Actually, I'd prefer an ISA firewall appliance, esp. once with the
Britestream SSL offload cards. Its pre-hardened based on the vendor's
specs, and provides the security and flexibility of ISA firewalls. Check
Point servers are good too, but you'll pay a big premium. Juniper? You
can pass exploits through those boxes at wicked speeds, no doubt about
it.
But re-read what David LeBlanc has to say about system hardening, and
think about the reasons for "hardening" the ISA firewall and what it is
you're trying to accomplish. I've found it requires little if any
hardening from "a thinking man's point of view", and that most hardening
that's done is for appearances sake only.
The real key to answering this question is:
What are your requirements?
What are you trying to protect?
What level of access control to you require?
What level of detailed reporting do you require?
What throughput to you require?
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**
-----Original Message-----
From: Marcos Marrero [mailto:mmarrero@LLOYDSTSB-USA.com]
Sent: Tuesday, November 15, 2005 10:58 AM
To: focus-ms@securityfocus.com
Subject: ISA Server or Firewall Appliance?
Hello to all,
I have a question to see what everyone out there thinks. Here
it goes...
Is it better to have a firewall appliance (Checkpoint,
Juniper, etc) or
is ISA server enough to use as a firewall (along with all of the other
options it provides)?
Of course the ISA server would sit facing the internet, like
a firewall
would and it would have to sit on a hardened machine.
Just want to know what everyone out there thinks about this
configuration or idea?
Regards
Marcos Marrero * Banking Officer * Data Security
Lloyds TSB Bank * US Information Technology
_________________________________
Tel: (305) 347-6421 * Fax (305) 371-8607
**********************************************************************
This Email is intended for the exclusive use of the addressee only.
If you are not the intended recipient, you should not use the
contents nor disclose them to any other person and you should
immediately notify the sender and delete the Email.
Lloyds TSB Bank plc is registered in England and Wales Number: 2065.
Registered office: 25 Gresham Street, London EC2V 7HN.
**********************************************************************
This email has been scanned for all viruses by the MessageLabs SkyScan
service.
--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
