I think that the main argument for not deploying ISA in an internet facing environment is because of the underlying OS; Windows.
Windows has been under attack for how many years now? I believe that if windows is locked down appropriately it can be used as described above. Regards Marcos Marrero -----Original Message----- ********************************************************************** This Email is intended for the exclusive use of the addressee only. If you are not the intended recipient, you should not use the contents nor disclose them to any other person and you should immediately notify the sender and delete the Email. Lloyds TSB Bank plc is registered in England and Wales Number: 2065. Registered office: 25 Gresham Street, London EC2V 7HN. ********************************************************************** From: Jim Harrison (ISA) [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 15, 2005 5:49 PM To: James Eaton-Lee; Marcos Marrero Cc: focus-ms@securityfocus.com Subject: RE: ISA Server or Firewall Appliance? This: " The only last point I'd make is that I'd be hesitant in deploying ISA in an internet facing role (although I do and have done that before) - but I don't really have a justification for this aside from "it just doesn't feel quite right". " ..statement is something that is expressed fairly often, but fortunately has not a single grain of substance to it. To James' credit, he does qualify his hesistation... I know it sounds like marketing spew, but the simple fact is; in 5+ years of service on anything from an SBS server, OEM appliance to HUGE enterprise deployments, ISA server has the distinction of not having been the recipient of one single exploit in the wild. Yes; we've shipped patches for it and the odds are (realistically speaking), we may well do so again. So do Cisco, Juniper, et al and we don't hear the "just doesn't feel right" when they need patching. Contrast this with literally *no other* firewall maker (truthfully) making this claim and you have quite a piece of information at your disposal when you present your options in CxO-land. Jim Harrison Security Platform Group (ISA SE) If We Can't Fix It - It Ain't Broke! This email has been scanned for all viruses by the MessageLabs SkyScan service. --------------------------------------------------------------------------- ---------------------------------------------------------------------------
