• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

QSS Installation?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> General >> QSS Installation? Page: [1]
Login
Message << Older Topic   Newer Topic >>
QSS Installation? - 20.Feb.2006 10:39:19 PM   
bjblackmore

 

Posts: 103
Joined: 9.Aug.2005
Status: offline
Hi,

 
I'm going through the documentation for the installation of QSS, and it says I have to install the 'Microsoft FTP Service'. Is this the same FTP service that gets installed with the IIS service? If so, is it safe to run IIS on a front facing ISA server? Won't this open up a security hole?

 
Any advice greatly appreciated.

 
Cheers

 
Ben
Post #: 1
RE: QSS Installation? - 22.Feb.2006 2:34:13 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Ben,

Excellent questions. I'm fowarding this thread to the author of QSS.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to bjblackmore)
Post #: 2
RE: QSS Installation? - 22.Feb.2006 11:00:13 AM   
fesnouf@hotmail.com

 

Posts: 64
Joined: 14.Jan.2002
From: Paris
Status: offline
Ben, Thomas,
 
You are right Thomas, Excellent question.
 
When I have created QSS 3 years ago, I needed a way to exchange data between the Security Client component (installed on the workstation) and the Approval Server (on the ISA 2004 itself). The reason is that the client will make a technical “picture” of the machine and send it to the server part, which will decide it is compliant. All the ‘intelligence’ is on the server side which is totally different if you compare QSS with RQC/RQS.
 
I have decided to use FTP for the following reasons :
 
·           I did not want to create my own “multithreaded” component (I have some customers that provides hundreds of simultaneous VPN tunnels),
·           ISA 2004 by default has a FTP application filter,
·           Only people from the VPN networks can FTP the ISA 2004 machine (nobody else !),
·           Creating your own component or protocol implies that you must prove that you are not another source of attack : this is in general a lot of discussion for nothing
·           You only need to run the FTP service on ISA, not the other ones (especially WEB)
·           If this service has a bug somewhere and is a source of attack, I assume that Microsoft will have a strong process to provide a patch, and that it will be deployed pretty quick. Since the only way for a user to talk to isa smtp service is to upload a file, the risk is extremely low (compared with the risk of an application running on IIS/WEB service).
 
I don’t plan to change that system in the next release of QSS , except if you give me good feedback on this ;-)
 
For your info, the next release of QSS will support all Microsoft new things : Vista, antispyware, ISA 2006… if you have any special request, just let me know (Thomas you can broadcast this info ;-). This will help me to make a product that is compatible with all kind of scenarios.
 
Keep in mind that RQC/RQS will not be enhanced (my opinion), that NAP will not arrive before 2 years … so QSS is still a good product for the community.
 
Feel free to contact me.
 
Regards
 
Frederic ESNOUF
ISA MVP

(in reply to tshinder)
Post #: 3
RE: QSS Installation? - 22.Feb.2006 11:29:37 AM   
bjblackmore

 

Posts: 103
Joined: 9.Aug.2005
Status: offline
Hi Frederic,

Thanks for the reply, and answering the question.

Just wondering, did you receive my email yesterday? I am quite eager to get QSS working in our organisation. I just need to run those other questions past you, before I can recommend it to our MD.

Many thanks

Ben
MCSA

(in reply to fesnouf@hotmail.com)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> General >> QSS Installation? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts