[isalist] Re: Idiot ISA Comment of the Year

• From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Fri, 18 Aug 2006 07:15:11 -0700

This is where NDA is a bad thing.

Otherwise, I'd be able to tell some hair-raising tales of my own...

You wouldn't believe (maybe you would) some of the design proposals I get.

 

..stuff like:

BOBOI ßà PIX ß|à CP ß|à Juniper ßà LAN

               ISA ßà Net1

 

..all for the sake of "separation as security"

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Amy Babinchak
Sent: Thursday, August 17, 2006 5:03 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Idiot ISA Comment of the Year

 

Separate forest brings me back to the day when my boss sent me to Pennsylvania 
to consolidate 4 domains into one. Upon completion the "admin" at the school 
district told me he wasn't comfortable with all of the schools being in the 
same domain, called my boss and had me undo a weeks worth of work and put every 
school back into its own domain with a two way trust between every domain in 
the name of security. That's when I realized I needed to start looking for a 
new job.

 

Amy 

 

________________________________

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Thomas W Shinder
Sent: Thursday, August 17, 2006 7:59 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Idiot ISA Comment of the Year

 

"Although my preference is to install ISA Server 2004 in a workgroup, 
especially when it's protecting the edge of the network, if you need domain 
membership for ISA Server 2004, consider installing it in a separate forest. 
For example, if you are running ISA Server 2004 in a DMZ, install it in a 
separate forest and then create a one-way trust between your internal forest 
and your ISA Server 2004 forest."

http://www.certcities.com/editorial/columns/story.asp?EditorialsID=207

I hate when these guys stick their collective thumbs up their a**es with this 
kind of idiot advice. Just what type of "protection" to they think they're 
going to stick by putting a PIX in front of the ISA firewall in this scenario? 
Like a friggin bullet fired in in certain establishments, this misconception 
continues to ricochet throughout the clueless without burying itself in the 
right target. ACK.

If you don't understand why this is one of the most moronic statements you can 
make about the ISA firewall, stay tuned to my blog for "Attack of Truth" :)

And to think guys like this are poisoning the minds of poor fledgling ISA 
admins who are trying to get their MCP in ISA :(

Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 


All mail to and from this domain is GFI-scanned.

• References:
  • [isalist] Re: Idiot ISA Comment of the Year
    • From: Amy Babinchak

Other related posts:

• » [isalist] Idiot ISA Comment of the Year
• » [isalist] Re: Idiot ISA Comment of the Year
• » [isalist] Re: Idiot ISA Comment of the Year
• » [isalist] Re: Idiot ISA Comment of the Year
• » [isalist] Re: Idiot ISA Comment of the Year
• » [isalist] Re: Idiot ISA Comment of the Year
• » [isalist] Re: Idiot ISA Comment of the Year
• » [isalist] Re: Idiot ISA Comment of the Year
• » [isalist] Re: Idiot ISA Comment of the Year
• » [isalist] Re: Idiot ISA Comment of the Year
• » [isalist] Re: Idiot ISA Comment of the Year
• » [isalist] Re: Idiot ISA Comment of the Year
• » [isalist] Re: Idiot ISA Comment of the Year
• » [isalist] Re: Idiot ISA Comment of the Year
• » [isalist] Re: Idiot ISA Comment of the Year
• » [isalist] Re: Idiot ISA Comment of the Year

1. Home
2. isalist
3. Archive
4. 08-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---