Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: ISA Server or Firewall Appliance?

from [Marcos Marrero] Network Security [Permanent Link]
Subject: RE: ISA Server or Firewall Appliance?
Date: Wed, 16 Nov 2005 11:26:25 -0500 

I think that the main argument for not deploying ISA in an internet
facing environment is because of the underlying OS; Windows. 

Windows has been under attack for how many years now? I believe that if
windows is locked down appropriately it can be used as described above. 

Regards 
Marcos Marrero 


-----Original Message-----

**********************************************************************
This Email is intended for the exclusive use of the addressee only.
If you are not the intended recipient, you should not use the
contents nor disclose them to any other person and you should
immediately notify the sender and delete the Email.

Lloyds TSB Bank plc is registered in England and Wales Number: 2065. 
Registered office: 25 Gresham Street, London EC2V 7HN.

**********************************************************************

From: Jim Harrison (ISA) [mailto:Jim.Harrison@microsoft.com] 
Sent: Tuesday, November 15, 2005 5:49 PM
To: James Eaton-Lee; Marcos Marrero
Cc: focus-ms@securityfocus.com
Subject: RE: ISA Server or Firewall Appliance?

This:
" The only last point I'd make is that I'd be hesitant in deploying ISA
in an internet facing role (although I do and have done that before) -
but I don't really have a justification for this aside from "it just
doesn't feel quite right".
"

..statement is something that is expressed fairly often, but fortunately
has not a single grain of substance to it.  To James' credit, he does
qualify his hesistation...
I know it sounds like marketing spew, but the simple fact is; in 5+
years of service on anything from an SBS server, OEM appliance to HUGE
enterprise deployments, ISA server has the distinction of not having
been the recipient of one single exploit in the wild.

Yes; we've shipped patches for it and the odds are (realistically
speaking), we may well do so again. So do Cisco, Juniper, et al and we
don't hear the "just doesn't feel right" when they need patching.

Contrast this with literally *no other* firewall maker (truthfully)
making this claim and you have quite a piece of information at your
disposal when you present your options in CxO-land.

Jim Harrison
Security Platform Group (ISA SE)
If We Can't Fix It - It Ain't Broke!



This email has been scanned for all viruses by the MessageLabs SkyScan
service.

---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Renaming Administrator account, Dubber, Drew B
Next by Date:  Administrivia: Trimming replies, Marc Fossi
Previous by Thread:  RE: ISA Server or Firewall Appliance?, James Eaton-Lee
Next by Thread:  Re: ISA Server or Firewall Appliance?, Thor (Hammer of God)
Indexes:  [Date] [Thread] [Top] [All Lists]