[Dshield] Best Hardware / Security Set-up for SBS 2003 w/T-1

Josh Tolley josh at raintreeinc.com
Thu Mar 18 21:06:29 GMT 2004

Was it this list or another I'm on that just had a long discussion of 
the merits and shortcomings of ISA server? My (limited) experience with 
ISA server is that it's a pain to configure, and since it runs on 
Windows I wouldn't trust it without another firewall in front of it 
(your opinion may vary -- please don't flame me for mine). The result of 
the discussion on whatever list it was ended up being that ISA is nice 
because of its interoperation with other MS products, but that it was 
best applied as an internal firewall, and that perimeter machines should 
be something more easily hardened. If you're implementing a Cisco box 
anyway, I'd say use it for most of the firewalling you need and depend 
on ISA as little as possible.

Josh Tolley

Steve wrote:

> Thanks for taking the time to read this post.
> I am trying to figure out the best way to set-up my new network.
> I am going to be bringing in a T-1 connection to my office pretty soon.
> I am going to be using MS SBS 2003 with ISA2000, Exchange, and IIS with
> Sharepoint Server.
> I already have the server and software in place, so I cannot change those
> options. I still haven't purchased the router yet though.
> I could also use the CSU/DSU from the T-1 connection to route the data into
> the Server.
> My concerns are security oriented.
> Should I use the Cisco router as a transparent interface and let it do the
> routing and let ISA server handle the firewall?
> Conversely I can set-up the router to also handle the firewall and use it in
> conjunction with ISA server.
> Does anyone have any tips or suggestions?
> Thanks,
> Steve

Josh Tolley
Raintree Systems, Inc.
760 509 9000

More information about the list mailing list