[isalist] Re: Error during install
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Sat, 12 Aug 2006 11:09:43 -0500
http://www.ISAserver.org
-------------------------------------------------------
I suppose that voice was even louder for 2006? I'm sure they need
Kerberos Constrained Delegation and Web Farm Load balancing ;)
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Saturday, August 12, 2006 11:06 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Error during install
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> ..because SBS represents a significant revenue stream and
> they said "we
> want ISA".
> Fortunately, not every "wewant" is noticed; otherwise, SBS would be an
> unsupportable mishmash of horrific applications.
> The SBS voice is loud; otherwise there would be no SBS
> product team and
> the whole deployment would be a collection of whitepapers.
> You shoulda
> heard the noise created when ISA 2004 wasn't part of SBS 2003 RTM, but
> had to wait until SP1.
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thomas W Shinder
> Sent: Saturday, August 12, 2006 8:58 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Error during install
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Yep, I'll never figure out why they made that decision.
>
> Maybe someday, they'll re-brand the Windows Firewall for Window Server
> and call it ISAexpress and charge them extra for that ;)
>
> Laterz,
> GMT
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
>
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > Sent: Saturday, August 12, 2006 10:53 AM
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: Error during install
> >
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >
> > Sad to say, he never tried (no great surprise, there).
> > I saw a few attempts from other sources, though.
> >
> > For the complete record, "the real world" includes much
> more than SBS.
> > The fact that MS chooses to increase the revenue stream with this
> > product in no way demonstrates that this is a "desirable"
> deployment.
> > In point of fact, this is the single hardest deployment to
> attempt and
>
> > represents a very large security compromise for any of the products
> > assembled therein. It has to be; these products were
> neither designed
>
> > nor tested to function this way except in SBS. Anyone trying to
> > emulate an SBS deployment by themselves is in for a nasty shock.
> >
> > You yourself have argued that neither ISA nor its OEM offerings are
> > priced for SBS; this is intentional because it's designed as an
> > Enterprise product. SBS folks get it (and other products) for damn
> > near free.
> >
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
> > Sent: Saturday, August 12, 2006 12:50 AM
> > To: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
> > Cc: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: Error during install
> >
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >
> > ...and last I heard Tony Su never did hack into Mr.
> Harrison's server
> > either....
> >
> > Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
> > > For the record it's called SBS 2003 "Premium" not
> > Enterprise in case
> > > you want to google... and I've yet to see a SBS box get
> > hacked. ISA
> > > is ISA. And Microsoft has not built a "vulnerable" product.
> > >
> > > We get nailed from stupid users running with admin
> rights. We get
> > > nailed with professionals that don't use the connect to Internet
> > > Wizard to set up the firewall and set it up incorrectly.
> > That's how
> > > we get nailed. As has been stated.. a properly
> configured network
> > > will be just fine.
> > > We're not big business, we're small business and it's a
> reasonable
> > > risk. Day in and day out Amy Babinchak, an ISA
> > professional showcases
> >
> > > that ISA works for small businesses.
> > >
> > > Make ISA on a standalone box into a reasonable price range in the
> > > Cougar or Centro era and let's talk.
> > >
> > > Folks these days either go with a hardware firewall on
> the outside
> > > for a smidge of paranoia protection, ISA in a two nic setup
> > ...or they
> >
> > > do a one nic with a Sonicwall because ISA just is not cost
> > > effective... or ..quite bluntly.. they don't trust it.
> > >
> > > Those of us who believe in ISA (and yes that's those of
> us who run
> > > real businesses in the real world) we show every day that it can
> > > protect even when it's on the same server with the DC.
> > >
> > > It works.
> > >
> > > So out here in the real world.... it's ISA or you lose the sale.
> > >
> > > That's the real world out here.
> > >
> > > There are..however.. those in the SBS mvp community like Jeff
> > > Middleton who want it off the SBS box because of the
> annoying ways
> > > that it interferes with troubleshooting issues.
> > >
> > > Will I want it on the same box in the Cougar era? Ask me
> when that
> > > ships (whenever that may ship) I might be doing Centro by
> > that time
> > > which probably will peel off that server role. Who knows.
> > I evaluate
> >
> > > my risks and threats and right now I'm comfortable with ISA
> > on the box
> >
> > > with Dana Epp's Firewall dashboard adding more reports
> that give me
> > > the info I need.
> > >
> > >
> > > From: "John T \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
> > > Subject: [isalist] Re: Error during install
> > > Date: Fri, 11 Aug 2006 00:26:48 -0700
> > >
> > > As the good doctor has said, most ISA professionals will
> > tell you that
> >
> > > including ISA server with SBS Enterprise was a dumb idea.
> > >
> > >
> > > John T
> > >
> > > eServices For You
> > >
> > >
> > >
> > > "Seek, and ye shall find!"
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: isalist-bounce@xxxxxxxxxxxxx
> > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of ISA
> > > Sent: Thursday, August 10, 2006 8:15 PM
> > > To: isalist@xxxxxxxxxxxxx
> > > Subject: [isalist] Error during install
> > >
> > >
> > >
> > > OK, this is where I get confused. I thought ISA 2004 was
> > impenetrable
> > > when properly configured. Why should it make a difference
> > that AD is
> > > running on the same box?
> > >
> > >
> > >
> > > How does SBS 2003 Ent do it? Are there different versions
> > of ISA 2004
> > > (one out of the retail box and one that comes with SBS 2003)?
> > >
> > > Has MS built a vulnerable product i.e. SBS 2003 Ent? If so,
> > that would
> >
> > > be a shame being that it is a quickly growing market.
> > >
> > >
> > >
> > > Regardless of 'why' I don't have the answers to my own
> > questions - I
> > > usually
> > > follow Tom's advice to the T. And while following Tom's
> > advised (HAVE
> > > DC, NO
> > > ISA) I have purchased Sonic Walls instead; at an increasing rate.
> > > Oh..and I
> > > make some additional cash at it too. Client pays $600/$700
> > vs. $3,000
> > > $4,000
> > > with ISA.
> > >
> > >
> > >
> > >
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> > All mail to and from this domain is GFI-scanned.
> >
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> All mail to and from this domain is GFI-scanned.
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
