I have inheirited the IT responsibilities for a small medical office. The previous support rep installed an SBS 2003 Domain, and configured the ISA Security Firewall rather than purchase a hardware firewall solution.
I will preface this by saying that I have worked with SBS2003 before, but I have very little practical experience with the ISA firewall bundled with SBS.
That being said, is this a solution that you would leave stand? Honestly, it scares me a little to know that the server (which houses medical data) has a direct connection to the internet, no matter what the firewall capabilities of ISA are. Are my fears unfounded?
I have priced a number of entry-level firewalls (SonicWALL and Cisco come in around the $500 range), so price to implement shouldn't be any object. I am, however, unaware of any pitfalls in reconfiguring SBS to remove the ISA firewall and implement a traditional one-nic approach. Does anyone have any thoughts on this matter?
Thanks for your time.