RE: FW: [fw-wiz] The Death Of A Firewall
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 27 Oct 2005 09:11:47 -0500
Hey Jim,
I'll bet a shot that they make the students sign an AUP, but is like a
single NIC ISA firewall -- deballed.
They can't do anything to the poor dears, because the inmates run the
asylum these days.
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Thursday, October 27, 2005 9:06 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: FW: [fw-wiz] The Death Of A Firewall
>
> http://www.ISAserver.org
>
> Hmm.
> Conundrum.. I think not.
>
> Let's see, as the school's IT team:
> 1. do I own (or at least control) the network? - yes
> 2. have I published an AUP? - yes
> 3. have all users acknowledged the AUP and consequences of violating
> said restriction? - yes
>
> ..then I don't need no stinkin' openaport button.
> Joe Schmuckatelli got hissef a "500 HTTP Filter blocked your
> silly ass"
> message and posted to isaserver.org message board; well, TFB!
>
> If I can't enforce an AUP, then let the students hack each other to
> death and I'll keep the servers walled off from the unwashed masses.
>
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Thursday, October 27, 2005 6:58 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: FW: [fw-wiz] The Death Of A Firewall
>
> http://www.ISAserver.org
>
> Hi Dan,
>
> Yea, I can see how that would be a disaster in an unmanaged
> environment,
> where the clients are not subject to any secure policy or
> management at
> all. The only advantage I see is that the firewall admins
> don't have to
> deal with finding the Open Port buttons on their firewalls. Its
> everything in and out. They must not have to pay for Internet use
> though, since the worm traffic would bring the utilization through the
> roof.
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
>
>
>
> > -----Original Message-----
> > From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
> > Sent: Thursday, October 27, 2005 8:43 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: FW: [fw-wiz] The Death Of A Firewall
> >
> > http://www.ISAserver.org
> >
> > That is kinda the approach our local University takes. The student
> > laptops (which ALL students are required to lease) basically
> > have their
> > own public IP address via WAPs all over campus.
> >
> > Horrendous design, but takes all the pressure off their IT
> > department as
> > everything is web-based, and the rest is unsupported.
> >
> > -----Original Message-----
> > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > Sent: Wednesday, October 26, 2005 10:48 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] FW: [fw-wiz] The Death Of A Firewall
> >
> > http://www.ISAserver.org
> >
> > This is a very interesting article:
> >
> > http://www.securitypipeline.com/165700439
> >
> > I'll forgive the guy for thinking of high speed packet
> filters as the
> > only type of "firewall" and some other conceptual blubobs.
> We can also
> > ignore the title, since there are still firewalls
> segmenting different
> > security perimeters, which is the thrust of the current
> article series
> > on the www.isaserver.org Web site, and two more article
> series showing
> > some other ways to do network security perimeter segmentation
> > using ISA
> > firewalls.
> >
> > What's interesting is that only the servers and other core network
> > assets are protected and only to and from these assets are strong
> > network access controls enforce. All the clients are considered
> > untrusted, and sit behind an Internet router that lets
> > everything in and
> > out. I suppose this guy has a lot of public addresses to
> get away with
> > this, but some companys have hundreds and thousands and tens of
> > thousands to throw around.
> >
> > I'm going to chew on this idea some more, and see if I can
> tell a good
> > ISA firewall story around it. It certainly would solve the
> "Open Port"
> > button issue.
> >
> > Tom
> >
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://spaces.msn.com/members/drisa/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> > **Who is John Galt?**
> >
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > dball@xxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
Other related posts:
