• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Buy Appliance or Install from Scratch?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Misc.] >> ISA Firewall Appliances >> Buy Appliance or Install from Scratch? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Buy Appliance or Install from Scratch? - 1.Oct.2008 10:26:07 PM   
Ghevlana

 

Posts: 4
Joined: 14.Dec.2005
Status: offline
I currently own an HP DL320 ISA 2004 server appliance and set it up for OWA, VPN, and several other protocols specific to my organization thanks to the great information on this forum.  Now, I have to replace the ISA 2004 and was planning to move to the HP Proliant Security Server with ISA 2006 (which received highest ratings on this site), but HP is no longer providing that appliance and has no plans to support an ISA appliance at any time in the future (that is the response I received on 9/22/2008 after I asked an HP rep to look into the matter for me).  Furthermore, I read a post that Microsoft is not going to support ISA appliances, which I guess is why HP dropped the PSS.

I was wondering if anybody can give me any insight if it is better to go with an appliance from another vendor or should I just buy the ISA 2006 license and do my own installation?  I liked the HP ISA 2004 server as it was practically plug-n-play except for the rules I had to add, but I am more than capable of doing server installs myself--it just takes me longer to harden the OS.
Post #: 1
RE: Buy Appliance or Install from Scratch? - 3.Oct.2008 6:28:40 AM   
IanC

 

Posts: 338
Joined: 11.Jul.2007
From: UK
Status: offline
Hi,

I recommend you take a look at the Celestix MSA appliances.  They come ready to use out of the box, are easy to use and offer good performance.  Celestix back this up with reliable support.  If you wish, I can put you in touch with a local supplier.  Just forward your contact details to me at ian@curriecomputing.com.

I must say that, as a reseller for Celestix here in the UK, your comment about Microsoft's intention to withdraw support for appliances is news to me.  I would be very surprised if this were the case, particularly as this is such a strong market.

Regards

Ian    

_____________________________

Ian Currie

nAppliance TMG/UAG Appliances - EMEA
www.surefront.co.uk

(in reply to Ghevlana)
Post #: 2
RE: Buy Appliance or Install from Scratch? - 3.Oct.2008 6:55:55 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Another 'Thumbs Up' for Celestix from me! 

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to IanC)
Post #: 3
RE: Buy Appliance or Install from Scratch? - 20.Nov.2009 2:15:26 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
but I am more than capable of doing server installs myself--it just takes me longer to harden the OS.

Installing ISA is what hardens the OS.  There is next to nothing to do to the OS beyond that.  Getting the Nic config correct is about all their is.

_____________________________

Phillip Windell

(in reply to Jason Jones)
Post #: 4
RE: Buy Appliance or Install from Scratch? - 20.Nov.2009 4:36:34 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:

ORIGINAL: pwindell

but I am more than capable of doing server installs myself--it just takes me longer to harden the OS.

Installing ISA is what hardens the OS.  There is next to nothing to do to the OS beyond that.  Getting the Nic config correct is about all their is.


You trawling old threads again Mr W

You ever heard of SCW?

The following document details quite a few "next to nothing" things to consider AFTER installation 

http://technet.microsoft.com/en-us/library/bb794718.aspx

Cheers

JJ



< Message edited by Jason Jones -- 20.Nov.2009 4:39:22 PM >


_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to pwindell)
Post #: 5
RE: Buy Appliance or Install from Scratch? - 20.Nov.2009 5:24:38 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
You trawling old threads again Mr W

I got bored.  Getting old,...looking for excitment since the girls won't pay any attention to me.

You ever heard of SCW?

Nope.  Ok, well maybe a long time ago. Nothing lately.  If it is that important it should be mentioned everywhere, all the time,..people should hear about it when they aren't even looking for it. Idiots like me should be given the chance to forget about it.

http://technet.microsoft.com/en-us/library/bb794718.aspx

About 90% of what is in this you would do with any server even when it is not even exposed to the Internet, so not really anything unique there to just ISA. Most of the things it does mention almost doesn't matter after you install ISA because none of those things are exposed anyway becuase ISA blocks them out.  Then,...ok,...don't get me started,...this article in the paragraph right above Hardening the Windows Infrastructure says,...

"For example, if ISA Server is protecting the edge of the network, consider installing the computer in a workgroup. For more information about installing ISA Server in a workgroup, see "ISA Server Enterprise Edition in a Workgroup"


Haven't we put that one to bed a long time ago?  Did the person writing this only know about MS Proxy Server v1?

Bottom line is that a regular install if ISA2003, with nothng "extra" added,..with the Nics properly configured,...and ISA installed is going to be secure.  It is not going to be insecure unless a person goes out of their way to harden it futher.  I'm not trying to say a person can not take it futher if they want to,...I'm just disagreeing that it is "insecure" if you don't 

BTW - I always use your article to explain to people how the nics should be configured, so you can't argue with me about that.
Recommended Network Card Configuration for ISA Firewall Servers
http://blog.msfirewall.org.uk/2008/06/isa-servers-recommeded-network-card.html


_____________________________

Phillip Windell

(in reply to Jason Jones)
Post #: 6
RE: Buy Appliance or Install from Scratch? - 20.Nov.2009 8:37:21 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Ok, I get your drift...and I agree that "out of the box" security config is pretty good. Still not sure I would present this as "ISA hardens the OS" as this is a bit misleading I think.

IMHO system policy sure benefits from a few tweaks.

A good example of an insecurity that isn't addressed by ISA though is something like SSL cipher strength which is a pure OS issue, as discussed here:

http://blog.msfirewall.org.uk/2008/10/hardening-ssl-cipher-strength-and-ssl.html

I guess it all depends how far you want to go with hardening...

Argue? moi?  Nope, can't argue with my own ramblings, you are correct!

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to pwindell)
Post #: 7
RE: Buy Appliance or Install from Scratch? - 23.Nov.2009 9:50:54 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Ok, I get your drift...and I agree that "out of the box" security config is pretty good. Still not sure I would present this as "ISA hardens the OS" as this is a bit misleading I think.

Both Tom and Jim have said it on occasion.  That's where I picked it up, so I am in good company.  But any statement taken in extreme literalness and put under a microscope usually end up being wrong in some way.

_____________________________

Phillip Windell

(in reply to Jason Jones)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Misc.] >> ISA Firewall Appliances >> Buy Appliance or Install from Scratch? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts