Re: ISA and Exchange 2000 on the same box
From: Oliver (oliver@greyhat.de)
Date: 09/25/02
- Next message: Eric: "Re: Strange PKCS7 certif behavior in CryptQueryObject"
- Previous message: Si: "Share Access between domain and workgroup"
- In reply to: RCC: "ISA and Exchange 2000 on the same box"
- Next in thread: S. Pidgorny [MVP]: "Re: ISA and Exchange 2000 on the same box"
- Reply: S. Pidgorny [MVP]: "Re: ISA and Exchange 2000 on the same box"
- Reply: RCC: "Re: ISA and Exchange 2000 on the same box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: oliver@greyhat.de (Oliver) Date: 25 Sep 2002 04:59:21 -0700
Hi,
because Microsoft does not support features like
compartments/jails/CHROOT as unix systems do, the week security of the
IIS will endanger the security of the ISA Server, too.
Even if there is no vulnerability in any of your installed
applications at the time of installation, you should design your
network so, that in case of a new (exploitable) vulnerability, the
occuring damage is minimized.
To obtain such a design, you have to remove all the functionality like
HTTP-Server, Exchange Server etc. from your firewall.
Further you should keep in mind, that Proxy-Systems like ISA or
MS-Proxy are potential vulnerable to attacks against the
proxy-applikations (http, ftp etc.).
To enhance security of you network, you should always prefere to place
a packet filter firewall between the ISA and your internal network.
This "router" has to protect the internal LAN against attacks from a
"hacked" ISA-Server (or from other systems in your DMZ).
Bye,
Oliver Karow
"RCC" <rcc76@hotmail.com> wrote in message news:<eWfjIC6YCHA.1548@tkmsftngp08>...
> Hi guys
> I have troubles convincing management to buy a separate box for ISA install
> and to split Exchange, VPN, ISA and IIS on two boxes (ISA/VPN, Exchange/IIS)
> Could you please outline some of the downsides of running everything on the
> same box, as I'm trying to gather enough information to put a case up. I
> have already mentioned the following:
>
> Performance
> Downtime ("all eggs in one basket" scenario)
> Security (not too sure how insecure this setup will be...)
>
> Thanks for help!
>
> Regards,
> RCC
- Next message: Eric: "Re: Strange PKCS7 certif behavior in CryptQueryObject"
- Previous message: Si: "Share Access between domain and workgroup"
- In reply to: RCC: "ISA and Exchange 2000 on the same box"
- Next in thread: S. Pidgorny [MVP]: "Re: ISA and Exchange 2000 on the same box"
- Reply: S. Pidgorny [MVP]: "Re: ISA and Exchange 2000 on the same box"
- Reply: RCC: "Re: ISA and Exchange 2000 on the same box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
