Re: MS ISA any good?
From: David (davidwnh@adelphia.net)
Date: 11/21/02
- Next message: Wolfgang Kueter: "Re: MS ISA any good?"
- Previous message: David: "Re: still open ports with firewall enabled"
- In reply to: buzzard: "MS ISA any good?"
- Next in thread: Wolfgang Kueter: "Re: MS ISA any good?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "David" <davidwnh@adelphia.net> Date: Thu, 21 Nov 2002 01:01:55 GMT
I think ISA is fabulous! and so far it seems to be doing its job quite
well(and securely). Once you have it set up it is easy to reconfigure and
monitor. And the amount of control you have over both inbound and outbound
access is tremendous. The logging out of the box is lacking but it is easy
to integrate the logs into SQL server which makes things quite nice.
Is it worth the price? I got it through a developers license so it's hard
for me to comment on this since I don't know what they currently charge per
server and/or seat. I'm sure you can set up most of the same functionality
on a Linux box with cheaper or free software, but the question is do you
have someone who knows Linux well enough, or will the extra time spent
because you don't cost more in the long run? You may not be able to control
the firewall clients on a per application basis as well (if at all) if you
go this route however. As far as the Windows Platform I would imagine you
can get all the same functionality for less however I don't know if it would
all be in the same package or as easy to set up and integrate within your
network. The big difference I see from other solutions is the firewall
client. It allows you to control access on a per application basis without
the configuration hassles of desktop firewalls. This functionality alone
puts this product ahead of many of the other applications I have seen. The
control you have of what happens from inside may be worth any additional
expense this product may have.
Securitywise I wouldn't doubt it has some yet to be discovered flaws,
however overall it is just like everything else they sell. You have to be
sure to tweak the settings. Tweak the OS and uninstall all the extra apps
which expose many of the holes. Also be very careful with other services on
the same machine since they can add certain issues which require further
configuration. With minimal additional services you can probably tighten up
an ISA server quite well.
Go to the Microsoft ISA messageboards and try to get a thread going with Tom
Shindler. He's one of the most knowledgeable I've seen discussing this
product. You may also be able to contact him via isaserver.org
"buzzard" <jwstepanek@yahoo.com> wrote in message
news:c670e63f.0211201416.5c5b5a9e@posting.google.com...
> We have a person at my place of work suggesting implementation of a MS
> Internet Security and Acceleration Server. This will be the primary
> security device, as well as providing web cache services.
>
> My questions would be:
> A) it is really secure? MS does not exactly have a stellar reputation
> for security overall. Is there something about this product which
> would exempt it from this expectation?
> B) Is it worth the money? Are there better alternatives for a better
> price?
> C) Somewhat related to the previous question- is it not possible to
> set up equivalent functions on a BSD or linux box which would have
> comparable functionality (we don't need VPN) and likely better
> security?
>
> Thanks for any help.
>
> James
- Next message: Wolfgang Kueter: "Re: MS ISA any good?"
- Previous message: David: "Re: still open ports with firewall enabled"
- In reply to: buzzard: "MS ISA any good?"
- Next in thread: Wolfgang Kueter: "Re: MS ISA any good?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
