How safe am I behind ISA Server

  • Thread starter Thread starter MarkH
  • Start date Start date
M

MarkH

How safe is my 2000 server, it is networked to a mulit homed 2000 server
running ISA with a cable modem attached, you can access both computers each
way isa to dc dc to isa, is there a better way to set this up?

Mark h
 
no, there is not.
your isa server is your dmz and the dc is protected.
if you have to publish web sites, remember publish it on the isa server.
bye.

--
-----------------------------------
Edoardo Benussi - (e-mail address removed)
Microsoft® MVP - Windows Server
http://support.microsoft.com/newsgroups
http://mvp.support.microsoft.com
http://italy.mvps.org
---------------------------------------------------------------
-This posting is provided "AS IS" with no warranties,
and confers no rights
- Le informazioni fornite in questo messaggio sono fornite
senza vincolo di garanzia e senza responsabilità alcuna
---------------------------------------------------------------
 
It depends. ISA is a firewall/caching program. It can be very effective if
configured correctly. As with any firewall you should do your own port scanning
from outside the network to check for vulnerabilities. For a domain controller,
it makes sense to have rules configured to allow outbound access to probably
only Windows Update if even that. You may want to post in one of the ISA
newsgroups also. --- Steve
 
Hi thanks for the replies, its is set as firewall only with full internet
access for all comps behind it, i have been to several internet security
checking sites i.e. symantec ect and they come up as safe! how reliable a
pointer are they.

Mark H
 
That generally is a very good indication, though if possible try your own
penetration scanning from outside the network using a network scanner such
as Superscan 4.0 which is a free download from Foundstone. It also makes
sense to have default block all rules for outbound traffic and then create
rules for the exceptions and ISA has a great deal of flexability in that
area including ports/ip addresses/protocols/sites and even granular control
over IE access which will help prevent users from running unathorized
internet applications such as file swapping and chat that can bring viruses
into the network. --- Steve
 
Back
Top