Hey Jim, I'll bet a shot that they make the students sign an AUP, but is like a single NIC ISA firewall -- deballed. They can't do anything to the poor dears, because the inmates run the asylum these days. Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > Sent: Thursday, October 27, 2005 9:06 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: FW: [fw-wiz] The Death Of A Firewall > > http://www.ISAserver.org > > Hmm. > Conundrum.. I think not. > > Let's see, as the school's IT team: > 1. do I own (or at least control) the network? - yes > 2. have I published an AUP? - yes > 3. have all users acknowledged the AUP and consequences of violating > said restriction? - yes > > ..then I don't need no stinkin' openaport button. > Joe Schmuckatelli got hissef a "500 HTTP Filter blocked your > silly ass" > message and posted to isaserver.org message board; well, TFB! > > If I can't enforce an AUP, then let the students hack each other to > death and I'll keep the servers walled off from the unwashed masses. > > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Thursday, October 27, 2005 6:58 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: FW: [fw-wiz] The Death Of A Firewall > > http://www.ISAserver.org > > Hi Dan, > > Yea, I can see how that would be a disaster in an unmanaged > environment, > where the clients are not subject to any secure policy or > management at > all. The only advantage I see is that the firewall admins > don't have to > deal with finding the Open Port buttons on their firewalls. Its > everything in and out. They must not have to pay for Internet use > though, since the worm traffic would bring the utilization through the > roof. > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > **Who is John Galt?** > > > > > -----Original Message----- > > From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] > > Sent: Thursday, October 27, 2005 8:43 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: FW: [fw-wiz] The Death Of A Firewall > > > > http://www.ISAserver.org > > > > That is kinda the approach our local University takes. The student > > laptops (which ALL students are required to lease) basically > > have their > > own public IP address via WAPs all over campus. > > > > Horrendous design, but takes all the pressure off their IT > > department as > > everything is web-based, and the rest is unsupported. > > > > -----Original Message----- > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > Sent: Wednesday, October 26, 2005 10:48 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] FW: [fw-wiz] The Death Of A Firewall > > > > http://www.ISAserver.org > > > > This is a very interesting article: > > > > http://www.securitypipeline.com/165700439 > > > > I'll forgive the guy for thinking of high speed packet > filters as the > > only type of "firewall" and some other conceptual blubobs. > We can also > > ignore the title, since there are still firewalls > segmenting different > > security perimeters, which is the thrust of the current > article series > > on the www.isaserver.org Web site, and two more article > series showing > > some other ways to do network security perimeter segmentation > > using ISA > > firewalls. > > > > What's interesting is that only the servers and other core network > > assets are protected and only to and from these assets are strong > > network access controls enforce. All the clients are considered > > untrusted, and sit behind an Internet router that lets > > everything in and > > out. I suppose this guy has a lot of public addresses to > get away with > > this, but some companys have hundreds and thousands and tens of > > thousands to throw around. > > > > I'm going to chew on this idea some more, and see if I can > tell a good > > ISA firewall story around it. It certainly would solve the > "Open Port" > > button issue. > > > > Tom > > > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org > > Blog: http://spaces.msn.com/members/drisa/ > > Book: http://tinyurl.com/3xqb7 > > MVP -- ISA Firewalls > > **Who is John Galt?** > > > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > dball@xxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > >