Originally posted here by thehorse13
The answer is...it depends.

Do you have it configured properly?
Do you have it patched up?
Do you have the host locked down?
What exactly are the requirements/purpose of the server?

Everything and nothing is secure depending upon who sets it up.
And ...

What OS is it running on?
Is the OS up to date and patched?

Specific to ISA, what role is it supposed to play? Firewall, Proxy, packet filter?

I have an ISA running, on Win2k3 SP1, not joined to the domain and dual homed (one public and shielded and the other private). As bulletproof as I can make it.

As with anything, you need to understand the product, know how to maintain it and keep things maintained.

I'll be a little more blunt than our friendly horse. No, ISA, in and of itself, is not secure. Installed on a securely configured OS, and configured and maintained correctly, yes, it can be reasonably secure. No more or less than anything else.