Solved

Do I need an additional Firewall in front of ISA / TMG

Posted on 2013-01-01
11
507 Views
Last Modified: 2013-01-08
Dear All,

We have ISA installed on our network to provide access to internet. We have no published servers, we though have remote users to VPN to our network through ISA. So, I would like to know if I need an additional Firewall to protect my network or the current setup is sufficient?
0
Comment
Question by:AbXd
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 38734440
For sure, adding another firewall on front of TMG will add a security layer to your network.

Please reed the following :

http://searchsecurity.techtarget.com/answer/Front-end-back-end-firewalls-vs-chassis-based-firewalls

http://technet.microsoft.com/en-us/library/bb123753(v=exchg.65).aspx
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 175 total points
ID: 38734459
Its like asking if you need more than one Lock on your front door.  One lock has it shut and deters the opportunistic burgler for sure. Put another, bigger, lock on and it keeps even more out.

A hardware firewall in addition to ISA/TMG is a very good idea yes.
0
 
LVL 12

Assisted Solution

by:DarinTCH
DarinTCH earned 25 total points
ID: 38734864
Software firewalls have some vulnerabilities
so do hardware FW

adding the 2 together decreases your exposure

even a low end firewall is a good idea
the hardware can handle much of the crap traffic faster and then less load on the software firewall

ALL THE SOLUTIONS I propose make use of hardware and software security

Security is best when it is layered
0
 
LVL 39

Expert Comment

by:footech
ID: 38734990
I'll come in on the other side of this.  I don't disagree that an additional firewall will provide more security.  However, ISA is a very good firewall and in many cases I believe it is sufficient on it's own.  Only by evaluating your security requirements can you answer the question of whether you need another.
0
 

Author Comment

by:AbXd
ID: 38735549
Hi!

Thank you all for suggesting / supporting the idea of having an additional firewall, but is it necessary to have one, when you have users for internet and VPN only and no DMZ?
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 37

Expert Comment

by:Neil Russell
ID: 38735833
Well that is entirely down to you. IF you want your network to be MORE secure then YES. If your happy to think that ISA is the be all and end all of internet security then no.

Personally I would never and have never recomended any client install ISA directly onto the internet link with no hardware firewall.

You need to define what YOU call "necessary "
0
 
LVL 39

Expert Comment

by:footech
ID: 38736115
@Neilsr - Sorry, a bit off topic, but...
Personally I would never and have never recomended any client install ISA directly onto the internet link with no hardware firewall.
Could you explain why that is?  Are there some particular failings of ISA that ward you off, or is it just because it resides on top of Windows?
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 175 total points
ID: 38737988
Its because no lock is pick proof so two locks are a far better, more secure, system.

Nothing to do with windows or ISA specifically no.
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 175 total points
ID: 38738002
If an exploit is found in ISA you are vulnerable if thats your Only line of defence.
Likewise if you Only have a hardware firewall.

You have both, you now need two exploits at the same time to be compromised.
0
 

Accepted Solution

by:
AbXd earned 0 total points
ID: 38739490
Thanks Guys!

Got the point.

Regards
0
 

Author Closing Comment

by:AbXd
ID: 38754015
Got the message
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now