Know-it-all ;-) Is there a way to cascade the authority request? Ask first, if no answer, then fall back to anonymous? Ray Dzek Network Operations Supervisor Specialized Bicycle Components -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Thursday, May 27, 2004 9:58 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: GFI Download Security http://www.ISAserver.org Actually, IE doesn't send credentials unless it receives a requirement for them. Even then, how and when credentials are sent "over the wire" depends on the auth mechanism in use at the responding server. In order for ISA to log a username, it must first obtain it. The ONLY way this can happen is via authentication, and that doesn't happen unless you configure ISA to ask, either by setting "ask all unauthenticated.." and / or by making all your policies user- or group-restricted. ISA does log the IP of the machine making the request UNLESS you're forcing SecureNAT or FW clients to the web proxy via the HTTP Redirector. In order for ISA to have a machine name, the request MUST come from a firewall client. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Ray Dzek" <rdzek@xxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, May 27, 2004 08:47 Subject: [isalist] Re: GFI Download Security http://www.ISAserver.org I have pretty much given up on GFI at least for now. We run a mixed environment here with windows, mac, and linux. So we run ISA in "anonymous" authentication mode. Most of GFI's functionality is therefore neutered. If the ISA guys are listening, what I need is for ISA to log the username regardless of what authentication method I am using. Since the majority of desktops are windows and using I.E. they are sending their credentials regardless of whether ISA requires them or not. Why can't ISA just record the NetBIOS name in the logs of the machine or IP making the request instead of just anonymous? That way if there is username data, then at least something useful would be there. Just my $0.02 Ray Dzek Network Operations Supervisor Specialized Bicycle Components PH: 408-782-5420 FX: 408-782-5421 -----Original Message----- From: Surago Jones [mailto:surago@xxxxxxxxxxxx] Sent: Thursday, May 27, 2004 5:32 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: GFI Download Security http://www.ISAserver.org Hi Ray, Heh, you'll have to excuse my lateness with this suggestion, but one thing to look at on the desktops, would be the introduction of some form of popup/under blocking mechanism. As I have noted that many of the desktops that do not have restricted access on them, and that do not have some form of popup/under blocking mechanism installed are more prone to spyware/cookies (Especially the later) being installed on them. Though, many of these could be stopped at the border with a stringent deny ruleset (Unfortunately, keeping this up to date may be an issue), but it is definitely something to look into, or at least think about in regards to keeping internal machines clean (Well more clean at least. :-) ) Cheers Surago Jones. _____ From: Ray Dzek [mailto:rdzek@xxxxxxxxxxxxxxx] Sent: Thursday, 20 May 2004 5:38 p.m. To: [ISAserver.org Discussion List] Subject: [isalist] Re: GFI Download Security http://www.ISAserver.org Thanks, I seriously think this is something worth looking into. It is probably our #1 or #2 issue right now. It can take up to a few hours to clean a system from all the crap these (*&#$@(*& install. It is extremely prevelent on home PC's along with all the spyware. I am also working with the local school district to find a solution for their systems as well. They are having a hell of a time keeping their machines clean. Ray Dzek Network Operations Supervisor Specialized Bicycle Components -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, May 19, 2004 4:36 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: GFI Download Security http://www.ISAserver.org Hi Ray, That's a good question. I haven't researched yet what methods are used to installed scumware on user's computers. I'm sure a variety of methods are used. I plan to do this if/when I update the application layer filtering kit to version ISA 2004. I sure its as easy as blocking extensions and content types, but the devil is always in the details. Tom -----Original Message----- From: Ray Dzek [mailto:rdzek@xxxxxxxxxxxxxxx] Sent: Wednesday, May 19, 2004 4:03 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: GFI Download Security http://www.ISAserver.org Spybot is a desktop solution. I am looking for a gateway solution to work in conjunction with ISA. Ray Dzek Network Operations Supervisor Specialized Bicycle Components PH: 408-782-5420 FX: 408-782-5421 -----Original Message----- From: cismic [mailto:cismic@xxxxxxx] Sent: Wednesday, May 19, 2004 10:34 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: GFI Download Security http://www.ISAserver.org Hi Ray, Someone on this list once pointed me to a freeware version of a program called spybot. It is a great program for scanning and protecting against browser hijacking So, I gave the kid a donation. http://www.safer-networking.org/ Joseph ----- Original Message ----- From: "Ray Dzek" <rdzek@xxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Wednesday, May 19, 2004 9:02 AM Subject: [isalist] GFI Download Security http://www.ISAserver.org Hi, I hope you guys know this product better than GFI's sales people. I called and I was not very impressed with the pre-sales knowledge. We are getting clobbered with browser hijackers. Does GFI Download Security kill these buggers? Or do I need to install AdAware on every PC in the company? I have downloaded the trial version, but was hopping for some anecdotal information from the crowd before I plunk down $1,000+. Thanks in advance. Ray Dzek Network Operations Supervisor Specialized Bicycle Components ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cismic@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rdzek@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rdzek@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: surago@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rdzek@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rdzek@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')