[isalist] Re: New Articles on Tales
- From: Jim Harrison <Jim@xxxxxxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 17 Aug 2009 17:35:36 -0700
http://www.ISAserver.org
-------------------------------------------------------
You have some odd ones if they're actually taking the hard-line on security.
That's a rarity in the SMB world...
________________________________________
From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of
Steve Moffat [steve@xxxxxxxxxx]
Sent: Monday, August 17, 2009 4:01 PM
To: ISA Mailing List
Subject: [isalist] Re: New Articles on Tales
http://www.ISAserver.org
-------------------------------------------------------
Erm, most of my clients are SBS / EBS
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Monday, August 17, 2009 5:09 PM
To: ISA Mailing List
Subject: [isalist] Re: New Articles on Tales
http://www.ISAserver.org
-------------------------------------------------------
Not really - she's just stating the truth.
Remember - the majority of her clients are SBS / EBS folks.
These are the one that typically say "just make it work and oh, by the way -
keep us secure if you can".
These folks have neither the time nor the inclination to become security-aware;
much less expert other than depending on their firewall / proxy / AM solutions
and the people (like Amy) that they hire to watch over them.
Frankly, I don't think you, Tim or I could survive as an SMB consultant; it
takes a special person to derive actionable specification (much less
satisfaction) from a "just do me right" customer requirement. Come to think of
it, we couldn't survive in the community as "those security guys"... What does
that say about us, I wonder..?
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Steve Moffat
Sent: Monday, August 17, 2009 9:58 AM
To: ISA Mailing List
Subject: [isalist] Re: New Articles on Tales
http://www.ISAserver.org
-------------------------------------------------------
That's a terrible response from you, an MVP at that too. We "should" all be
pro's like Tim. I do my best and at least I have "all" my clients using ISA....
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Amy Babinchak
Sent: Monday, August 17, 2009 12:59 PM
To: ISA Mailing List
Subject: [isalist] Re: New Articles on Tales
http://www.ISAserver.org
-------------------------------------------------------
The end user does care about security, just not in the same way that pros like
you do. I've no problem with a least privilege discussion provided there's room
for the rest of us living in a slightly different reality.
thanks,
Amy
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Thor (Hammer of God)
Sent: Monday, August 17, 2009 11:29 AM
To: ISA Mailing List
Subject: [isalist] Re: New Articles on Tales
http://www.ISAserver.org
-------------------------------------------------------
Sure, but I was hoping the conversation could be escalated out of the "crazy
man with one box" stories and on to the business models that drive the product
we're all talking about. The "oh just bolt TMG on it and it will be more
secure" mentality keeps it in the realm of a host-based firewall toy; something
I've been fighting against for years.
But you know, at least the guy was concerned about security. It think there is
a lesson there too. Everyone saying the end user doesn't know and doesn't
care, and yet we've got a guy who gives a damn enough to go out of his way and
deal with the PITA of only having one box on the internet because of security.
Crappy solution, but at least he was looking for one.
t
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Amy Babinchak
Sent: Monday, August 17, 2009 8:08 AM
To: ISA Mailing List
Subject: [isalist] Re: New Articles on Tales
http://www.ISAserver.org
-------------------------------------------------------
Secure is in the eye of the beholder, isn't it? I talked a business owner that
only allows 1 PC to be connected to the Internet because he wants his network
to be secure. You want to send an email, you walk over and sit down at the
"internet" computer. It's security vs function and ability to manage. Not every
company has a Thor.
thanks,
Amy Babinchak
Harbor Computer Services | 248-850-8616 | Mobile 248-890-1794
Phone Number: 248-850-8616
Web http://www.harborcomputerservices.net
Client Blog http://smalltechnotes.blogspot.com
Tech Blog http://securesmb.harborcomputerservices.net
Buy My House: http:// www.HomesByOwner.com/15490
Are you an IT Pro? http://www.thirdtier.net
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Thor (Hammer of God)
Sent: Monday, August 17, 2009 10:55 AM
To: ISA Mailing List
Subject: [isalist] Re: New Articles on Tales
http://www.ISAserver.org
-------------------------------------------------------
Oh, well if MSFT released it like that, then it must be secure. Sorry, my bad.
