Greetings!
Paul Robertson wrote:
> On Tue, 16 Apr 2002, Laura A. Robinson wrote:
>
>>>> ISA *is* a firewall.
>
> "The current incantation (ISA Server 2000) has passed ICSA Labs
> certification[1]"
> "I think the 3.0a criteria are a good "Is it really a firewall?" bar."
With ISA you have
* HTTP proxy
* SOCKS proxy (hence the "stateful" claim)
* stateless packet filter
which is basically the beefed-up (eye-candied) MS-Proxy 2.0, configured
to act firewallish - here: to meet the (old) 3a ICSA criteria.
But it still is proxies plus (poor) packet filter. No hardened OS, no
self-monitoring, no IDS, no common log, no alerts, no consistend
configuration (you can configure the SOCKS proxy to allow while packet
filter sill denies access).
A "real" firewall (in my eyes) should pass the ICSA criteria
out-of-the-box easily - while ISA needs massive configuration to barely
reach that bar.
Besides: for the price of an ISA you can choose among a number of decent
firewall products...
All IMHO, of course
Volker
--
-------------------------------------------------------------------
[EMAIL PROTECTED] discon GmbH
IT-Security Consulting Wrangelstrasse 100
http://www.discon.de/ 10997 Berlin, Germany
-------------------------------------------------------------------
PGP-Fingerprint: 5323 a4f7 a7c2 b8ef 4653 05ce d2ea 2b74 b94c c68e
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
For Account Management (unsubscribe, get/change password, etc) Please go to:
http://lists.gnac.net/mailman/listinfo/firewalls
