Re: ISA Server or Firewall Appliance?

Thu, 17 Nov 2005 10:13:52 -0800 

Susan,
ISA is a very flexible piece of software, as mentioned previously in this conversation. In technology, flexibility usually implies complexity. In this case, that implication is very true, as both ISA and Windows are extremely complex pieces of software. Complexity is not something you want in a firewall, under any circumstances, but especially not on the perimeter (given a "buffer" which usually exists in regards to an internal firewall). Complexity means more moving parts, more things to break, more things to misconfigure, more things to manage... With an appliance (or appliance-like) solution, the vast majority of that complexity doesn't exist. This theory is a simple "best practice" which many organizations follow, or should, if they don't. 


Another problem I have, personally, with ISA is the fact that it's 
(usually) tied into the same directory which an organization uses to 
manage the rest of their business systems. This functionality should be 
completely separate in theory (in accordance with "best practices" as 
well as what Microsoft has stated in numerous whitepapers), but in 
practice, it usually is not. Managing your perimeter firewall via the 
same directory you use to manage the print server which is on your 
internal network is NOT a good idea, for any number of reasons.


Abe

--
Abe Getchell
[EMAIL PROTECTED]
http://abegetchell.com/

Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:

The annoying SBSer with ISA on her box is going to challenge you on that 
one.


What exactly doesn't feel quite right?  Why does it not feel right?


In my network I like it because it's on a platform that I can monitor 
easier. Control better.  Patch easier.  [WSUS will soon support ISA as a 
matter of fact]


Isn't the same true for big networks?


I think we all need to let go of our OS perceptions and look at the 
realities of operating systems these days and what not.  If we can't 
control it...understand it...I'm not sure it's not helping in the 
security fabric of my network.


Our firewalls are not our perimeters any more.


http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032286231&EventCategory=3&culture=en-US&CountryCode=US 


---------------------------------------------------------------------------
---------------------------------------------------------------------------























					Reply via email to