t
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Amy Babinchak
Sent: Monday, August 17, 2009 5:41 AM
To: ISA Mailing List
Subject: [isalist] Re: New Articles on Tales
http://www.ISAserver.org
-------------------------------------------------------
Doesn't matter really. The point is that Microsoft has a released firewall
product called TMG with the EE installed on the domain member server. It's the
same enough.
thanks,
Amy Babinchak
Harbor Computer Services | 248-850-8616 | Mobile 248-890-1794
Phone Number: 248-850-8616
Web http://www.harborcomputerservices.net
Client Blog http://smalltechnotes.blogspot.com
Tech Blog http://securesmb.harborcomputerservices.net
Buy My House: http:// www.HomesByOwner.com/15490
Are you an IT Pro? http://www.thirdtier.net
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Steve Moffat
Sent: Monday, August 17, 2009 8:38 AM
To: ISA Mailing List
Subject: [isalist] Re: New Articles on Tales
http://www.ISAserver.org
-------------------------------------------------------
Not the same TMG....
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Amy Babinchak
Sent: Monday, August 17, 2009 9:35 AM
To: ISA Mailing List
Subject: [isalist] Re: New Articles on Tales
http://www.ISAserver.org
-------------------------------------------------------
Microsoft has a released product where the TMG (with EBS) also running the
Exchange 2007 Edge role is a domain member.
thanks,
Amy Babinchak
Harbor Computer Services | 248-850-8616 | Mobile 248-890-1794
Phone Number: 248-850-8616
Web http://www.harborcomputerservices.net
Client Blog http://smalltechnotes.blogspot.com
Tech Blog http://securesmb.harborcomputerservices.net
Buy My House: http:// www.HomesByOwner.com/15490
Are you an IT Pro? http://www.thirdtier.net
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Han Valk
Sent: Monday, August 17, 2009 1:37 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: New Articles on Tales
http://www.ISAserver.org
-------------------------------------------------------
Ok I understand, that still leaves the point that some 'official' guidance from
Microsoft would be nice.
Han.
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of
Jim Harrison [Jim@xxxxxxxxxxxx]
Sent: Sunday, August 16, 2009 4:32 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: New Articles on Tales
http://www.ISAserver.org<http://www.isaserver.org/>
-------------------------------------------------------
There is no "always" or "never" to either of them. It's situational and
requires that the deployment team perform their own threat modeling.
Exchange supports placing the edge role on a WG server to appease the "no
domain members at the edge" tinfoil hat crowd, but when you combine it with
TMG, the attack surface and thus the perceived threat of having the Exch edge
role as a domain member is greatly reduced; even over that offered by Windows
Firewall policies.
Jim
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Han Valk
Sent: Saturday, August 15, 2009 11:54 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: New Articles on Tales
http://www.ISAserver.org<http://www.isaserver.org/>
-------------------------------------------------------
As far as I know Exchange Edge is to be installed on a workgroup server while
TMG does its best job when domain joined. So this is a bit of a contradiction
to me. I would love to see guidance from Microsoft on that. Maybe this can be
added to the Q&A in Understanding Email Protection on TMG.
Han.
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Jim Harrison
> Sent: Sunday, August 16, 2009 00:35
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] New Articles on Tales
>
> http://blogs.technet.com/isablog/archive/2009/08/15/new-tales-from-the
> -
> edge-articles.aspx
------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com<http://www.techgenix.com/>
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com<http://www.techgenix.com/>
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
--
ExchangeDefender Message Security: Click below to verify authenticity
http://www.exchangedefender.com/verify.asp?id=n7HCZOeB031684&from=amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
--
ExchangeDefender Message Security: Click below to verify authenticity
http://www.exchangedefender.com/verify.asp?id=n7HChniQ000721&from=amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
--
ExchangeDefender Message Security: Click below to verify authenticity
http://www.exchangedefender.com/verify.asp?id=n7HF7rbs004934&from=amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
--
ExchangeDefender Message Security: Click below to verify authenticity
http://www.exchangedefender.com/verify.asp?id=n7HFx3pN028517&from=amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts: