Security Basics mailing list archives
Re: Firewall recommendations?
From: Chris Travers <chris () travelamericas com>
Date: Sat, 08 Mar 2003 19:35:23 -0800
ISA's not a bad product.That being said, it is not the end-all-and-be-all of security solutions either. If security is important, you can run a filtering router behind your ISA server (on a non-MS OS for added defence in depth) and this is what I would do. You could use a Cisco solution, a Linux router with IPTables, or other options. Also if your defence is all on the same OS that your internal servers are, you lose an opertunity for defence in depth.
The point is that security is a process not a product. No product you purchase can give you security, and implimentation is more important than products.
Anyway, best of luck, Chris rdusek () myway com wrote:
I am in charge of researching a firewall to replace what we currently have. At my previous job I had used Microsoft ISA in a low-security environment, and was happy with its features, and its integration with the Windows environment there. However, at my current job, security is a much greater concern, and I have to admit, I am somewhat uneasy running a Microsoft firewall product on top of a Microsoft OS. We also had investigated Checkpoint as well as Cisco Pix, and found that for our needs, the Pix at least seemed to need _many_ separate components for the same functionality. My question is what are your experiences with using ISA from a security standpoint? Usability issues? From the Mac end? Or would we be better off pursuing the Checkpoint or the Pix solution? We also plan on implementing VPN over whatever we choose, so if you recommend something other than these, it should support at least PPTP and perhaps eventually IPSec/L2TP. We have also considered placing ISA behind a Linux (or BSD) IP Chains firewall and our perimeter network to block some of the traffic from getting to ISA. Any comments here? Thanks to everybody in advance!
Current thread:
- Firewall recommendations? rdusek (Mar 07)
- AW: Firewall recommendations? Thorsten Dampf -- 7stein.net (Mar 07)
- Re: Firewall recommendations? David M. Fetter (Mar 08)
- Re: Firewall recommendations? Chris Travers (Mar 10)
- Re: Firewall recommendations? Bryan S. Sampsel (Mar 11)
- <Possible follow-ups>
- RE: Firewall recommendations? David Ellis (Mar 08)
- Re: Firewall recommendations? Ivan Coric (Mar 08)
- RE: Firewall recommendations? Mark Kelsay (Mar 08)
- RE: Firewall recommendations? John Tolmachoff (Mar 11)
- RE: Firewall recommendations? Jacob (Mar 12)
- RE: Firewall recommendations? John Tolmachoff (Mar 13)
- RE: Firewall recommendations? Jeremy Stinson (Mar 13)
- RE: Firewall recommendations? David Gillett (Mar 17)
- RE: Firewall recommendations? Kevin Saenz (Mar 18)
- RE: Firewall recommendations? John Tolmachoff (Mar 11)