[isalist] Re: Error during install
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Sat, 12 Aug 2006 09:41:25 -0700
http://www.ISAserver.org
-------------------------------------------------------
Not really; although they'd likely have been pretty spooched about the
new flood mitigation technology.
Tony was the only one that made this noise and that was in the context
of an ISA 2004 permon discussion.
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Thomas W Shinder
Sent: Saturday, August 12, 2006 9:10 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Error during install
http://www.ISAserver.org
-------------------------------------------------------
I suppose that voice was even louder for 2006? I'm sure they need
Kerberos Constrained Delegation and Web Farm Load balancing ;)
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Saturday, August 12, 2006 11:06 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Error during install
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> ..because SBS represents a significant revenue stream and they said
> "we want ISA".
> Fortunately, not every "wewant" is noticed; otherwise, SBS would be an
> unsupportable mishmash of horrific applications.
> The SBS voice is loud; otherwise there would be no SBS product team
> and the whole deployment would be a collection of whitepapers.
> You shoulda
> heard the noise created when ISA 2004 wasn't part of SBS 2003 RTM, but
> had to wait until SP1.
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thomas W Shinder
> Sent: Saturday, August 12, 2006 8:58 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Error during install
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Yep, I'll never figure out why they made that decision.
>
> Maybe someday, they'll re-brand the Windows Firewall for Window Server
> and call it ISAexpress and charge them extra for that ;)
>
> Laterz,
> GMT
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
>
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > Sent: Saturday, August 12, 2006 10:53 AM
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: Error during install
> >
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >
> > Sad to say, he never tried (no great surprise, there).
> > I saw a few attempts from other sources, though.
> >
> > For the complete record, "the real world" includes much
> more than SBS.
> > The fact that MS chooses to increase the revenue stream with this
> > product in no way demonstrates that this is a "desirable"
> deployment.
> > In point of fact, this is the single hardest deployment to
> attempt and
>
> > represents a very large security compromise for any of the products
> > assembled therein. It has to be; these products were
> neither designed
>
> > nor tested to function this way except in SBS. Anyone trying to
> > emulate an SBS deployment by themselves is in for a nasty shock.
> >
> > You yourself have argued that neither ISA nor its OEM offerings are
> > priced for SBS; this is intentional because it's designed as an
> > Enterprise product. SBS folks get it (and other products) for damn
> > near free.
> >
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
> > Sent: Saturday, August 12, 2006 12:50 AM
> > To: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
> > Cc: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: Error during install
> >
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >
> > ...and last I heard Tony Su never did hack into Mr.
> Harrison's server
> > either....
> >
> > Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
> > > For the record it's called SBS 2003 "Premium" not
> > Enterprise in case
> > > you want to google... and I've yet to see a SBS box get
> > hacked. ISA
> > > is ISA. And Microsoft has not built a "vulnerable" product.
> > >
> > > We get nailed from stupid users running with admin
> rights. We get
> > > nailed with professionals that don't use the connect to Internet
> > > Wizard to set up the firewall and set it up incorrectly.
> > That's how
> > > we get nailed. As has been stated.. a properly
> configured network
> > > will be just fine.
> > > We're not big business, we're small business and it's a
> reasonable
> > > risk. Day in and day out Amy Babinchak, an ISA
> > professional showcases
> >
> > > that ISA works for small businesses.
> > >
> > > Make ISA on a standalone box into a reasonable price range in the
> > > Cougar or Centro era and let's talk.
> > >
> > > Folks these days either go with a hardware firewall on
> the outside
> > > for a smidge of paranoia protection, ISA in a two nic setup
> > ...or they
> >
> > > do a one nic with a Sonicwall because ISA just is not cost
> > > effective... or ..quite bluntly.. they don't trust it.
> > >
> > > Those of us who believe in ISA (and yes that's those of
> us who run
> > > real businesses in the real world) we show every day that it can
> > > protect even when it's on the same server with the DC.
> > >
> > > It works.
> > >
> > > So out here in the real world.... it's ISA or you lose the sale.
> > >
> > > That's the real world out here.
> > >
> > > There are..however.. those in the SBS mvp community like Jeff
> > > Middleton who want it off the SBS box because of the
> annoying ways
> > > that it interferes with troubleshooting issues.
> > >
> > > Will I want it on the same box in the Cougar era? Ask me
> when that
> > > ships (whenever that may ship) I might be doing Centro by
> > that time
> > > which probably will peel off that server role. Who knows.
> > I evaluate
> >
> > > my risks and threats and right now I'm comfortable with ISA
> > on the box
> >
> > > with Dana Epp's Firewall dashboard adding more reports
> that give me
> > > the info I need.
> > >
> > >
> > > From: "John T \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
> > > Subject: [isalist] Re: Error during install
> > > Date: Fri, 11 Aug 2006 00:26:48 -0700
> > >
> > > As the good doctor has said, most ISA professionals will
> > tell you that
> >
> > > including ISA server with SBS Enterprise was a dumb idea.
> > >
> > >
> > > John T
> > >
> > > eServices For You
> > >
> > >
> > >
> > > "Seek, and ye shall find!"
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: isalist-bounce@xxxxxxxxxxxxx
> > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of ISA
> > > Sent: Thursday, August 10, 2006 8:15 PM
> > > To: isalist@xxxxxxxxxxxxx
> > > Subject: [isalist] Error during install
> > >
> > >
> > >
> > > OK, this is where I get confused. I thought ISA 2004 was
> > impenetrable
> > > when properly configured. Why should it make a difference
> > that AD is
> > > running on the same box?
> > >
> > >
> > >
> > > How does SBS 2003 Ent do it? Are there different versions
> > of ISA 2004
> > > (one out of the retail box and one that comes with SBS 2003)?
> > >
> > > Has MS built a vulnerable product i.e. SBS 2003 Ent? If so,
> > that would
> >
> > > be a shame being that it is a quickly growing market.
> > >
> > >
> > >
> > > Regardless of 'why' I don't have the answers to my own
> > questions - I
> > > usually
> > > follow Tom's advice to the T. And while following Tom's
> > advised (HAVE
> > > DC, NO
> > > ISA) I have purchased Sonic Walls instead; at an increasing rate.
> > > Oh..and I
> > > make some additional cash at it too. Client pays $600/$700
> > vs. $3,000
> > > $4,000
> > > with ISA.
> > >
> > >
> > >
> > >
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> > All mail to and from this domain is GFI-scanned.
> >
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> All mail to and from this domain is GFI-scanned.
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
