• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Certification ISA 2004

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Misc.] >> ISA Server 2004 Certification >> Certification ISA 2004 Page: [1] 2   next >   >>
Login
Message << Older Topic   Newer Topic >>
Certification ISA 2004 - 3.Feb.2004 5:34:00 PM   
Linke Loe

 

Posts: 57
Joined: 1.Oct.2003
From: Utrecht, Netherlands
Status: offline
Hi all. Does anyone know if there will be an exam for ISA 2004 in the near future?

Thanks...
Post #: 1
RE: Certification ISA 2004 - 5.Feb.2004 1:46:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Linke,

Yes, but we probably won't see it until near the end of the year.

HTH,
Tom

(in reply to Linke Loe)
Post #: 2
RE: Certification ISA 2004 - 11.Feb.2004 11:58:00 PM   
cmack0

 

Posts: 16
Joined: 27.Mar.2002
Status: offline
Looking for oppinions, but do you think with ISA 2004, MS will actually be considered a "player" in the firewall market? Will ISA certification mean anything?
From my experience, most FW consulting firms still shy away from ISA because of the obvious security flaws in the base OS.

(in reply to Linke Loe)
Post #: 3
RE: Certification ISA 2004 - 12.Feb.2004 12:33:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Cmack,

I think ISA 2004 will make a big difference, esp. with some upcoming system hardening features that you'll learn about in the near future.

Personally, I think wasting money on Checkpoint will be seen as a bad move in the future, and hardware firewalls with off-box appliation layer filtering is a real disadvantage because of the additional cost overhead. ISA 2004 will end up as secure as any hardware or software firewall at the same price point. Businesses that have existing MS networks will really benefit from ISA 2004 and do themselves a disservice by ignoring it!

HTH,
Tom

(in reply to Linke Loe)
Post #: 4
RE: Certification ISA 2004 - 25.Feb.2004 6:58:00 PM   
turbomcp

 

Posts: 36
Joined: 13.Nov.2002
Status: offline
just wanted to add this:
in year 2002-2003 there were less almost 50% less security fixes to windows xp(not windows 2003 ofcourse:) thats even less)
then any other software(suse,redhat,unix...)

and another thing as a former checkpoint fan
i still think theri software is no.1 but in the overall isa 2004 according to estimates will "catch" 20% or more market share as a firewall in the next 2 years(thats alot)with isa 2000 it was 10%.
and by the way checkpoint products run on windows nt 4.0/2000/2003 and according to them need no more configuration to make it secure ,i mean besides installing the software.
(what most security experts do to the o.s. is not needed)
one more thing:)
more then 50% of all firewalls installed(no matter what product they are) suffer from lack of security caused by misconfiguration.

(in reply to Linke Loe)
Post #: 5
RE: Certification ISA 2004 - 26.Feb.2004 12:26:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Turbo,

Interesting stats! I think that ISA 2004 will take a big chunk out of Checkpoint.

Thanks!
Tom

(in reply to Linke Loe)
Post #: 6
RE: Certification ISA 2004 - 2.Mar.2004 10:37:00 PM   
RandyM

 

Posts: 29
Joined: 14.Mar.2003
Status: offline
I get a little perturbed when I hear people use the term "hardware firewall" when describing devices like the Cisco PIX line etc. These devices are running an OS (IOS) on a box with multiple interfaces just like ISA does. I realize that they use more propietary hardware that allows some of the functions to be done at lower levels but they are hardly hardware firewalls. I don't mean to correct anybody here, I'm just venting in a general direction.

Thanks for listening.

By the way, I've been reading this site for ages just don't post much. Tom, I met you in Dallas at TechEd 2003. I was the Engineer running the CommNet network.

(in reply to Linke Loe)
Post #: 7
RE: Certification ISA 2004 - 3.Mar.2004 2:01:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Randy,

Bingo! Yes, I agree wholeheartedly. My wife, Debi Shinder is doing a comprehensive report (over 100 pages!) comparing ISA 2004 with so-called "hardware" firewalls and ISA 2004 is doing very well and exceeding the features and capabilities of all of them in the same price range. Really nice!

I do remember you. Hope you got the Nortel VPN client issue solved [Smile]

Thanks!
Tom

(in reply to Linke Loe)
Post #: 8
RE: Certification ISA 2004 - 3.Mar.2004 4:16:00 PM   
RandyM

 

Posts: 29
Joined: 14.Mar.2003
Status: offline
Ahh, that was one of the engineers I had working for me there. His name is Michael. We met rather quickly, that was a busy event full of 20 hour days.

