RE: ISA Server or Firewall Appliance?
From: Marcos Marrero (mmarrero_at_LLOYDSTSB-USA.com)
Date: 11/15/05
- Previous message: Dale Martenstyn: "RE: ISA Server or Firewall Appliance?"
- Maybe in reply to: Marcos Marrero: "ISA Server or Firewall Appliance?"
- Next in thread: Pidgorny, Slav: "RE: ISA Server or Firewall Appliance?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 15 Nov 2005 16:17:28 -0500 To: "Thomas W Shinder" <tshinder@tacteam.net>, <focus-ms@securityfocus.com>
Thomas,
Consider it like this.
You are setting up your network for your newly established company. You
have all brand new equipment (servers, desktops, routers, switches,
etc... a dream come true really!!)
You are the only IT guy and are in charge of setting everything up and
making sure it works.
Taking this scenario into account and previously sitting down and
identifying everything that is going to be going in and out of your
network, I really think that ISA would be the better choice here. This
is a network where there will be very little info and services going in
our out and remote access will be kept to a minimum.
I have networks like the one above with an enterprise firewall sitting
in front of everything... IMO I thinks it is over kill.
Regards
Marcos Marrero
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@tacteam.net]
Sent: Tuesday, November 15, 2005 4:06 PM
To: Marcos Marrero; focus-ms@securityfocus.com
Subject: RE: ISA Server or Firewall Appliance?
Actually, I'd prefer an ISA firewall appliance, esp. once with the
Britestream SSL offload cards. Its pre-hardened based on the vendor's
specs, and provides the security and flexibility of ISA firewalls. Check
Point servers are good too, but you'll pay a big premium. Juniper? You
can pass exploits through those boxes at wicked speeds, no doubt about
it.
But re-read what David LeBlanc has to say about system hardening, and
think about the reasons for "hardening" the ISA firewall and what it is
you're trying to accomplish. I've found it requires little if any
hardening from "a thinking man's point of view", and that most hardening
that's done is for appearances sake only.
The real key to answering this question is:
What are your requirements?
What are you trying to protect?
What level of access control to you require?
What level of detailed reporting do you require?
What throughput to you require?
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**
> -----Original Message-----
> From: Marcos Marrero [mailto:mmarrero@LLOYDSTSB-USA.com]
> Sent: Tuesday, November 15, 2005 10:58 AM
> To: focus-ms@securityfocus.com
> Subject: ISA Server or Firewall Appliance?
>
>
> Hello to all,
>
> I have a question to see what everyone out there thinks. Here
> it goes...
>
> Is it better to have a firewall appliance (Checkpoint,
> Juniper, etc) or
> is ISA server enough to use as a firewall (along with all of the other
> options it provides)?
>
> Of course the ISA server would sit facing the internet, like
> a firewall
> would and it would have to sit on a hardened machine.
>
> Just want to know what everyone out there thinks about this
> configuration or idea?
>
> Regards
> Marcos Marrero * Banking Officer * Data Security
> Lloyds TSB Bank * US Information Technology
> _________________________________
> Tel: (305) 347-6421 * Fax (305) 371-8607
>
>
>
> **********************************************************************
> This Email is intended for the exclusive use of the addressee only.
> If you are not the intended recipient, you should not use the
> contents nor disclose them to any other person and you should
> immediately notify the sender and delete the Email.
>
> Lloyds TSB Bank plc is registered in England and Wales Number: 2065.
> Registered office: 25 Gresham Street, London EC2V 7HN.
>
> **********************************************************************
>
>
> This email has been scanned for all viruses by the MessageLabs SkyScan
> service.
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> -------------
>
>
>
This email has been scanned for all viruses by the MessageLabs SkyScan
service.
This email has been scanned for all viruses by the MessageLabs SkyScan
service.
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Dale Martenstyn: "RE: ISA Server or Firewall Appliance?"
- Maybe in reply to: Marcos Marrero: "ISA Server or Firewall Appliance?"
- Next in thread: Pidgorny, Slav: "RE: ISA Server or Firewall Appliance?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
