Re: Security comparison
From: Karl Levinson [x y] mvp (jamescagney90210@excite.com)
Date: 01/05/03
- Next message: m: "Re: Did Microsoft create Opaserv worm to improve Win2k sales?"
- Previous message: Karl Levinson [x y] mvp: "Re: Help understanding log file"
- In reply to: Lily: "Re: Security comparison"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] mvp" <jamescagney90210@excite.com> Date: Sun, 5 Jan 2003 10:32:02 -0500
I'd probably consider letting the VPN traffic through the router to the ISA
server which would be the new VPN endpoint... if such a thing is an option.
The other option would be to permit unencrypted traffic from your router
through ISA, though I'm not necessarily recommending that.
"Lily" <lsho@iname.com> wrote in message
news:093501c2b2c6$82e7e720$8df82ecf@TK2MSFTNGXA02...
> Thanks both of you reply.
>
> Another question, if I do put ISA Server behind my router
> A. But my router Aalready established a VPN connection
> with my other router B. How do I allow ISA server with two
> NICs to route network traffic from internal network B to
> internal network A? It seems everything is block from ISA,
> I don't really know how to set it up.
>
> Thanks,
> Lily
>
> >-----Original Message-----
> >
> >"Lily" <lsho@iname.com> wrote in message
> >news:O4oyLhlsCHA.2628@TK2MSFTNGP09...
> >> I was wondering, how does a DSL VPN router (such as D-
> Link DI-804V or
> >> similar brand) security compare to a software firewall
> such as Microsoft
> >> ISA/Proxy Server? Is it similar? or which one would you
> recommend? I had a
> >> Internet connection as well as VPN tunnel from both VPN
> router, I was
> >> wondering whether I need to put another ISA Server
> behind the router.
> >
> >It really depends on what your environment is and what
> your needs are.
> >Microsoft ISA server includes proxy and caching features
> as well, which can
> >speed internet performance in some cases. It probably
> also integrates
> >better with Windows domains for authentication than other
> products, which
> >may or may not be a good thing. ISA server costs around
> $1500 for the
> >software alone, plus the server to put it on, so you
> should be really sure
> >that you need a proxy server first, otherwise you're
> probably paying too
> >much. I personally think the ISA server is not the
> simplest GUI out there
> >and would probably have more of a learning curve for
> you. You should go to
> >www.google.com and read up on what a proxy server /
> application level
> >firewall is and how it is different from a stateful
> firewall and a NAT
> >router, to see which one you need.
> >
> >> It seems these day most of the VPN router already have
> some sort of
> >firewall
> >> feature. Such as NAT, IPSec VPN etc, if so, wouldn't
> this router aleady
> >> block all ports? Where would be the security hole is?
> >
> >I'm not familiar with that router, but NAT routers that
> just rely on NAT as
> >a "firewall" only block inbound connections, not outbound
> connections.
> >Whether or not your firewall is stateful can also make a
> big difference.
> >
> >Other firewall solutions you might want to consider are
> below. Also, a
> >firewall alone is not enough to keep you secure, so other
> things you should
> >consider for security are also below.
> >
> >http://securityadmin.info/faq.htm#firewall
> >http://securityadmin.info/faq.htm#harden
> >
> >
> >.
> >
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.435 / Virus Database: 244 - Release Date: 12/30/2002
- Next message: m: "Re: Did Microsoft create Opaserv worm to improve Win2k sales?"
- Previous message: Karl Levinson [x y] mvp: "Re: Help understanding log file"
- In reply to: Lily: "Re: Security comparison"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
