Hi Don, I have to disagree; "security by obscurity" is false security at best. If they reall want to "spoof" their identity, then they can use an SMTP bridghead or relay at the ISA with no ill effect. Microsoft appears to be the "target of choice" only because it gets the most media attention. The fact is, network devices (wireless, routers, etc.) and xNix machines carry the bulk of attacks and vulnerabilities. It's only because thinkgs like Blaster and Sasser affect their home computers do the CxO's even know (much less care) about most MS vulnerabilities. I'm happy to see that you're not one of the mindless drones who can't get out of the "MS = insecure" mentality. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Fri, 11 Jun 2004 21:13:07 +1000 "Don McCall" <DMcCall@xxxxxxxxxx> wrote: http://www.ISAserver.org Hi Tom, I guess it is a personal preference (and it also pasifies nuerotic management/directors and the like who have heard of security breaches)... however especially if you run your own mail servers as we do using the PIX mail guard option along with other filtering capabilities disguises the make and identity of your mail servers which the ISA does not. If they do not know what they are dealing with it makes it a little more difficult. It also gives one more layer for the potential hacker to work their way through. I am impressed with the ISA however Microsoft products tend to be the target of hackers, when a vulnerability is found, we may not get the warning/patch before potential damage is done. The PIX has vulnerabilities too and I have had one incident where the intruder made their way as far as the ISA and were stopped there. However these days social engineering will deffinitely yeild easier results. The real vulnerabilities are not through the front door (firewall connection to the Internet) but are through lose policies, physical access (including wireless access points)and poor training of personnel and rogue laptops. Well I'm sure you know all that and I have a few other reasons for using a packet filter and ISA servers ;-) As they say aside from my political point of view, my religious beliefs, and preconceived ideas I am totaly flexable! Using the two in series does require interesting configurations... Regards Don -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Friday, 11 June 2004 5:21 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: ISA & Cisco... http://www.ISAserver.org Hi Don, I'm curious as to what kind of security you think the packet filter affords you? I see this assumption a lot, but no one has ever explained to me how a simple packet filter like a Cisco device actually perform any level of security for the ISA firewall? I'm asking this not to be confrontational, but in the sincere wish for a cogent answer, because I have never got one other than "I would not feel comfortable putting an ISA firewall in without putting a [fill in the blank] firewall". Which is just a restatement of the original statement they made. Thanks! Tom -----Original Message----- From: Don McCall [mailto:DMcCall@xxxxxxxxxx] Sent: Friday, June 11, 2004 2:12 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: ISA & Cisco... http://www.ISAserver.org I would have to agree with that statment... at the same time I would be very reluctent to install a single device of either of these products... or for that matter any other... by the way I managed to get it working (NTP) for cisco routers that sit behind my ISA that sits behind a PIX that faces the world.... Have a good weekend Don -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Friday, 11 June 2004 3:27 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: ISA & Cisco... http://www.ISAserver.org There's really no comparison between the two. The Cisco device is simply a router, ISA is a firewall. If they have a routed subnet coming from their ISP, then they can use it between the ISA and the ISP. If they don't then they can use it internally to segregate a couple of subnets. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Thu, 10 Jun 2004 22:22:45 -0400 "Marvin Cummings" <marvc@xxxxxxxxxxxxxxx> wrote: http://www.ISAserver.org I've seen topics mentioned here in the past and now I have one where a client wants to know if their Cisco 2501 router can be used in any way with ISA? I myself am not familiar enough with setting up Cisco devices or to answer that question therefore I suggested using ISA but I figured I'd try here for a 2nd opinion. Anyone have any docs on configuring this type of setup? I'm talking dummy proof with either pictures or detailed explanations of where everything would go. Any responses are appreciated. Thanks ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: dmccall@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please delete it and notify the sender. Views expressed in this message are those of the individual sender, and are not necessarily the views of Baptist Community Services. 2 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: dmccall@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please delete it and notify the sender. Views expressed in this message are those of the individual sender, and are not necessarily the views of Baptist Community Services. 2 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist