[Dshield] (no subject)

Bob Savage bsavage at rnr-inc.com
Wed Mar 27 16:57:52 GMT 2002


Thanks, Tom, for the feedback.  I admit I'm leaning toward ISA server,
and if we do go that way I would definately be interested in your
filter.

Bob Savage


-----Original Message-----
From: Tom Geairn [mailto:tgeairn at newviewconsulting.com]
Sent: Wednesday, March 27, 2002 9:37 AM
To: list at dshield.org
Subject: RE: [Dshield] (no subject)


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bob, Kevin, et all:

Overall, I've done approximately 30 ISA Server installs in the past
12 months.  These have all gone smoothly and in every case the
product has exceeded the client's expectations.  

I agree with Kevin, in part, though.  The correct set-up of ISA
Server is NOT a trivial task.  It requires all of the knowledge
needed to set-up a firewall, along with thorough knowledge of
everything you want to publish from behind it.  Throw in the fact
that MS basically went to the nth degree in making it flexible
(creating about 1000 different ways to do the same thing) and many
smaller companies get frightened off.

In those 30 installs (including approx. 50 servers total), I have
never, NOT ONCE, seen a successful breach of the ISA firewall.  Some
of these machines are at sites being hit continuously by attempted
hacks.  Another plus is that using the proxied publishing for web and
SMTP servers (while complex to set up properly) prevented my clients
from experiencing any degradation on their actual web and email
servers during codered, nimda, etc.  

As far as a filter for ISA, I have written one that requires ISA to
log activity in an SQL Server DB.  I then use a stored procedure to
parse the entries and produce a more readily reportable format. 
Another procedure takes the data, throws it into a Dshield format,
and emails it.  I wrote this for a client, but they are not using it
(I don't think).  If there is sufficient demand out there, I will put
together something that doesn't require SQL Server.  Any requests?

- -Tom Geairn
NewView Consulting, LLC


- -----Original Message-----
From: list-admin at dshield.org [mailto:list-admin at dshield.org] On
Behalf Of Bob Savage
Sent: Wednesday, March 27, 2002 6:53 AM
To: list at dshield.org
Subject: RE: [Dshield] (no subject)

And is anyone else out there even USING ISA server?
...

 

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPKHnCckak2XDABkdEQKVGwCdHDvevPzk+8r/JcvondpZu4wER+wAoMOQ
1cpizSrrGEaAhqCKN2BMgWy0
=Ipdh
-----END PGP SIGNATURE-----

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list