[isalist] Re: Idiot ISA Comment of the Year
- From: "Greg Mulholland" <gmulholland@xxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Fri, 18 Aug 2006 09:53:12 +1000
I gave up arguing..if it makes them feel more comfortable then, good for them!
Greg
----- Original Message -----
From: Thomas W Shinder
To: isalist@xxxxxxxxxxxxx
Sent: Friday, August 18, 2006 9:59 AM
Subject: [isalist] Idiot ISA Comment of the Year
"Although my preference is to install ISA Server 2004 in a workgroup,
especially when it's protecting the edge of the network, if you need domain
membership for ISA Server 2004, consider installing it in a separate forest.
For example, if you are running ISA Server 2004 in a DMZ, install it in a
separate forest and then create a one-way trust between your internal forest
and your ISA Server 2004 forest."
http://www.certcities.com/editorial/columns/story.asp?EditorialsID=207
I hate when these guys stick their collective thumbs up their a**es with this
kind of idiot advice. Just what type of "protection" to they think they're
going to stick by putting a PIX in front of the ISA firewall in this scenario?
Like a friggin bullet fired in in certain establishments, this misconception
continues to ricochet throughout the clueless without burying itself in the
right target. ACK.
If you don't understand why this is one of the most moronic statements you
can make about the ISA firewall, stay tuned to my blog for "Attack of Truth" :)
And to think guys like this are poisoning the minds of poor fledgling ISA
admins who are trying to get their MCP in ISA :(
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
Other related posts:
