Comments on: Serious Error Regarding ISA Firewall Security Design Made at Microsoft TechNet Blog Site http://blogs.isaserver.org/shinder/2007/04/29/serious-error-regarding-isa-firewall-security-design-made-at-microsoft-technet-blog-site/ Written by Dr Thomas W Shinder, consultant to Microsoft, HP and many Fortune 500 companies on ISA firewall and Web proxy deployments this blog is where administrators get information about ISA Server Universal Threat Management firewalls. Topics include how to manage, deploy, and troubleshoot ISA Server as a network firewall, Web proxy/Web cache, remote access VPN server and VPN gateway to provide a high level of network security for all corporate computers. Thu, 4 Dec 2008 18:34:45 +0000 http://wordpress.org/?v=MU by: Chris E. Avis http://blogs.isaserver.org/shinder/2007/04/29/serious-error-regarding-isa-firewall-security-design-made-at-microsoft-technet-blog-site/#comment-92474 Sun, 29 Apr 2007 17:05:02 +0000 http://blogs.isaserver.org/shinder/2007/04/29/serious-error-regarding-isa-firewall-security-design-made-at-microsoft-technet-blog-site/#comment-92474 Thanks for setting me staright, Tom. Post is updated. Chris http://blogs.technet.com/chrisavis/archive/2007/04/27/isa-2006-and-computer-sets.aspx Thanks for setting me staright, Tom. Post is updated.

Chris

http://blogs.technet.com/chrisavis/archive/2007/04...s.aspx

]]> by: Tarek Majdalani http://blogs.isaserver.org/shinder/2007/04/29/serious-error-regarding-isa-firewall-security-design-made-at-microsoft-technet-blog-site/#comment-92452 Sun, 29 Apr 2007 16:07:26 +0000 http://blogs.isaserver.org/shinder/2007/04/29/serious-error-regarding-isa-firewall-security-design-made-at-microsoft-technet-blog-site/#comment-92452 Hi Tom, There are quite a few numbers of people that believe the ISA should be on a workgroup outside the domain, or even on a SEPERATE domain and build a one way trust between the Main Internal Network domain and ISA’s domain!!! You can feel this is true also with 70-227 (ISA 2000 exam)!!! BUT with 70-350 (ISA 2004 Exam) you strongly notice that setting up ISA to be a Domain member is much preferred You can’t blame these people, because with ISA 2000, I have read so many articles that setting up ISA in a separate domain is much more secure , or on a workgroup by itself. These people believe, that if ISA was separated from your MAIN domain and it was compromised, then your are still SAFE!!! And your Domain is not touched yet!!! I strongly disagree with them, and ALSO recommend them to read this article: http://www.isaserver.org/tutorials/Debunking-Myth-that-ISA-Firewall-Should-Not-Domain-Member.html Best Regards, Tarek Majdalani Hi Tom,

There are quite a few numbers of people that believe the ISA should be on a workgroup outside the domain, or even on a SEPERATE domain and build a one way trust between the Main Internal Network domain and ISA’s domain!!!

You can feel this is true also with 70-227 (ISA 2000 exam)!!!
BUT with 70-350 (ISA 2004 Exam) you strongly notice that setting up ISA to be a Domain member is much preferred

You can’t blame these people, because with ISA 2000, I have read so many articles that setting up ISA in a separate domain is much more secure , or on a workgroup by itself.

These people believe, that if ISA was separated from your MAIN domain and it was compromised, then your are still SAFE!!! And your Domain is not touched yet!!!

I strongly disagree with them, and ALSO recommend them to read this article: http://www.isaserver.org/tutorials/Debunking-Myth-...r.html

Best Regards,
Tarek Majdalani

]]>