Jump to content
Sadikhov IT Certification forums
Sign in to follow this  
Guest mahnaz

Isa

Recommended Posts

The training kit is good for a first time - how to do it urself types. The Syngress books by a gentleman called Schindler, I am not sure about the author, but the books are great for advanced configurations for practical applications. If you are able to easily perfom the tasks mentioned in the Syngress book in practical life, u can clear the exam within no time, even without the TKs.

Then again dont take a chance for the exams.

 

Look on the forum and search for ISA Server, A number of posts are present

 

Cheers

Duser

Share this post


Link to post
Share on other sites

I still find it hard to believe that anyone would actually consider any firewall that runs on a Windows box. I mean why would you try to protect 50 windows pcs with one Windows server it doesnt add up. I wouldnt run any firewall software on any PC type hardware. I always use appliances, for performace reasons. Its not possible for a server to outperform an appliance when it comes to throughput. People need to take security seriously and realize you have to have a true FIREWALL, and not some POS software gateway running on a x86 platform.

Share this post


Link to post
Share on other sites

DJ INFINITY,

Go thru this article, u may have a change of mind. I will always rate software firewalls more friendly and open to adaptation when compared to hardware firewalls. Then again my paranoia on sec is a little low. Please go thru this article. It gives a good reason to adapt ISA based on requirements.

 

http://www.windowsecurity.com/articles/Comparing_Firewall_Features.html

 

No solution is perfect. If it was, it would never be upgraded.

 

Cheers

Duser

Share this post


Link to post
Share on other sites

Oh I agree ISA is very adaptable. I work as an Information Security Officer for a technology consulting firm and advise organizations as well as goverment agencies on perimeter security. Sure for most mom and pop type of operations Im sure a pc running ISA is fine. However there is no way you could put an ISA box up against a Pix 506 or 515, or a Netscreen 5gt and on up. It should also be noted that Microsoft choses to protect its windows servers that run the windows update site with a huge array of linux boxes running checkpoint. Checkpoint is a great product, I just wouldnt run it on a Windows box for obvious reasons. Using an ISA server to protect a network is the equivilent of bolting a screen door on a submarine.

Share this post


Link to post
Share on other sites

No denying that hardware boxes with tightened security on OS having limited work scope will provide for better security rather than firewall solutions loaded on possibly (read very likely) insecure OS boxes. But then each solution has its merit and there shud be sufficient reason to exploit the right options.

Again exploits are there for the taking and it most depends on how well u have created your config that actually determines the end security. For a security intensive solution, I would never recommend an ISA except as a proxy gateway.

 

Cheers

Duser

Share this post


Link to post
Share on other sites

I agree with dusker. Actually i dont believe in software based firewall security becasue that software can crash any moment. Rather you take a cisco firewall which is more efficiat and relaible.

 

Cheers

Share this post


Link to post
Share on other sites
Guest Werkman

I would not suggest ISA as a Firewall for two reasons: 1. Microsoft is such a big player in the market that hackers try to breakthru this kind of firewall at first. Because when the have the solution to do so you can break in on a lot of networks. 2. It is a software Firewall. And software can hang. Therefore I always suggest to use hardware firewall suchs as Nokia-firewall or Cisco-firewall. Behind that hardware-firewall you could use a software-firewall suchs as Checkpoint (product from an firm from Israel) or IF you wan´t to Microsoft ISA.

Share this post


Link to post
Share on other sites

Even hardware firewalls run on software that can hang although rarely.

 

I am using ISA server as a VPN proxy and the machine has never ever got stuck or crashed (in two years). But then, I am using it as a dedicated VPN machine. No shares, no other work.

 

In fact, I had a problem with my Cisco device (although only once in two years). So therefore, in my book, the reliability is equal and mostly relates to how well u put it to use. Normally, on the Cisco, we make sure that we dont exceed 80% of CPU util, no such care is taken on the ISA and this can be the cause of real evil.

 

I am no advocate for ISA and in my book, everyone's as good with one feature better here than there and the real choice must be based on the application and the cost at hand.

 

Cheers

Duser

Share this post


Link to post
Share on other sites
Oh I agree ISA is very adaptable. I work as an Information Security Officer for a technology consulting firm and advise organizations as well as goverment agencies on perimeter security. Sure for most mom and pop type of operations Im sure a pc running ISA is fine. However there is no way you could put an ISA box up against a Pix 506 or 515, or a Netscreen 5gt and on up. It should also be noted that Microsoft choses to protect its windows servers that run the windows update site with a huge array of linux boxes running checkpoint. Checkpoint is a great product, I just wouldnt run it on a Windows box for obvious reasons. Using an ISA server to protect a network is the equivilent of bolting a screen door on a submarine.

it always amaze me how people who have a certain knowledge about security will judge ISA only based on the fact that it runs on Windows and it's sold by Microsoft... :(

 

do you have any proofs?... like an independant survey / test... i bet that you don't...

 

check out this article... and if you feel so confident with your beliefs post a reply...

http://www.securityfocus.com/archive/105/345087

 

P.S. in case that you haven't found out yet, Microsoft has outsourced the hosting of WindowsUpdate servers... and it's true that the Akamai Technologies uses Linux...

Share this post


Link to post
Share on other sites

ISA Server 2004 Standard Edition was released on July 14...

 

you can check MS website for new features and improvments...

it adds a lot in supporting VPN and remote access in general...

Share this post


Link to post
Share on other sites

You can learnig from TRANING KIT, in my opinion it is the best way, if you want to learn ISA server. You can learnig from MOC

You can search forums, google etc

Share this post


Link to post
Share on other sites
Guest taobao

i have this book about ISA of syngress

if you like give me ur mail, i send it to u

Share this post


Link to post
Share on other sites

www.isaserver.org --> downlaod anything you find and

help files from ISA server, which is exact copy of MS press book 70-227 or vice versa, and installed ISA server 2000 Enterprise Edition with VMWare.

Share this post


Link to post
Share on other sites

I have studied with Training Kit, then I use CBT Nuggets about ISA, so I think it is very good to combine 2 things : first thing give you concepts, second thing give you practices. I recommend that you install ISA so you can practices yourseft. If you need book or CBT, please mail to me : sdhunter2004@yahoo.com. So be careful, if you need CBT, it too large (100MB) so you need to prepare to download it.

Share this post


Link to post
Share on other sites

hi

for learning ISA you must read :

microsoft training and certifiction

course no.2159a

 

after that you can use articles on www.ISASERVER.org

its hard but you can read and learn it

 

if you need help i can help you

bye

 

:ph34r:

Share this post


Link to post
Share on other sites

As several others pointed out isaserver.org has a wealth of information about how to use the product, how to configure it for specific uses tec... There is also a fairly usefull messageboard there as well.

 

The Syngress books are excellent resources if you want to learn, use and get certified on IsA Server.

 

I would also suggest installing one of the Windows server versions along with ISa on a test box and then installing VMware or Microsofts Virtual PC and putting a client on it to test your ISA installation, play with rules and configurations and such. I did this so I could learn the product and pass the certification and it was the single best resource I found.

Share this post


Link to post
Share on other sites

I would suggest that all depends on your budget and how much your application require security.

 

We are using ISA from last 3 year and touch wood not a single hanging and ofcourse good at firewall. Good product.

Share this post


Link to post
Share on other sites

see www.isaserver.org

 

it's a great site about isa with newsletter.

All procedures to install or maintain your ISA Server environnement are in this site.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

×