ISA Opinions

[Guest]

I am working on a security specialty in my MCSE track. I just started
studying ISA 2000.

Microsoft's claims in the early chapters of the study kit are pretty
impressive. But things are seldom as good as they first appear.

What are the good points and not so good points about using ISA server? Is
it better, worse or just different from a hardware firewall?

Myrt

 

[Steve Clark [MSFT]]

Whether or not a firewall runs on hardware, software, sodium ions, or
anything else is not the question: the question is, does the firewall I am
looking at provide layer 7 filtering and inspection of traffic? If it
doesn't then it's not going to provide the maximum benefit that firewalls
*need* to provide these days.

Perimeter security however is not the end all be all of network security.
ISA does what it can to address a specific array of threats in a particular
setting. A PIX has it's own issues and particular sets of threats it
mitigates. Frequently, I see these devices working together to provide a
perimeter "defense in depth" approach.

 

[Matt Gibson]

*grin*

Exactly.

Personally, I use a Fortigate, then an ISA server. Both have their pros,
and both have their cons.

Matt Gibson - GSEC

 

[Robert Moir]

I am working on a security specialty in my MCSE track. I just started
studying ISA 2000.

Microsoft's claims in the early chapters of the study kit are pretty
impressive. But things are seldom as good as they first appear.

What are the good points and not so good points about using ISA
server? Is it better, worse or just different from a hardware
firewall?

It is worth pointing out that *all* firewalls are "hardware firewalls" and
*all* firewalls are "software firewalls". Every firewall is a software
program running on a hardware platform. (I personally use the term 'software
firewall' to mean those childs toys people put on their home computer but
thats another story).

ISA server is a good firewall for protecting Windows based workstations
while allowing them easy access to facilities on the internet, that i'm
happy to deploy in combination with another dedicated firewall such as a
cisco pix or sonic wall or suchlike.


--

 

[Steven L Umbach]

For what it does ISA is pretty impressive especially for application
filtering. ISA 2004 is a major improvement over ISA 2000 if functionality
and ease of use including much better VPN support to manage VPN user access
to network and internet resources. Unless you have a short time horizon, go
with ISA 2004. The exam for it is supposed to be out early in April. I don't
know when there will be MCSE study guide out for it by Dr. Tom Shinders book
on ISA 2004 is excellent and he answers your question in great detail with
comparisons to current firewall offerings. --- Steve