Re: Opinion about using ISA Server for Firewalling and VPN between multiple sites ?

From: Coercitas Temet'Nosce (coercitas@hotmail.com)
Date: 01/15/03 

From: "Coercitas Temet'Nosce" <coercitas@hotmail.com>
Date: Wed, 15 Jan 2003 02:29:56 +0100

Hello,

"Keep in mind that even those free FW mentioned above are only as good as
the configuration they are using. With any FW if you leave ports open and
your bound to be hit. but if you keep things buttoned up and you reasonably
safe."

So true :o)

What makes Linux / Unix systems safer is that they come almost "hole free"
but still the same thing :

- MS OSes can do many things from the beginning but breaks security, you
have to fix them
- Linux / Unix comes very secured BUT you have to start some services to
make it usefull

Kinda the same, except the second category will ONLY make what it is
supposed to, which is btw better than doing everything when we don't want to
imho.

Regards, was a nice post.

"news.free.fr" <abom[antispam]@free.fr> a écrit dans le message de news:
3e244849$0$27683$626a54ce@news.free.fr...
> Thanks for the quality of your reply Robert, now I have a better opinion
and
> a good feebback about an end user of a similar solution that we want to
fit
> here.
> Thanks also for your help proposal, if I need it you will get news from my
> side soon!
> I have found a good source for ISA Server @ http://www.isaserver.org/
> Best Regards,
>
> Olivier
>
>
> "Robert R Kircher, Jr." <rrkircher@hotmail.com> a écrit dans le message de
> news: c9ucnV4kfM1JAb6jXTWcqw@giganews.com...
> > news.free.fr wrote:
> > > Hello to all of you!
> > >
> > > My boss is asking me a good solution to interconnect 6 differents
> > > sites using a VPN through Internet. He has heard about Microsoft ISA
> > > Server. Since I do not like too much this product (spend some hours
> > > on it and get headaches!), I would like your opinion about
> > > implementing such type of solution. Connections should be
> > > bi-directionnal, moreover about 50 peoples will have to come to the
> > > HO network using this VPN on their laptop. And of course is the use
> > > of ISA server present a security risk?
> > >
> > > Thanks for your comments,
> > >
> > > Regards,
> > >
> > > Olivier
> >
> > Ok Olivier, so you've received 4 nays so far... I thought I'd give you
> your
> > first Yes vote for an ISA solutions.
> >
> > ISA *IS* a real firewall. It provides full packet, protocol, site and
> user
> > control both in and out of your network with full logging (although log
> > management could be improved) In addition it is a web proxy and
provides
> > VPN. It is easy to setup and works very well. If your having any
> > difficulties I can point you to a few real good sources for assistance.
> >
> > For your site to site connection ISA has a very simple wizard that lets
> you
> > define ISA to ISA connectivity between the sites which creates an on
> demand
> > VPN connection between sites. This connection can be one-way or both
ways.
> > Performance is more than adequate relative to the speed of you
> connections.
> >
> > For you 50 HO users ISA prides VPN (actually this is through Routing and
> > Remote Access Service in conjunction with ISA) This to is easy to setup
> > using yet another wizard. A couple of click and your ISA server is
ready
> to
> > accept incoming VPN calls. It supports PPTP and L2TP over IPSec.
> >
> > On a side note, I suggest looking into the Terminal Server built into
> Win2K
> > server for remote users. TS is a remote desktop service similar to PC
> > Anywhere, however, many people can connect to the TS at the same time
all
> > running their own virtual desktop. The nicest thing about TS is it work
> > very well at slow connection speeds, 56k. More importantly you home
user
> > doesn't have to have licenses for you business software on the home
> computer
> > and you can control the environment in which the user works. Greatly
> > reduced the chances of virus attack through jonnie homework's VPN
> > connection.
> >
> > Proof is in the pudding... I currently manage 4 sites that use ISA
server
> > (and Terminal Server) and in one form or another, we use all the things
> you
> > are looking for. One site has several remote office that use Terminal
> > server to access the system. The ROs connect trough to the internet
with
> > everything from 56K modem to DSL to Cable modems. Another site has a
> > satellite office connected using the gateway to gateway VPN
configuration.
> > And throughout all the sites most user access the system through a VPN
> > connection from where ever they may be in the world.
> >
> > As to cost, well it aint free!!! The MSRP is $1499 per *processor* and
as
> > mentioned above you need a Win2K server license as well. This price is
> > competitive, however, with other windows based software FWs when you add
> in
> > VPN and web proxy.
> >
> > As to security, well IMO it's like any OS... If you keep it up to date
> its
> > secure. If your lazy it's not. I tend to fit someplace in the middle.
> In
> > the two years that I've been installing and supporting ISA server I've
yet
> > to have one breached. Keep in mind that even those free FW mentioned
> above
> > are only as good as the configuration they are using. With any FW if
you
> > leave ports open and your bound to be hit. but if you keep things
> buttoned
> > up and you reasonably safe.
> >
> > You can download an evaluation copy from MS. Try it out and as I said
if
> > you have any problems shoot me a note and I'll point out a few resources
> for
> > you.
> >
> > HTH
> >
> > --
> >
> > Rob
> >
> >
> >
> >
>
>