MS ISA Server of *nix Firewall

By Dudydoo
in Smart Home, Network & Security

 Share

  

3 members have voted

  1. 1. MS ISA Server of *nix Firewall

    • MS ISA Server
      1
    • Linux/Unix (ipfwadm, ipchains or iptables)
      1
    • Other
      1
    • Both
      0

Recommended Posts

Grand Master

Jon

Posted
Posted

Arg! why do people keep asking which firewall is most secure!!!!

They are as secure as the platform they run on, and as secure as they are configured.

ISA has a bad rep, but I've worked with it, and it does the job, in a very easy to use fasion.

I'd say for perimeter, run something like checkpoint fw1, and for the internal side of the DMZ, use ISA, then you can make the most of its caching features as well.

Veteran

danbalsh

Posted
Posted

I find ISA VERY VERY VERY good at it's job, it's fast, secure, and works very well with 2000/XP also it's **** easy to setup and use.

I'm currently looking for people who have knowledge of 2000 Server(s) ISA included, if you want to help me with some content for my site www.balshaw.net email me :) maybe we can help each other out along the way.

Cheers

Community Regular

kowcop

Posted
Posted

Hi, I am a firewall administrator, and the question you have to ask is what are you protecting? Firewalls are all about risk. well risk vs cost. At home I run ISA because all I want to do is hide my connection and use the cache server part of ISA (plus I got a freebie 5 license copy), but at work we use Checkpoint on Linux.

Don't get me wrong, ISA does a pretty good job at what it is intended for, but that is NOT an enterprise class firewall (just yet). Logging is crap and hard to follow. Basically if someone was indeed hacking you, you wouldn't know about it until your page was defaced.

With Checkpoint, there is a visible running log where you can see exactly what is happening on your firewall in an intuitive form. This isn't Microsoft vs Linux, it is a tried and true firewall (checkpoint) vs a first version Firewall that also doubles as a proxy server...

Microsoft states that not one ISA server has been hacked, but I wouldn't risk my companies data on it till at least next version when hopefully they will address some of the shortfalls (ie. logging, intrusion detection, etc)

A firewall running on a Microsoft platform is also going to suffer other vulnerabilities to the degree of what you leave running on it, and what is unpatched.

For my two bobs worth, put a linux firewall with the ISA box internal to that.. 2 firewalls.. and also use the internal microsoft firewall as a cache server.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.