Disadvantages of installing ISA 2004 on DC

15 pts.
Tags:
Domain Controller
Firewalls
ISA 2004
Microsoft Internet Security and Acceleration Server
Network administration
Network security
hi all what is the disadvantege installing ISA2004 on DC ? and we have a router d-link for small office , we are thinking to install isa2004 , I know that isa must have 2 NIC 1 external 1 internal , the problem I thinkin that currently the public ip address is on the router , what ip address i have to assign on external NIC on isa , same public ip address that on router
ASKED: March 22, 2009  10:26 PM
UPDATED: March 23, 2009  1:29 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

The ideal placement of the ISA firewall is behind the router and before all other networking devices. So it will be router -> ISA Firewall -> Switch -> Networking devices. The reason for the two NIC requirement is because the ISA and any other firewall needs a WAN side and a LAN side.

The disadvantage of installing the ISA firewall on a Domain Controller is that you have more services to exploit which is basically why they came up with the Server Core 2008 installation option.

=====================
The DC contains all the authentication and user information for your domain. You do not want that host exposed. A firewall should not be providing other services as mentioned above – it has a much higher vulnerability profile the more processes that it runs.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following