I currently own an HP DL320 ISA 2004 server appliance and set it up for OWA, VPN, and several other protocols specific to my organization thanks to the great information on this forum. Now, I have to replace the ISA 2004 and was planning to move to the HP Proliant Security Server with ISA 2006 (which received highest ratings on this site), but HP is no longer providing that appliance and has no plans to support an ISA appliance at any time in the future (that is the response I received on 9/22/2008 after I asked an HP rep to look into the matter for me). Furthermore, I read a post that Microsoft is not going to support ISA appliances, which I guess is why HP dropped the PSS.
I was wondering if anybody can give me any insight if it is better to go with an appliance from another vendor or should I just buy the ISA 2006 license and do my own installation? I liked the HP ISA 2004 server as it was practically plug-n-play except for the rules I had to add, but I am more than capable of doing server installs myself--it just takes me longer to harden the OS.
Posts: 338
Joined: 11.Jul.2007
From: UK
Status: offline
Hi,
I recommend you take a look at the Celestix MSA appliances. They come ready to use out of the box, are easy to use and offer good performance. Celestix back this up with reliable support. If you wish, I can put you in touch with a local supplier. Just forward your contact details to me at ian@curriecomputing.com.
I must say that, as a reseller for Celestix here in the UK, your comment about Microsoft's intention to withdraw support for appliances is news to me. I would be very surprised if this were the case, particularly as this is such a strong market.
Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
You trawling old threads again Mr W
I got bored. Getting old,...looking for excitment since the girls won't pay any attention to me.
You ever heard of SCW?
Nope. Ok, well maybe a long time ago. Nothing lately. If it is that important it should be mentioned everywhere, all the time,..people should hear about it when they aren't even looking for it. Idiots like me should be given the chance to forget about it.
About 90% of what is in this you would do with any server even when it is not even exposed to the Internet, so not really anything unique there to just ISA. Most of the things it does mention almost doesn't matter after you install ISA because none of those things are exposed anyway becuase ISA blocks them out. Then,...ok,...don't get me started,...this article in the paragraph right above Hardening the Windows Infrastructure says,...
"For example, if ISA Server is protecting the edge of the network, consider installing the computer in a workgroup. For more information about installing ISA Server in a workgroup, see "ISA Server Enterprise Edition in a Workgroup"
Haven't we put that one to bed a long time ago? Did the person writing this only know about MS Proxy Server v1?
Bottom line is that a regular install if ISA2003, with nothng "extra" added,..with the Nics properly configured,...and ISA installed is going to be secure. It is not going to be insecure unless a person goes out of their way to harden it futher. I'm not trying to say a person can not take it futher if they want to,...I'm just disagreeing that it is "insecure" if you don't
Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Ok, I get your drift...and I agree that "out of the box" security config is pretty good. Still not sure I would present this as "ISA hardens the OS" as this is a bit misleading I think.
IMHO system policy sure benefits from a few tweaks.
A good example of an insecurity that isn't addressed by ISA though is something like SSL cipher strength which is a pure OS issue, as discussed here:
Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Ok, I get your drift...and I agree that "out of the box" security config is pretty good. Still not sure I would present this as "ISA hardens the OS" as this is a bit misleading I think.
Both Tom and Jim have said it on occasion. That's where I picked it up, so I am in good company. But any statement taken in extreme literalness and put under a microscope usually end up being wrong in some way.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA 2006 Misc.] >> ISA Firewall Appliances >> Buy Appliance or Install from Scratch? 
Buy Appliance or Install from Scratch? - 
,...this article in the paragraph right above Hardening the Windows Infrastructure says,... 
Nope, can't argue with my own ramblings, you are correct! 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread