Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Software update services on ISA 2004 server
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Software update services on ISA 2004 server - 26.Feb.2004 4:08:00 PM
|
|
|
Guest
|
Looking for an opinion on this. I was looking at running SUS on an ISA 2004 server i have at each site as it seems like a good way save on having so many boxes on the network, anyone got any experience of trying this and is it likely to cause any big security holes?
I would likely setup a rule to allow local host to the MS SUS servers then another rule to allow clients to the SUS on the ISA server from internal network and perimiter.
Also if anyone knows the relevant MS SUS server ip addresses and open ports required it would be most helpful.
Thanks
|
|
|
|
|
RE: Software update services on ISA 2004 server - 27.Feb.2004 12:00:00 PM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi A,
I consider this a bad security arrangement for two reasons:
1. You're downloading files to the firewall. You should always download files to a management station, scan them, then make them available to the network. Ideally, you would never use the browser or any other client application on the firewall
2. The firewall is acting as a file server. Enough said!
HTH,
Tom
|
|
|
|
|
RE: Software update services on ISA 2004 server - 27.Feb.2004 1:47:00 PM
|
|
|
awj
Posts: 104
Joined: 26.Feb.2004
From: UK
Status: offline
|
Fair enough point taken, i guess i will just have to put another one of my demoted ex-server boxes up as a SUS server in the DMZ. Just got so many dam servers i was trying to reduce the numbers.
|
|
|
|
|
RE: Software update services on ISA 2004 server - 2.Mar.2004 12:08:00 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Al,
I certainly understand the wish to optimize server consolodation, but the network firewall shoud never be part of a server consolodation plan, UNLESS you're thinking of putting the ISA firewall on a GSX or ESX VMware server.
HTH,
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
