Comments on: Microsoft Puts Hold on Forefront Security Product Range http://www.darknet.org.uk/2009/04/microsoft-puts-hold-on-forefront-security-product-range/ Ethical Hacking, Penetration Testing & Computer Security Fri, 20 Nov 2009 20:21:19 +0000 http://wordpress.org/?v=2.8.6 hourly 1 By: Morgan Storey http://www.darknet.org.uk/2009/04/microsoft-puts-hold-on-forefront-security-product-range/#comment-142458 Morgan Storey Sun, 12 Apr 2009 12:52:41 +0000 http://www.darknet.org.uk/?p=1691#comment-142458 @Anonymous: I am sure you could do it with incognito @Darknet: I have used ISA a bit and am even certified in 2004. In all realism it isn't a half bad firewall and proxy, though you need third party apps to get the proxy bit to do anything other than cache. I heard from a colleague MS did their usual trick and poached some Checkpoint guys to build ISA, so its security is fairly high on the charts for that alone. From what I have heard of MS endpoint security it is also pretty decent, nothing as bad as one-care, and it integrates into the OS and into the domain with ISA/Forefront to allow policies to lock down a box even off the network. It's heuristics engine I think was bought from someone else (symantec?) and is pretty damned good. They are also putting ips/ids and deep packet inspection into the new ISA IIRC, which is where they maybe getting there will stop 0-days. I guess we will see. All that being said though it sort of goes against my ethos, which is basically if you are trying to protect one OS use another OS as a firewall to at least make the knowledge the attacker needs that little bit greater. @Anonymous: I am sure you could do it with incognito

@Darknet: I have used ISA a bit and am even certified in 2004. In all realism it isn’t a half bad firewall and proxy, though you need third party apps to get the proxy bit to do anything other than cache.
I heard from a colleague MS did their usual trick and poached some Checkpoint guys to build ISA, so its security is fairly high on the charts for that alone.
From what I have heard of MS endpoint security it is also pretty decent, nothing as bad as one-care, and it integrates into the OS and into the domain with ISA/Forefront to allow policies to lock down a box even off the network. It’s heuristics engine I think was bought from someone else (symantec?) and is pretty damned good. They are also putting ips/ids and deep packet inspection into the new ISA IIRC, which is where they maybe getting there will stop 0-days. I guess we will see.
All that being said though it sort of goes against my ethos, which is basically if you are trying to protect one OS use another OS as a firewall to at least make the knowledge the attacker needs that little bit greater.

]]> By: Anonymous http://www.darknet.org.uk/2009/04/microsoft-puts-hold-on-forefront-security-product-range/#comment-141202 Anonymous Wed, 08 Apr 2009 22:35:32 +0000 http://www.darknet.org.uk/?p=1691#comment-141202 I've used ISA for a few years now. The one feature I've always liked is the NTLM integrated proxy authentication. As long as you're blocking egress traffic, it seems to stop any piece of malware looking for a second payload or botnet. I'm sure it wouldn't be hard to replay compromised NTLM hashes through the proxy, I just haven't see it done... I’ve used ISA for a few years now. The one feature I’ve always liked is the NTLM integrated proxy authentication. As long as you’re blocking egress traffic, it seems to stop any piece of malware looking for a second payload or botnet. I’m sure it wouldn’t be hard to replay compromised NTLM hashes through the proxy, I just haven’t see it done…

]]>