RE: ISA Server or Firewall Appliance?
From: Barrie Dempster (barrie_at_reboot-robot.net)
Date: 11/19/05
- Previous message: matthew patton: "RE: ISA Server or Firewall Appliance?"
- In reply to: Jim Harrison (ISA): "RE: ISA Server or Firewall Appliance?"
- Next in thread: James Eaton-Lee: "RE: ISA Server or Firewall Appliance?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Jim Harrison (ISA)" <Jim.Harrison@microsoft.com> Date: Fri, 18 Nov 2005 23:20:56 +0000
On Fri, 2005-11-18 at 11:39 -0800, Jim Harrison (ISA) wrote:
> To tell the truth, I'm surprised at the lack of ISA / MS bashing in this
> thread.
I think it has been quite decent too, although it is the Focus-MS list
so you'd expect most of the bashers to just not subscribe.
> Is it an indication of MS' place in the general security
> community, a general lack of interest in ISA or the holiday season
> approaching? The world may never know...
ISA rocks and as James has said he's a major fan of the system. There is
no doubt that ISA is a great system and worth using in a lot of
scenarios, I personally love it. Although I know it does have some
failings, not to admit that would just be silly as one system can't do
everything and do it without flaw - although ISA tries very hard at this
and holds together quite well.
> Following this context, we then examine the exploits and compromises
> each firewall product *itself* has experienced; i.e, that attack that
> succeeded in the context of the firewall code itself.
> It's in this context where I state that ISA has experienced no reported
> compromises.
You don't state whether or not that is unique here though although you
phrase it as if it is, personally I don't *believe* it is, although I
have seen no study on this to prove it either way and haven't undertaken
the study myself. By this I mean something properly independent, not
vendor funded - which most research in areas like this tends to be.
> Also, ISA (and to be fair; the aforementioned competitors) is far more
> than a simple "firewalling stack". What separates ISA from the others
> is the fact that ISA has and continues to "lead the pack" in L4+
> inspection.
Indeed, easily the strongest selling points of the system. I said it
before, nothing comes close to ISA when you want to work with RPC.
-- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue "He who hingeth aboot, geteth hee-haw" Victor - Still Game blog: http://reboot-robot.net sites: http://www.bsrf.org.uk - http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3
- application/x-pkcs7-signature attachment: smime.p7s
- Previous message: matthew patton: "RE: ISA Server or Firewall Appliance?"
- In reply to: Jim Harrison (ISA): "RE: ISA Server or Firewall Appliance?"
- Next in thread: James Eaton-Lee: "RE: ISA Server or Firewall Appliance?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
