAIL COM] Sent: Wednesday, October 22, 2008 5:11 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] ISA Server for Microsoft Exchange I am told that we need an ISA Server for Microsoft Exchange. I am asking for the Reader's Digest condensed "english" explanation, but I am having a hard time getting it. :) Can anyone here offer an explanation that will help me to create a business case for this - for a non-technical audience? There is a lot of info on the web, but nothing pops out as useful. I need a translation from techno-speak to executive business need. Thanks! Connie Sadler CISO, Lucile Packard Children's Hospital at Stanford
Current thread:
- ISA Server for Microsoft Exchange Connie Sadler (Oct 22)
- <Possible follow-ups>
- Re: ISA Server for Microsoft Exchange Dobbins, Gary (Oct 22)
- Re: ISA Server for Microsoft Exchange Basgen, Brian (Oct 22)
- Re: ISA Server for Microsoft Exchange Rowe, Ken (Oct 23)
- Re: ISA Server for Microsoft Exchange Chris Edwards (Oct 23)
- Re: ISA Server for Microsoft Exchange Connie Sadler (Oct 23)
- Re: ISA Server for Microsoft Exchange Adam Carlson (Oct 23)