Comments on: Why SBS is Insecure by Design and Not Even an ISA Firewall can Fix the Problem http://blogs.isaserver.org/shinder/2006/09/03/why-sbs-is-insecure-by-design-and-not-even-an-isa-firewall-can-fix-the-problem/ Written by Dr Thomas W Shinder, consultant to Microsoft, HP and many Fortune 500 companies on ISA firewall and Web proxy deployments this blog is where administrators get information about ISA Server Universal Threat Management firewalls. Topics include how to manage, deploy, and troubleshoot ISA Server as a network firewall, Web proxy/Web cache, remote access VPN server and VPN gateway to provide a high level of network security for all corporate computers. Wed, 7 Jan 2009 20:07:26 +0000 http://wordpress.org/?v=MU by: gpilcher http://blogs.isaserver.org/shinder/2006/09/03/why-sbs-is-insecure-by-design-and-not-even-an-isa-firewall-can-fix-the-problem/#comment-13879 Mon, 09 Oct 2006 03:51:25 +0000 http://blogs.isaserver.org/shinder/2006/09/03/why-sbs-is-insecure-by-design-and-not-even-an-isa-firewall-can-fix-the-problem/#comment-13879 Tom, Your comment "They’re comfortable allowing end-users RDP access to their network (in my opinion, one of the worst security moves anyone could ever make)." has me puzzled. Can you explain why you say this? Thanks Tom,

Your comment “They’re comfortable allowing end-users RDP access to their network (in my opinion, one of the worst security moves anyone could ever make).” has me puzzled. Can you explain why you say this?

Thanks

]]> by: Thomas Shinder http://blogs.isaserver.org/shinder/2006/09/03/why-sbs-is-insecure-by-design-and-not-even-an-isa-firewall-can-fix-the-problem/#comment-13818 Sat, 07 Oct 2006 15:52:23 +0000 http://blogs.isaserver.org/shinder/2006/09/03/why-sbs-is-insecure-by-design-and-not-even-an-isa-firewall-can-fix-the-problem/#comment-13818 Would any expert argue WITH my position? Of course not. Everyone with a modicum of security expertise knows that SBS is a security nightmare, where the implement holds his hands behind his back and keeps his fingers crossed. I don't argue that SBS provides value, and that is CAN be properly secured. But then you'll lose your value, because unlike the expectations of most (not all) SBS consultants and customers, you can't get something for nothing. BTW -- I do spent time in the SMB space, but not only in that space. I can pick and choose my customers, and I don't take customers who don't take security seriously. I'm not going to be a co-conspirator to a design that puts the customer's business at risk. That's how I sleep well at night. PHAT margins might help other's sleep well at night, but not me. HTH, Tom Would any expert argue WITH my position? Of course not. Everyone with a modicum of security expertise knows that SBS is a security nightmare, where the implement holds his hands behind his back and keeps his fingers crossed.

I don’t argue that SBS provides value, and that is CAN be properly secured. But then you’ll lose your value, because unlike the expectations of most (not all) SBS consultants and customers, you can’t get something for nothing.

BTW — I do spent time in the SMB space, but not only in that space. I can pick and choose my customers, and I don’t take customers who don’t take security seriously. I’m not going to be a co-conspirator to a design that puts the customer’s business at risk. That’s how I sleep well at night. PHAT margins might help other’s sleep well at night, but not me.
HTH,
Tom

]]> by: Shawn http://blogs.isaserver.org/shinder/2006/09/03/why-sbs-is-insecure-by-design-and-not-even-an-isa-firewall-can-fix-the-problem/#comment-13816 Sat, 07 Oct 2006 13:47:30 +0000 http://blogs.isaserver.org/shinder/2006/09/03/why-sbs-is-insecure-by-design-and-not-even-an-isa-firewall-can-fix-the-problem/#comment-13816 Your really beating around the big picture here. Would any expert argue your position - I doubt it. Is it total smoke up the chute? Absolutely! The real issue here is VALUE. You obviously do not spend much time in the SMB space as if you did you would understand that SBS is such a step-up to 95% of them in terms of functionality as well as security. It's possible to find flaws in ANY network, large or small, simple or complex. Networks are a balance and as in life, you can't always get what you want. Does it make sense for a small ( Your really beating around the big picture here. Would any expert argue your position - I doubt it. Is it total smoke up the chute? Absolutely!
The real issue here is VALUE. You obviously do not spend much time in the SMB space as if you did you would understand that SBS is such a step-up to 95% of them in terms of functionality as well as security.
It’s possible to find flaws in ANY network, large or small, simple or complex. Networks are a balance and as in life, you can’t always get what you want. Does it make sense for a small (

]]> by: Les Connor http://blogs.isaserver.org/shinder/2006/09/03/why-sbs-is-insecure-by-design-and-not-even-an-isa-firewall-can-fix-the-problem/#comment-10660 Wed, 06 Sep 2006 21:31:34 +0000 http://blogs.isaserver.org/shinder/2006/09/03/why-sbs-is-insecure-by-design-and-not-even-an-isa-firewall-can-fix-the-problem/#comment-10660 Good article - a great perspective from the vantage point of a multi-server enterprise admin looking down on an SBS implementation. Now, if you could get that same person a job (part time, say 4 hours a month)as an admin of a 10 PC peer to peer environment with zero servers, and then have him look up at how SBS - with all it's warts - might help him.... that too would be a good article. Les Connor Good article - a great perspective from the vantage point of a multi-server enterprise admin looking down on an SBS implementation.

Now, if you could get that same person a job (part time, say 4 hours a month)as an admin of a 10 PC peer to peer environment with zero servers, and then have him look up at how SBS - with all it’s warts - might help him…. that too would be a good article.

Les Connor

]]>