(in reply to Linke Loe)
Post #: 9
RE: Certification ISA 2004 - 4.Mar.2004 12:01:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Randy,

Ah, yes! Those were indeed long days. Spent the entire day at the TechEd conf and then came back to the office to put in another 10 hours. No rest for the weary [Smile]

Hope to see you at this year's TechEd conf!

Tom

(in reply to Linke Loe)
Post #: 10
RE: Certification ISA 2004 - 5.Mar.2004 8:29:00 AM   
Lambera

 

Posts: 40
Joined: 5.Mar.2004
From: Washington
Status: offline
Yes their will be a test and its in the works [Big Grin]

(in reply to Linke Loe)
Post #: 11
RE: Certification ISA 2004 - 5.Mar.2004 12:32:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi AJ,

Thanks! Hey, let me know if you need some help developing it. [Smile]

Tom

(in reply to Linke Loe)
Post #: 12
RE: Certification ISA 2004 - 9.Mar.2004 1:38:00 AM   
Guest
I've just got to disagree with what RandyM said about people comparing ISA to "Hardware Firewalls" like the Cisco Pix. The cisco Pix IS a hardware firewall. Yes, it may have an OS (how else would you configure it?), but how does that stop it from being a hardware firewall? ISA is a software firewall because it's installed...on a host OS. The PIX is a computer that's a firewall. I guess by your defination, anything that has a UI must be software based?

(Not picking a fight, just curious as to what you mean...)

(in reply to Linke Loe)
  Post #: 13
RE: Certification ISA 2004 - 9.Mar.2004 11:14:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Maffu,

This is a good discussion. I think the problem is that people consider any ASIC based firewall to be somehow inherent more secure than non-ASIC firewalls. The fact is that this is not true. In the past, the ASIC firewalls were faster than the non-ASIC firewalls, but with Pentium processors moving at 3+GHz, and multiprocessor systems with 3+GHz processors in them with encryption offload cards now make the archtectural limitation of ASIC (hardware) firewalls even more significant. That's why the flexibility and performance you see in a non-ASIC firewall like ISA is so important today for those of us who need to respond quickly to modern attacks. Pix just doesn't cut it anymore because its locked into an aging and increasingly rigid architecture.

HTH,
Tom

(in reply to Linke Loe)
Post #: 14
RE: Certification ISA 2004 - 9.Mar.2004 11:09:00 PM   
Lambera

 

Posts: 40
Joined: 5.Mar.2004
From: Washington
Status: offline
I believe many people like "hardware" based firewall because the software is embeded into firmware allowing for a greater speed. I disagree with that. ISA offers great performance and scalability and its cost per MB leaves all other firewalls in the dust. A firewall is only as good as it is configured.

(in reply to Linke Loe)
Post #: 15
RE: Certification ISA 2004 - 10.Mar.2004 11:27:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi AJ,

Yes, and they think this makes it more secure or stable. Both of those assumptions are being strongly challanged these days. Even embedding relatively simple functions such as encryption algorithms into the ASIC is losing its value as Intel builds the same into their own core processors. I suspect "hardware" firewalls and the ASIC fans are going to find themselves in hard times in the next few years, as the development costs for for creating new ASICs is prohibitive and ALF "blades" are a limited kludge at best.

thanks!
Tom

(in reply to Linke Loe)
Post #: 16
RE: Certification ISA 2004 - 14.Mar.2004 6:43:00 AM   
Lambera

 

Posts: 40
Joined: 5.Mar.2004
From: Washington
Status: offline
Like many people at msft say if we put ISA in a 1u case painted it bright orange, we would sell alot more.

(in reply to Linke Loe)
Post #: 17
RE: Certification ISA 2004 - 14.Mar.2004 8:07:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi AJ,

I fully expect that to happen not long after the official release.

Thanks!
Tom

(in reply to Linke Loe)
Post #: 18
RE: Certification ISA 2004 - 16.Mar.2004 2:33:00 AM   
Lambera

 

Posts: 40
Joined: 5.Mar.2004
From: Washington
Status: offline
Well ill be happy if they dont have the devs write it this time. After ISA 2000 rewrite they really killed it.

(in reply to Linke Loe)
Post #: 19
RE: Certification ISA 2004 - 16.Mar.2004 10:47:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi AJ,

Write what? The hardware device?

Thanks!
Tom

(in reply to Linke Loe)
Post #: 20

Page:   [1] 2   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Misc.] >> ISA Server 2004 Certification >> Certification ISA 2004 Page: [1] 2   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts