[isalist] Re: New Articles on Tales

  • From: Jerry Young <jerrygyoungii@xxxxxxxxx>
  • To: isalist@xxxxxxxxxxxxx
  • Date: Tue, 18 Aug 2009 06:59:34 -0400

Ah.... I have.  Changed my mind as a result of losing an argument, that is;
happens with my wife ALL the time, damn her! ;)

On Tue, Aug 18, 2009 at 12:21 AM, Greg Mulholland <greg@xxxxxxxxxxxxxx>wrote:

> Jim and Amy are right. while the end user doesn't know the intricacies of
> security they know they need to have it the same way they know they need oil
> in their car, why they probably couldn't explain to you but they just know.
>
> They rely on experts to propose solutions to meet their business
> objectives. Sometimes the solutions aren't what we ourselves would do but
> that's the nature of business especially in the smb market. For some of us
> who have the fortune to be able to formulate our own guidelines we have the
> luxury of choosing our deployment methods and are not bound by other
> business factors at least not as much as others are. This is clearly not the
> case for many on this list so while we can pound on about security best
> practises it really is not going to change anyone's mind. If people want
> help with deployment scenarios then we are all happy to help i dare say, but
> the 'my solution is better than yours' is neither helpful nor relevant to
> the ultimate question.
>
> The bottom line is the deployment method has to fit your environment and if
> it you can satisfy that to the best of your ability then that's all that
> really matters. As i said, if someone wants specific help on how to achieve
> goals in their specific situation or the pro's and con's of a realworld
> deployment then we are happy to provide proper analysis for your
> consideration, but at the end of the day the decision is yours to make based
> on your own research and information presented to you. Remember, no one ever
> changed their mind as a result of losing an argument.
>
> Greg
> ________________________________________
> From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On
> Behalf Of Jim Harrison [Jim@xxxxxxxxxxxx]
> Sent: Tuesday, 18 August 2009 6:08 AM
>
> To: ISA Mailing List
> Subject: [isalist] Re: New Articles on Tales
>
> http://www.ISAserver.org <http://www.isaserver.org/>
> -------------------------------------------------------
>
> Not really - she's just stating the truth.
> Remember - the majority of her clients are SBS / EBS folks.
> These are the one that typically say "just make it work and oh, by the way
> - keep us secure if you can".
> These folks have neither the time nor the inclination to become
> security-aware; much less expert other than depending on their firewall /
> proxy / AM solutions and the people (like Amy) that they hire to watch over
> them.
>
> Frankly, I don't think you, Tim or I could survive as an SMB consultant; it
> takes a special person to derive actionable specification (much less
> satisfaction) from a "just do me right" customer requirement.  Come to think
> of it, we couldn't survive in the community as "those security guys"...
> What does that say about us, I wonder..?
>
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Steve Moffat
> Sent: Monday, August 17, 2009 9:58 AM
> To: ISA Mailing List
> Subject: [isalist] Re: New Articles on Tales
>
> http://www.ISAserver.org <http://www.isaserver.org/>
> -------------------------------------------------------
>
> That's a terrible response from you, an MVP at that too.  We "should" all
> be pro's like Tim. I do my best and at least I have "all" my clients using
> ISA....
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Amy Babinchak
> Sent: Monday, August 17, 2009 12:59 PM
> To: ISA Mailing List
> Subject: [isalist] Re: New Articles on Tales
>
> http://www.ISAserver.org <http://www.isaserver.org/>
> -------------------------------------------------------
>
> The end user does care about security, just not in the same way that pros
> like you do. I've no problem with a least privilege discussion provided
> there's room for the rest of us living in a slightly different reality.
>
> thanks,
>
> Amy
>
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thor (Hammer of God)
> Sent: Monday, August 17, 2009 11:29 AM
> To: ISA Mailing List
> Subject: [isalist] Re: New Articles on Tales
>
> http://www.ISAserver.org <http://www.isaserver.org/>
> -------------------------------------------------------
>
> Sure, but I was hoping the conversation could be escalated out of the
> "crazy man with one box" stories and on to the business models that drive
> the product we're all talking about.  The "oh just bolt TMG on it and it
> will be more secure" mentality keeps it in the realm of a host-based
> firewall toy; something I've been fighting against for years.
>
> But you know, at least the guy was concerned about security.  It think
> there is a lesson there too.  Everyone saying the end user doesn't know and
> doesn't care, and yet we've got a guy who gives a damn enough to go out of
> his way and deal with the PITA of only having one box on the internet
> because of security.  Crappy solution, but at least he was looking for one.
>
> t
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Amy Babinchak
> Sent: Monday, August 17, 2009 8:08 AM
> To: ISA Mailing List
> Subject: [isalist] Re: New Articles on Tales
>
> http://www.ISAserver.org <http://www.isaserver.org/>
> -------------------------------------------------------
>
> Secure is in the eye of the beholder, isn't it? I talked a business owner
> that only allows 1 PC to be connected to the Internet because he wants his
> network to be secure. You want to send an email, you walk over and sit down
> at the "internet" computer. It's security vs function and ability to manage.
> Not every company has a Thor.
>
> thanks,
>
> Amy Babinchak
>
> Harbor Computer Services | 248-850-8616 | Mobile 248-890-1794
>
> Phone Number: 248-850-8616
>
> Web   http://www.harborcomputerservices.net
> Client Blog   http://smalltechnotes.blogspot.com
> Tech Blog   http://securesmb.harborcomputerservices.net
>
> Buy My House: http:// 
> www.HomesByOwner.com/15490<http://www.homesbyowner.com/15490>
>
> Are you an IT Pro?  http://www.thirdtier.net
>
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thor (Hammer of God)
> Sent: Monday, August 17, 2009 10:55 AM
> To: ISA Mailing List
> Subject: [isalist] Re: New Articles on Tales
>
> http://www.ISAserver.org <http://www.isaserver.org/>
> -------------------------------------------------------
>
> Oh, well if MSFT released it like that, then it must be secure.  Sorry, my
> bad.
>
> t
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Amy Babinchak
> Sent: Monday, August 17, 2009 5:41 AM
> To: ISA Mailing List
> Subject: [isalist] Re: New Articles on Tales
>
> http://www.ISAserver.org <http://www.isaserver.org/>
> -------------------------------------------------------
>
> Doesn't matter really. The point is that Microsoft has a released firewall
> product called TMG with the EE installed on the domain member server. It's
> the same enough.
>
> thanks,
>
> Amy Babinchak
>
> Harbor Computer Services | 248-850-8616 | Mobile 248-890-1794
>
> Phone Number: 248-850-8616
>
> Web   http://www.harborcomputerservices.net
> Client Blog   http://smalltechnotes.blogspot.com
> Tech Blog   http://securesmb.harborcomputerservices.net
>
> Buy My House: http:// 
> www.HomesByOwner.com/15490<http://www.homesbyowner.com/15490>
>
> Are you an IT Pro?  http://www.thirdtier.net
>
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Steve Moffat
> Sent: Monday, August 17, 2009 8:38 AM
> To: ISA Mailing List
> Subject: [isalist] Re: New Articles on Tales
>
> http://www.ISAserver.org <http://www.isaserver.org/>
> -------------------------------------------------------
>
> Not the same TMG....
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Amy Babinchak
> Sent: Monday, August 17, 2009 9:35 AM
> To: ISA Mailing List
> Subject: [isalist] Re: New Articles on Tales
>
> http://www.ISAserver.org <http://www.isaserver.org/>
> -------------------------------------------------------
>
> Microsoft has a released product where the TMG (with EBS) also running the
> Exchange 2007 Edge role is a domain member.
>
> thanks,
>
> Amy Babinchak
>
> Harbor Computer Services | 248-850-8616 | Mobile 248-890-1794
>
> Phone Number: 248-850-8616
>
> Web   http://www.harborcomputerservices.net
> Client Blog   http://smalltechnotes.blogspot.com
> Tech Blog   http://securesmb.harborcomputerservices.net
>
> Buy My House: http:// 
> www.HomesByOwner.com/15490<http://www.homesbyowner.com/15490>
>
> Are you an IT Pro?  http://www.thirdtier.net
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Han Valk
> Sent: Monday, August 17, 2009 1:37 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: New Articles on Tales
>
> http://www.ISAserver.org <http://www.isaserver.org/>
> -------------------------------------------------------
>
> Ok I understand, that still leaves the point that some 'official' guidance
> from Microsoft would be nice.
>
> Han.
>
> ________________________________
> From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On
> Behalf Of Jim Harrison [Jim@xxxxxxxxxxxx]
> Sent: Sunday, August 16, 2009 4:32 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: New Articles on Tales
>
> http://www.ISAserver.org <http://www.isaserver.org/><
> http://www.isaserver.org/>
> -------------------------------------------------------
>
> There is no "always" or "never" to either of them. It's situational and
> requires that the deployment team perform their own threat modeling.
> Exchange supports placing the edge role on a WG server to appease the "no
> domain members at the edge" tinfoil hat crowd, but when you combine it with
> TMG, the attack surface and thus the perceived threat of having the Exch
> edge role as a domain member is greatly reduced; even over that offered by
> Windows Firewall policies.
>
> Jim
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Han Valk
> Sent: Saturday, August 15, 2009 11:54 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: New Articles on Tales
>
> http://www.ISAserver.org <http://www.isaserver.org/><
> http://www.isaserver.org/>
> -------------------------------------------------------
>
> As far as I know Exchange Edge is to be installed on a workgroup server
> while TMG does its best job when domain joined. So this is a bit of a
> contradiction to me. I would love to see guidance from Microsoft on that.
> Maybe this can be added to the Q&A in Understanding Email Protection on TMG.
>
> Han.
>
>
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > On Behalf Of Jim Harrison
> > Sent: Sunday, August 16, 2009 00:35
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] New Articles on Tales
> >
> > http://blogs.technet.com/isablog/archive/2009/08/15/new-tales-from-the
> > -
> > edge-articles.aspx
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com<http://www.techgenix.com/>
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com<http://www.techgenix.com/>
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> --
> ExchangeDefender Message Security: Click below to verify authenticity
> http://www.exchangedefender.com/verify.asp?id=n7HCZOeB031684&from=amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> --
> ExchangeDefender Message Security: Click below to verify authenticity
> http://www.exchangedefender.com/verify.asp?id=n7HChniQ000721&from=amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> --
> ExchangeDefender Message Security: Click below to verify authenticity
> http://www.exchangedefender.com/verify.asp?id=n7HF7rbs004934&from=amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> --
> ExchangeDefender Message Security: Click below to verify authenticity
> http://www.exchangedefender.com/verify.asp?id=n7HFx3pN028517&from=amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>



-- 
Cordially yours,
Jerry G. Young II
Microsoft Certified Systems Engineer

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 08-2009