My 'edge' of my network is my Windows Mobile cell phone that has a
username/password that uses activesync to my domain. I have firm
information on that device and must assign resources for it as it's
outside 'my wall'. I'm not talking about the traditional edge but
rather the informational edge of my network.
http://www.microsoft.com/windowsserversystem/updateservices/evaluation/faqs.mspx
Will Microsoft Internet Security and Acceleration (ISA) Server updates
be handled by WSUS? <javascript:toggleQuestion('title46', 'question46',
'answer46')>
A.
Over time, WSUS will support all Microsoft updates, including ISA
Server. However, at release, the plan is for WSUS is to support Windows,
Office XP, Office 2003, SQL Server 2000, MSDE 2000, and Exchange Server
2003.
Thomas W Shinder wrote:
Hi Susan,
I think you misunderstood what they were trying to communicate during
that Webcast, and the presenters didn't do a really good job at
explicating their positions.
Many people think that there is no more perimeter (or edge), or that the
perimeter (or edge) somehow magically changed to the end point on the
corporate network. Neither assertion is true or believable. Sure, there
is a more heterogenous set of security zones that need to be segmented
from one another, but to say that there is no more "perimeter" or no
more "edge" is ridiculous at best, delusional at worst (sort of like
saying that SBS doesn't represent a security compromise).
Try this experiment to prove this fact: deploy an ISA firewall (not on
SBS but in a real firewall configuration)on the edge of the network.
Lock down the System Policy and create well designed, thoughtful and
functional firewall policy that controls both inbound and outbound
access through the ISA firewall. Make sure you deploy both the Web proxy
and Firewall client so you get comprehensive user information in the log
files that you can use for comprehensive reporting later.
Let that run for a month and see what the effects are on network
performance and the overall security position of all host hosts on all
network segments on the corporate network that require Internet access.
Now, try this: Assign all your network hosts public addresses and put a
router (a real router, not a NAT device) on the edge and allow
everything in and everything out. Don't change anything on your clients
-- don't upgrade the Oss don't install any new software other than what
you have now -- just like the ISA firewall test. (no fair cheating by
installing local host firewalls, NIDS, upgradeing OSs, etc to make up
for the problems that you know will result from this test).
Now compare the results of your network performance metrics and overall
security situation with that you had with the ISA firewall in place.
OK. Now, tell me -- its there a "edge" or "perimeter" or whatever you
want to call it and has it disappeared? Is the DMZ dead? Are the
endpoints the only things we need to "firewall"? I'm really afraid that
Microsoft's push for NAP (which is what all this stuff is about) is
confusing Microsoft networking folks and making them think that NAP
somehow obviates the need for a network firewalls, both at the edge and
at all security perimeters.
PS -- what do you mean that WSUS will support ISA?
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**
-----Original Message-----
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 15, 2005 7:52 PM
To: James Eaton-Lee
Cc: Marcos Marrero; [email protected]
Subject: Re: ISA Server or Firewall Appliance?
The annoying SBSer with ISA on her box is going to challenge
you on that
one.
What exactly doesn't feel quite right? Why does it not feel right?
In my network I like it because it's on a platform that I can monitor
easier. Control better. Patch easier. [WSUS will soon
support ISA as a
matter of fact]
Isn't the same true for big networks?
I think we all need to let go of our OS perceptions and look at the
realities of operating systems these days and what not. If we can't
control it...understand it...I'm not sure it's not helping in the
security fabric of my network.
Our firewalls are not our perimeters any more.
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?Eve
ntID=1032286231&EventCategory=3&culture=en-US&CountryCode=US
---------------------------------------------------------------------------
---------------------------------------------------------------------------
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
---------------------------------------------------------------------------
---------------------------------------------------------------------------
