Firewall Wizards mailing list archives
Re: ISA server versus PIX
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 30 Aug 2001 01:41:34 -0400 (EDT)
recent posting via sans and security wire digest might be of interest here, not limited to, yet, including the more recent out of sans; --24 August 2001 Microsoft Releases IIS Lockdown Tool In the aftermath of Code Red, Microsoft released an IIS Lockdown Tool that disables many functions and services that could be exploited by attackers. http://www.computerworld.com/storyba/0,4125,NAV47_STO63310,00.html [Editor's (Schultz) Note: I understand the desire to turn off FTP and SMTP services, too, but I question the wisdom of doing this when the real problem is IIS Web servers. It is important to disable all unnecessary services, but having a tool that purports to fix IIS but then goes and does other things is not necessarily desirable.] --17 August 2001 Patch Available for ISA Server 2000 Flaws Microsoft has issued a patch to repair three holes in its Internet Security and Acceleration (ISA) Server 2000. Two of the flaws are memory leaks: one in the voice-over-IP capability, and one in the proxy service that could lead to denial of service. The third is an error message-handling problem that could allow attackers to execute malicious code and use cookies on the affected machines. http://computerworld.com/nlt/1%2C3590%2CNAV65-663_STO63199_NLTSEC%2C00.html Additionally, from what I have seen on ISA puts it more in the 'personal firewall' realm, then a tool on par with the better known tools like the pix you are asking for comparisons too. It can block what comes in, yet fails to deal with what might be leaving. Thanks, Ron DuFresne On Fri, 24 Aug 2001, John Scheidemantel wrote:
Many of my middle market customers are increasingly asking whether using ISA server as a firewall is as good as running Checkpoint or PIX. I am looking for a comparison of performance, administration, vulnerability, failover and clustering capabilities. Are there any considerations when using the Win2K ISA server? I have looked here http://www.spirit.com/cgi-new/report.pl?dbase=fw&function=view and ISA has not been added to the list. Thanks for your help. John Scheidemantel Intrinsic Technologies, LLC Director, Infrastructure Consulting jds () intrinsic net _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- ISA server versus PIX John Scheidemantel (Aug 26)
- Order of Firewall<->NAT - Summation Bob Washburne (Aug 27)
- RE: Order of Firewall<->NAT - Summation Rocky Stefano (Aug 28)
- Re: Order of Firewall<->NAT - Summation Bob (Aug 29)
- Re: Order of Firewall<->NAT - Summation Paul Armstrong (Aug 31)
- RE: Order of Firewall<->NAT - Summation Rocky Stefano (Aug 28)
- Order of Firewall<->NAT - Summation Bob Washburne (Aug 27)
- Re: ISA server versus PIX R. DuFresne (Aug 31)