[Dshield] Best Hardware / Security Set-up for SBS 2003 w/T-1
josh at raintreeinc.com
Thu Mar 18 21:06:29 GMT 2004
Was it this list or another I'm on that just had a long discussion of
the merits and shortcomings of ISA server? My (limited) experience with
ISA server is that it's a pain to configure, and since it runs on
Windows I wouldn't trust it without another firewall in front of it
(your opinion may vary -- please don't flame me for mine). The result of
the discussion on whatever list it was ended up being that ISA is nice
because of its interoperation with other MS products, but that it was
best applied as an internal firewall, and that perimeter machines should
be something more easily hardened. If you're implementing a Cisco box
anyway, I'd say use it for most of the firewalling you need and depend
on ISA as little as possible.
> Thanks for taking the time to read this post.
> I am trying to figure out the best way to set-up my new network.
> I am going to be bringing in a T-1 connection to my office pretty soon.
> I am going to be using MS SBS 2003 with ISA2000, Exchange, and IIS with
> Sharepoint Server.
> I already have the server and software in place, so I cannot change those
> options. I still haven't purchased the router yet though.
> I could also use the CSU/DSU from the T-1 connection to route the data into
> the Server.
> My concerns are security oriented.
> Should I use the Cisco router as a transparent interface and let it do the
> routing and let ISA server handle the firewall?
> Conversely I can set-up the router to also handle the firewall and use it in
> conjunction with ISA server.
> Does anyone have any tips or suggestions?
Raintree Systems, Inc.
760 509 9000
More information about the list