RE: Connection Issue

  • From: "Eric Poole" <EPoole@xxxxxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 29 Aug 2003 12:04:46 -0700

A thank you to all (even the wisenheimers!).  Discussions have begun
with our network team using the input provided here as baseline issues.
Thanks again!
Let me add something, I just read -
http://www.isaserver.org/tutorials/Understanding_SSL_bridging_and_tunnel
ing_within_ISA.html - and one of our issues is connecting to a specific
site that uses https.  All that they say is needed is port 80 and 443.
Yet the darn thing keeps timing out/locking up!  We have multiple
banking sites that we use that do not have issues...could ISA be the
problem?  Vendor states that they have read about known issues with ISA
and SSL?  They couldn't provide any links and I haven't been able to
find them.  Any thoughts?

Eric Poole
IS Security Analyst
Community Medical Centers <http://communitymedical.org/> 
1140 "T" Street, Fresno, California  93721
559-459-6784 (phone)  559-459-2045 (fax)


                -----Original Message-----
                From: "John Tolmachoff \(Lists\)"
<johnlist@xxxxxxxxxxxxxxxxxxx>@CHCC 
                Sent: Friday, August 29, 2003 11:08 AM
                To: [ISAserver.org Discussion List]
                Subject: [isalist] RE: Connection Issue

                http://www.ISAserver.org
                True, good points. It all comes down to what a MS
security tech told us at a conference. Security is like a triangle, with
the points being cost, functionality and security. Some where in the
triangle is the point for each company. Our job is to find that point.
                 
                John Tolmachoff MCSE CSSA
                Engineer/Consultant
                eServices For You
                www.eservicesforyou.com
                 
                -----Original Message-----
                From: Quillman Shawn (RBNA/CIT1.1) *
[mailto:Shawn.Quillman@xxxxxxxxxxxx] 
                Sent: Friday, August 29, 200310:14 AM
                To: [ISAserver.org Discussion List]
                Subject: [isalist] RE: Connection Issue
                 
                Due to obvious security issues I won't discuss the
configuration of our corporate firewalls.  However, there is quite an
advantage to having a multiple-system firewall.  A vulnerability of one
system is typically not going to be a vulnerability in another system so
your protection against attack is greatly increased with mixed systems.
ISA can handle itself, I agree.  But if/when something does get through
ISA another wall behind it would give admins more time to react to the
breach before the internal network is compromised.  Same reason they
built castles with an outer wall.  The biggest question then is how
willing is your company to throw the required resources at a
multiple-system firewall?  More systems require more money and they add
a great deal of complexity to the solution.  From a pure security
standpoint it is the best solution.  You just have to weigh it against
your purse and your corporate culture.
                 
                -Shawn
                 
                ----- 
                 
                ------------------------------------------------------
                List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
                ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
                ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
                ------------------------------------------------------
                Other Internet Software Marketing Sites:
                Leading Network Software Directory:
http://www.serverfiles.com
                No.1 Exchange Server Resource Site:
http://www.msexchange.org
                Windows Security Resource Site:
http://www.windowsecurity.com/
                Network Security Library: http://www.secinf.net/
                Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
                ------------------------------------------------------
                You are currently subscribed to this ISAserver.org
Discussion List as: epoole@xxxxxxxxxxxxxxxxxxxx
                To unsubscribe send a blank email to
$subst('Email.Unsub') 

Other related posts: