Re: GFI Download Security

  • From: "Ray Dzek" <rdzek@xxxxxxxxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 27 May 2004 14:39:43 -0700

Know-it-all  ;-)

Is there a way to cascade the authority request?  Ask first, if no answer,
then fall back to anonymous?


Ray Dzek
Network Operations Supervisor
Specialized Bicycle Components

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Thursday, May 27, 2004 9:58 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: GFI Download Security


http://www.ISAserver.org

Actually, IE doesn't send credentials unless it receives a requirement for
them. Even then, how and when credentials are sent "over the wire" depends
on the auth mechanism in use at the responding server.

In order for ISA to log a username, it must first obtain it. The ONLY way
this can happen is via authentication, and that doesn't happen unless you
configure ISA to ask, either by setting "ask 
all unauthenticated.." and / or by making all your policies user- or
group-restricted.

ISA does log the IP of the machine making the request UNLESS you're forcing
SecureNAT or FW clients to the web proxy via the HTTP 
Redirector.
In order for ISA to have a machine name, the request MUST come from a
firewall client.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG  http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
----- Original Message ----- 
From: "Ray Dzek" <rdzek@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, May 27, 2004 08:47
Subject: [isalist] Re: GFI Download Security


http://www.ISAserver.org

I have pretty much given up on GFI at least for now.  We run a mixed
environment here with windows, mac, and linux.  So we run ISA in "anonymous"
authentication mode.  Most of GFI's functionality is therefore neutered.

If the ISA guys are listening, what I need is for ISA to log the username
regardless of what authentication method I am using.  Since the majority of
desktops are windows and using I.E. they are sending their credentials
regardless of whether ISA requires them or not.  Why can't ISA just record
the NetBIOS name in the logs of the machine or IP making the request instead
of just anonymous?  That way if there is username data, then at least
something useful would be there.

Just my $0.02

Ray Dzek
Network Operations Supervisor
Specialized Bicycle Components
PH:  408-782-5420
FX:  408-782-5421

-----Original Message-----
From: Surago Jones [mailto:surago@xxxxxxxxxxxx]
Sent: Thursday, May 27, 2004 5:32 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: GFI Download Security


http://www.ISAserver.org


Hi Ray,



Heh, you'll have to excuse my lateness with this suggestion, but one thing
to look at on the desktops, would be the introduction of some form of
popup/under blocking mechanism.  As I have noted that many of the desktops
that do not have restricted access on them, and that do not have some form
of popup/under blocking mechanism installed are more prone to
spyware/cookies (Especially the later) being installed on them.



Though, many of these could be stopped at the border with a stringent deny
ruleset (Unfortunately, keeping this up to date may be an issue), but it is
definitely something to look into, or at least think about in regards to
keeping internal machines clean (Well more clean at least. :-) )



Cheers



Surago Jones.




  _____


From: Ray Dzek [mailto:rdzek@xxxxxxxxxxxxxxx]
Sent: Thursday, 20 May 2004 5:38 p.m.
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: GFI Download Security



http://www.ISAserver.org

Thanks,

I seriously think this is something worth looking into.  It is probably our
#1 or #2 issue right now.  It  can take up to a few hours to clean a system
from all the crap these (*&#$@(*& install.  It is extremely prevelent on
home PC's along with all the spyware.  I am also working with the local
school district to find a solution for their systems as well.  They are
having a hell of a time keeping their machines clean.


Ray Dzek
Network Operations Supervisor
Specialized Bicycle Components

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, May 19, 2004 4:36 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: GFI Download Security


http://www.ISAserver.org

Hi Ray,

That's a good question. I haven't researched yet what methods are used to
installed scumware on user's computers. I'm sure a variety of methods are
used. I plan to do this if/when I update the application layer filtering kit
to version ISA 2004. I sure its as easy as blocking extensions and content
types, but the devil is always in the details.

Tom

-----Original Message-----
From: Ray Dzek [mailto:rdzek@xxxxxxxxxxxxxxx]
Sent: Wednesday, May 19, 2004 4:03 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: GFI Download Security

http://www.ISAserver.org

Spybot is a desktop solution.  I am looking for a gateway solution to work
in conjunction with ISA.


Ray Dzek
Network Operations Supervisor
Specialized Bicycle Components
PH:  408-782-5420
FX:  408-782-5421

-----Original Message-----
From: cismic [mailto:cismic@xxxxxxx]
Sent: Wednesday, May 19, 2004 10:34 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: GFI Download Security


http://www.ISAserver.org

Hi Ray,
Someone on this list once pointed me to a freeware version of a program
called spybot.  It is a great program for scanning and protecting against
browser hijacking So, I gave the kid a donation.
http://www.safer-networking.org/

Joseph

----- Original Message -----
From: "Ray Dzek" <rdzek@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, May 19, 2004 9:02 AM
Subject: [isalist] GFI Download Security


http://www.ISAserver.org


Hi,

I hope you guys know this product better than GFI's sales people.  I called
and I was not very impressed with the pre-sales knowledge.

We are getting clobbered with browser hijackers.  Does GFI Download Security
kill these buggers?  Or do I need to install AdAware on every PC in the
company?

I have downloaded the trial version, but was hopping for some anecdotal
information from the crowd before I plunk down $1,000+.

Thanks in advance.


Ray Dzek
Network Operations Supervisor
Specialized Bicycle Components


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security Resource
Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security Resource
Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rdzek@xxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security Resource
Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security Resource
Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rdzek@xxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security Resource
Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
surago@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com No.1 Exchange Server
Resource Site: http://www.msexchange.org Windows Security Resource Site:
http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rdzek@xxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com No.1 Exchange Server
Resource Site: http://www.msexchange.org Windows Security Resource Site:
http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com No.1 Exchange Server
Resource Site: http://www.msexchange.org Windows Security Resource Site:
http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rdzek@xxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')



Other related posts: