Disadvantages of installing ISA 2004 on DC
Domain Controller, Firewalls, ISA 2004, Microsoft Internet Security and Acceleration Server, Network administration, Network security
hi all
what is the disadvantege installing ISA2004 on DC ?
and we have a router d-link for small office , we are thinking to install isa2004 , I know that isa must have 2 NIC 1 external 1 internal , the problem I thinkin that currently the public ip address is on the router , what ip address i have to assign on external NIC on isa , same public ip address that on router
Software/Hardware used:
Software/Hardware used:
ASKED:
March 22, 2009 10:26 PM
UPDATED:
March 23, 2009 1:29 PM
Answer Wiki:
The ideal placement of the ISA firewall is behind the router and before all other networking devices. So it will be router -> ISA Firewall -> Switch -> Networking devices. The reason for the two NIC requirement is because the ISA and any other firewall needs a WAN side and a LAN side.
The disadvantage of installing the ISA firewall on a Domain Controller is that you have more services to exploit which is basically why they came up with the Server Core 2008 installation option.
=====================
The DC contains all the authentication and user information for your domain. You do not want that host exposed. A firewall should not be providing other services as mentioned above - it has a much higher vulnerability profile the more processes that it runs.
To see all answers submitted to the Answer Wiki: View Answer History.
RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
