OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Henderson, David (DavidHPROF-NETWORKS.CO.UK)
Date: Thu Apr 05 2001 - 04:25:12 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I to was initially impressed by ISA server, in that it offers, potentially,
    a perimeter security solution out of one box. However, and this is just an
    observation, I feel by putting "all your eggs in one basket" [proxy,
    firewall, IDS etc..] you may be taking a simplistic view on network edge
    security. I installed and configured an ISA and everything went well. It
    is running fine and I am in the process of measuring its performance.
    However, the ease of installation and configuration bothered me in that it
    really was VERY easy!!

    I am concerned that people will load the default settings and believe that
    their network is now safe. A robust ISA takes a lot of thinking about
    before implementation, and to get the best performance out of it you'll need
    a big disk cache and some meaty memory.

    I still don't know if keeping a separate firewall, IDS systems and proxy is
    a better way to go. Yes the admin overhead is greater, but I never believed
    in that 'Lower TCO' thing anyway..:) I think admins have got to be "hands
    on" with their network.

    thoughts?

    .d

    -----Original Message-----
    From: hmmmm [mailto:jp.kirkEROLS.COM]
    Sent: 01 April 2001 22:02
    To: FOCUS-MSSECURITYFOCUS.COM
    Subject: Re: Win2k ISA Server Implementation Plan

    Have you checked the MS pages on ISA Server and Security?

    http://www.microsoft.com/isaserver/
    http://www.microsoft.com/technet/security/bestprac.asp

    You will want to harden the server, there are some good sites (see
    above) and books on that subject. One of the easiest books I have found
    although not complete (does not deal fully with file and registry
    permissions) is the O'Rielly book Securing Windows NT/2000 Servers for
    the Internet by Norberg and Russel. SANS has some guides, NSA and the
    US Navy also have guides. The NSA makes you pay for theirs now but,

    SANS
    http://www.sans.org
    Navy
    https://infosec.navy.mil/content.html

    If you need the old NSA doc (done by Trusted Systems) email me directly
    and I can send it to you. Most of these guides are for NT 4. NSA has a
    preliminary version out for W2K but is not widely distributed and is
    still in draft mode.

    Hope this helps, good luck.

    Ewan Morrish wrote:
    >
    > I have been asked by my manager to design and implement a new Internet
    > Security & Acceleration Server on our network to help limit abuse of
    > Internet Access. Can anyone point me in the right direction in regards to
    > doing a proper implementation plan, what areas to investigate, security,
    > costings, network design etc. Since I've just started working for my
    > company, I would like to make a good impression.(Ofcourse)
    >
    > Regards
    >
    > Ewan. 

    --

    ------------------------------------------------------------------
James P Kirk                       |    email:  jp.kirkerols.com
MCSE, MCP+I, CCNA, CCSA
Various other assorted security certs, yada, yada, yada!
------------------------------------------------------------------
error: found your .sig, thought it was stupid, did not append!