RE: suggestions on a good firewall

From: David Ellis (David.Ellis_at_unicam.com)
Date: 05/25/03

  • Next message: Devdas Bhagat: "Re: securing IMAP connection" 
    Date: Sat, 24 May 2003 20:23:32 -0400
To: "Chris Berry" <compjma@hotmail.com>, <security-basics@securityfocus.com>

    Let me ask a question here? Why would anyone want tight active directory
    integration on a firewall which by all means constitutes a security
    flaw?
    Keep your active directory far from your firewall. A firewall is a
    security product and shouldn't be integrated into your internal network
    at all, besides VPN into your lan.

    -----Original Message-----
    From: Chris Berry [mailto:compjma@hotmail.com]
    Sent: Thursday, May 22, 2003 2:31 PM
    To: security-basics@securityfocus.com
    Subject: RE: suggestions on a good firewall

    >From: silvia ghezzi <ghezzi_silvia@yahoo.de>
    >Talking about firewalls, I have experience only with
    >Gauntlet, and I was not really happy with it.
    >It was too much complicated to understand and to be
    >used and here was a real lack of support.
    >Now I have been using PIX for a couple of months, and
    >I am happy.
    >
    >But I still had to fight with my management (which is
    >not really IT oriented). Since we have a full Windows
    >2000 environment with Windows experienced people, they
    >made pressure to have MS ISA server as a firewall.
    >Right now I could got PIX for our remote office, but
    >they are still thinking to go for ISa for oher future
    >remote offices.
    >
    >I have only a little experience on ISA, so I cannot
    >judge. but I still consider it not as a firewall but
    >as a HTTP proxy.
    >
    >Is there someone more into it than me, that can tell
    >me about the advantags and/or disadvantages of having
    >ISA as a firewall?

    I'm using ISA here, and it's not bad as long as you use ONLY microsoft
    products. I chose it originally because when I started here MS was all
    I
    knew, now that I'm picking up Linux knowledge as well, I highly
    recommend
    IPCOP instead (plus its free, and you know how much manager love that
    word).
      IPCOP has firewall/proxy/ids/ssh etc. all built in, and it's
    ridiculously
    easy to set up. I use it for our remote office and I never have to do
    anything with it, just install and forget (well, check for patches once
    in a
    while, but not very often) The only real advantage I can see to ISA is
    tight Active Directory integration.

    Chris Berry
    compjma@hotmail.com
    Systems Administrator
    JM Associates

    "All I want is a few minutes alone with the source code for the universe
    and
    a quick recompile."

    _________________________________________________________________
    The new MSN 8: advanced junk mail protection and 2 months FREE*
    http://join.msn.com/?page=features/junkmail

    ------------------------------------------------------------------------ 

    ---
Thinking About Security Training? You Can't Afford Not To!
Vigilar's industry leading curriculum includes:  Security +, Check
Point, 
Hacking & Assessment, Cisco Security, Wireless Security & more! Register
Now!
--UP TO 30% off classes in select cities-- 
http://www.securityfocus.com/Vigilar-security-basics
------------------------------------------------------------------------
----
**************************************************************************************************
** eSafe-portsmouth scanned this email for viruses, vandals and malicious content **
**************************************************************************************************
---------------------------------------------------------------------------
Thinking About Security Training? You Can't Afford Not To!
Vigilar's industry leading curriculum includes:  Security +, Check Point, 
Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
--UP TO 30% off classes in select cities-- 
http://www.securityfocus.com/Vigilar-security-basics
----------------------------------------------------------------------------
  • Next message: Devdas Bhagat: "Re: securing IMAP connection"

    Relevant Pages

    • RES: ISA firewall
      ... If we want to judge ISA as a firewall product (or if you want to judge ... Linux) were compromised by a security hole that was identified days ago, ... flaws, so does every single bit of line of code out there. ...
      (Security-Basics)
    • Re: Must I be forced to Upgrade from SBS 4.5?
      ... Just sometimes with security you need to be political, a NAT only customer ... "wrong" if no "industrial strength" firewall is not installed, ... The good thing about ISA is that it can be updated ...
      (microsoft.public.backoffice.smallbiz)
    • Re: Firewall recommendation ?
      ... When attending an ISA security workshop some time ago the instructor pointed ... > firewall will most likely get caught on the second one. ... > have redundant firewalls and separate firewall types in layers. ...
      (microsoft.public.windows.server.sbs)
    • Re: RWW authentication
      ... Thanx for your concern about the lack of security. ... Given that you have disabled ISA, you have an external firewall I hope? ... SSL authentication seems to work just fine however on the actual RWW login ...
      (microsoft.public.windows.server.sbs)
    • [REVS] Bypassing Client Application Protection Techniques
      ... Get your security news from a reliable source. ... protection programs. ... * Kerio Personal Firewall 4.0 ... And we got actually nothing in the field of client application ...
      (Securiteam)
    Loading