To tell the truth, I'm surprised at the lack of ISA / MS bashing in this thread. Is it an indication of MS' place in the general security community, a general lack of interest in ISA or the holiday season approaching? The world may never know...
Actually, I was trying to be just that specific. As was agreed to earlier in this thread, all modern firewalls can be accurately oversimplified as "applications running on operating systems". All of those OS's have been compromised to some degree, and so obviates this contextual "joining of church & state". Following this context, we then examine the exploits and compromises each firewall product *itself* has experienced; i.e, that attack that succeeded in the context of the firewall code itself. It's in this context where I state that ISA has experienced no reported compromises. Also, ISA (and to be fair; the aforementioned competitors) is far more than a simple "firewalling stack". What separates ISA from the others is the fact that ISA has and continues to "lead the pack" in L4+ inspection. Hope that clarifies things a bit... Jim Harrison Security Platform Group (ISA SE) If We Can't Fix It - It Ain't Broke! -----Original Message----- From: James Eaton-Lee [mailto:[EMAIL PROTECTED] Sent: Friday, November 18, 2005 9:23 AM To: Jim Harrison (ISA) Cc: John Kinsella; [email protected] Subject: RE: ISA Server or Firewall Appliance? Jim, On Thu, 2005-11-17 at 13:28 -0800, Jim Harrison (ISA) wrote: > Your statements are fine as far as they go, but there is real (as > opposed to anecdotal) data that directly contradicts your stated > concerns. > There are *lots* of Enterprise networks running ISA 2000 and/or ISA 2004 > on the edge. > Several of these customers have also consented to public case studies > which are (proudly) posted on the microosft.com/isaserver pages. > > Short story - no one has offered anything more than "ancient history" to > counter the facts offered in ISA's favor. Not to be flippant, but I tried - I wasn't really trying to ISA bash, but I disagreed with you when you said on Tuesday that: > I know it sounds like marketing spew, but the simple fact is; in 5+ > years of service on anything from an SBS server, OEM appliance to HUGE > enterprise deployments, ISA server has the distinction of not having > been the recipient of one single exploit in the wild. > and then that... > I know it sounds like marketing spew, but the simple fact is; in 5+ > years of service on anything from an SBS server, OEM appliance to HUGE > enterprise deployments, ISA server has the distinction of not having > been the recipient of one single exploit in the wild. ..more specifically, the bulk of my point was that you weren't comparing like with like, you were comparing a whole firewall platform (IOS/Juniper) with something (ISA) which is just a firewalling stack which necessarily has pre-requisite software which it's combined with to make up the whole firewall, and ignoring the platform (windows) which it was running on top of. So far I haven't had a reply.. ;) If you want to discuss this, I'd be more than happy to re-send my original post on this topic to the list, as this is really a bastardisation of what I was originally trying to say! > - James. --------------------------------------------------------------------------- ---------------------------------------------------------------------------
