[isalist] Re: Being a good Internet citizen per Stefaan Pouseele
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Tue, 22 Aug 2006 21:11:41 -0500
Hi Danny,
Yes, all is this is done right out of the box. It's the basic tenet of
ISA spoof detection.
I don't recall if fragment filtering is done by default, but you can
enable it if it isn't.
Be careful with number 3 -- it only applies if the ISA firewall is the
Internet edge firewall and there is no NAT device in front of it.
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Danny
Sent: Tuesday, August 22, 2006 9:04 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Being a good Internet citizen per Stefaan
Pouseele
I read this Stefaan's blog this evening; it is just loaded with
fantastic information. (Don't forget the blogs of Dr. Shinder and Mr.
Jim Harrison!, and many others!) One thing I had a question about was
whether or not ISA 2004, ISA 2004 SP1, and ISA 2004 SP2 "out-of-box"
provide the platform to be a good Internet citizen specific to what
Stefaan has outlined. I believe that it is, but I just want to verify
with the pro's.
Here is the particular post:
http://blogs.isaserver.org/pouseele/2006/06/11/be-a-good-internet-citize
n/
Thanks,
...D
--
CPDE - Certified Petroleum Distribution Engineer
CCBC - Certified Canadian Beer Consumer
Other related posts:
