[geeks] ISA server security analysis?
Mike Meredith
mike at blackhairy.demon.co.uk
Sat Mar 13 02:26:59 CST 2004
On Fri, 12 Mar 2004 13:13:51 -0500, David A de Gruyl wrote:
> Does anyone have a pointer to any analysis on Microsoft's ISA server?
A quick google shows at least 3 ISA vulnerabilities ... where there's 1
there might be more.
A google for OpenBSD firewall vulnerabilities doesn't show anything.
Hardly conclusive, but it does sort of point to using BSD doesn't it ?
> for background -- I may actually be doing my day job for an extended
> period of time from another location. I have two locations with
> OpenBSD firewalls. We have a computer consulting company which is not
> really comfortable with things which do not originate in Redmond. So,
> they seem to want to move to ISA server.
Are they expecting you to run the ISA server ? Point out that you're
happy to run a secure firewall with OpenBSD, but that you're not happy
with running a secure ISA firewall.
In the end there's nothing you can do to stop them running ISA, but you
*can* make a big fuss about not plugging your gear into their network
without a proper firewall ... whenever you take your laptop to their
site, take one of those lunchbox Sun systems running OpenBSD as well to
guard your laptop.
More information about the geeks
mailing list