Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: ISA Server or Firewall Appliance?

from [Thomas W Shinder] Network Security [Permanent Link]
Subject: RE: ISA Server or Firewall Appliance?
Date: Thu, 17 Nov 2005 14:36:48 -0600 
Hi Abe,

You should check out the Network Engines ISA firewall appliance. They
have completely locked down the box. You can't get to the file system or
anything else that Network Engines hasn't exposed to you, as required
for firewall configuration. Unless you really worked had at it, you'd
never know you were dealing with a Windows-based firewall. That's how
hard they've locked down the interface. Some people love it, because it
looks like a "hardware" firewall, while ISA firewall aficiandos don't
care for it, because you can't make it dance and sing and do some of the
amazing stuff you can do with it if you had full access to the ISA
firewall and OS components. But it does solve the problems you bring up
regarding complexity and potential to break things due to that
complexity.

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**

 


-----Original Message-----
From: Abe Getchell [mailto:mailing.list.spooler@gmail.com] 
Sent: Wednesday, November 16, 2005 12:22 PM
To: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Cc: focus-ms@securityfocus.com
Subject: Re: ISA Server or Firewall Appliance?

Hi Susan,

You bring up a good point concerning misconfiguration (of course it's 
possible to misconfigure an appliance firewall), but with an 
appliance 
solution there's simply less to misconfigure in the first 
place; either 
the component simply doesn't exist or the administrator isn't given 
(direct) access to screw it up.

However, that being said, having people who understand 
firewalls and can 
manage them appropriately isn't at question here, that's an HR issue. 
What is at question here is which piece of technology, that 
the original 
posted described, is better suited to be a perimeter firewall. We're 
talking pure technology here, as is usually implied when 
asking a "which 
is better" question on a technology mailing list. We just assume that 
regardless of the solution it will be managed competently (though we 
shouldn't... we really, really, shouldn't).

Simply going through the basic build/configuration/management process 
and comparing the steps/processes involved will give you a 
clear picture 
as to why appliance solutions (such as Check Point's SPLAT or Cisco's 
PIX) are much less complex than a "general purpose" solution (such as 
Windows/ISA or Linux/IPTables). I'll spare you (and everyone 
else) the 
lengthy e-mail (unless you really, really, want it) and let you go 
through that exercise on your own, if you choose.

Abe

-- 
Abe Getchell
abegetchell@gmail.com
http://abegetchell.com/




---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ISA Server or Firewall Appliance?, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Next by Date:  SBS always a security compromise ?, Barrie Dempster
Previous by Thread:  RE: ISA Server or Firewall Appliance?, James Eaton-Lee
Next by Thread:  RE: ISA Server or Firewall Appliance?, Jim Harrison (ISA)
Indexes:  [Date] [Thread] [Top] [All Lists]