Re: Security comparison
From: TwistedPair (twistedpair@mail.com)
Date: 01/02/03
- Next message: Curtis Anderson: "Re: New years resolution"
- Previous message: TwistedPair: "Re: MSN/Windows Messenger Security"
- In reply to: Karl Levinson [x y] mvp: "Re: Security comparison"
- Next in thread: Lily: "Re: Security comparison"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "TwistedPair" <twistedpair@mail.com> Date: Thu, 2 Jan 2003 08:14:30 -0800
I agree. I have worked with ISA Server, and although it does some really
cool stuff, it isn't quite to the "It just works" stage. Once you get it
configured, it will "just work," but there are a number of tricks you need
to perform just to get a simple function to work, stuff that isn't readily
apparent. For example, if you set an "allow all" for outbound access in the
"site and content rules" that doesn't let everything out. You need to go
into protocol rules and enable DNS outbound as well, even though that
section also already has a rule that "allows all." If you don't know about
that, it is quite frustrating. It is kinda like the stupid windows prompts
that come up while you are deleting a lot of files that say "are you sure
you want to delete this?" or somethign along those lines, and they would
always reappear even though I clicked "yes to all." Then it dawned on me
that by clicking "Yes to all," it was really "Yes to all" files of that
type. Ever since that epiphany, I have come to begrudgingly accept
Microsoft quirks. Whoah, where did all of that come from?
Pair
"Karl Levinson [x y] mvp" <levinson_k@excite.com> wrote in message
news:#onWptmsCHA.1132@TK2MSFTNGP12...
>
> "Lily" <lsho@iname.com> wrote in message
> news:O4oyLhlsCHA.2628@TK2MSFTNGP09...
> > I was wondering, how does a DSL VPN router (such as D-Link DI-804V or
> > similar brand) security compare to a software firewall such as Microsoft
> > ISA/Proxy Server? Is it similar? or which one would you recommend? I had
a
> > Internet connection as well as VPN tunnel from both VPN router, I was
> > wondering whether I need to put another ISA Server behind the router.
>
> It really depends on what your environment is and what your needs are.
> Microsoft ISA server includes proxy and caching features as well, which
can
> speed internet performance in some cases. It probably also integrates
> better with Windows domains for authentication than other products, which
> may or may not be a good thing. ISA server costs around $1500 for the
> software alone, plus the server to put it on, so you should be really sure
> that you need a proxy server first, otherwise you're probably paying too
> much. I personally think the ISA server is not the simplest GUI out there
> and would probably have more of a learning curve for you. You should go
to
> www.google.com and read up on what a proxy server / application level
> firewall is and how it is different from a stateful firewall and a NAT
> router, to see which one you need.
>
> > It seems these day most of the VPN router already have some sort of
> firewall
> > feature. Such as NAT, IPSec VPN etc, if so, wouldn't this router aleady
> > block all ports? Where would be the security hole is?
>
> I'm not familiar with that router, but NAT routers that just rely on NAT
as
> a "firewall" only block inbound connections, not outbound connections.
> Whether or not your firewall is stateful can also make a big difference.
>
> Other firewall solutions you might want to consider are below. Also, a
> firewall alone is not enough to keep you secure, so other things you
should
> consider for security are also below.
>
> http://securityadmin.info/faq.htm#firewall
> http://securityadmin.info/faq.htm#harden
>
>
- Next message: Curtis Anderson: "Re: New years resolution"
- Previous message: TwistedPair: "Re: MSN/Windows Messenger Security"
- In reply to: Karl Levinson [x y] mvp: "Re: Security comparison"
- Next in thread: Lily: "Re: Security comparison"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
