Ah.... I have. Changed my mind as a result of losing an argument, that is; happens with my wife ALL the time, damn her! ;) On Tue, Aug 18, 2009 at 12:21 AM, Greg Mulholland <greg@xxxxxxxxxxxxxx>wrote: > Jim and Amy are right. while the end user doesn't know the intricacies of > security they know they need to have it the same way they know they need oil > in their car, why they probably couldn't explain to you but they just know. > > They rely on experts to propose solutions to meet their business > objectives. Sometimes the solutions aren't what we ourselves would do but > that's the nature of business especially in the smb market. For some of us > who have the fortune to be able to formulate our own guidelines we have the > luxury of choosing our deployment methods and are not bound by other > business factors at least not as much as others are. This is clearly not the > case for many on this list so while we can pound on about security best > practises it really is not going to change anyone's mind. If people want > help with deployment scenarios then we are all happy to help i dare say, but > the 'my solution is better than yours' is neither helpful nor relevant to > the ultimate question. > > The bottom line is the deployment method has to fit your environment and if > it you can satisfy that to the best of your ability then that's all that > really matters. As i said, if someone wants specific help on how to achieve > goals in their specific situation or the pro's and con's of a realworld > deployment then we are happy to provide proper analysis for your > consideration, but at the end of the day the decision is yours to make based > on your own research and information presented to you. Remember, no one ever > changed their mind as a result of losing an argument. > > Greg > ________________________________________ > From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On > Behalf Of Jim Harrison [Jim@xxxxxxxxxxxx] > Sent: Tuesday, 18 August 2009 6:08 AM > > To: ISA Mailing List > Subject: [isalist] Re: New Articles on Tales > > http://www.ISAserver.org <http://www.isaserver.org/> > ------------------------------------------------------- > > Not really - she's just stating the truth. > Remember - the majority of her clients are SBS / EBS folks. > These are the one that typically say "just make it work and oh, by the way > - keep us secure if you can". > These folks have neither the time nor the inclination to become > security-aware; much less expert other than depending on their firewall / > proxy / AM solutions and the people (like Amy) that they hire to watch over > them. > > Frankly, I don't think you, Tim or I could survive as an SMB consultant; it > takes a special person to derive actionable specification (much less > satisfaction) from a "just do me right" customer requirement. Come to think > of it, we couldn't survive in the community as "those security guys"... > What does that say about us, I wonder..? > > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Steve Moffat > Sent: Monday, August 17, 2009 9:58 AM > To: ISA Mailing List > Subject: [isalist] Re: New Articles on Tales > > http://www.ISAserver.org <http://www.isaserver.org/> > ------------------------------------------------------- > > That's a terrible response from you, an MVP at that too. We "should" all > be pro's like Tim. I do my best and at least I have "all" my clients using > ISA.... > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Amy Babinchak > Sent: Monday, August 17, 2009 12:59 PM > To: ISA Mailing List > Subject: [isalist] Re: New Articles on Tales > > http://www.ISAserver.org <http://www.isaserver.org/> > ------------------------------------------------------- > > The end user does care about security, just not in the same way that pros > like you do. I've no problem with a least privilege discussion provided > there's room for the rest of us living in a slightly different reality. > > thanks, > > Amy > > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Thor (Hammer of God) > Sent: Monday, August 17, 2009 11:29 AM > To: ISA Mailing List > Subject: [isalist] Re: New Articles on Tales > > http://www.ISAserver.org <http://www.isaserver.org/> > ------------------------------------------------------- > > Sure, but I was hoping the conversation could be escalated out of the > "crazy man with one box" stories and on to the business models that drive > the product we're all talking about. The "oh just bolt TMG on it and it > will be more secure" mentality keeps it in the realm of a host-based > firewall toy; something I've been fighting against for years. > > But you know, at least the guy was concerned about security. It think > there is a lesson there too. Everyone saying the end user doesn't know and > doesn't care, and yet we've got a guy who gives a damn enough to go out of > his way and deal with the PITA of only having one box on the internet > because of security. Crappy solution, but at least he was looking for one. > > t > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Amy Babinchak > Sent: Monday, August 17, 2009 8:08 AM > To: ISA Mailing List > Subject: [isalist] Re: New Articles on Tales > > http://www.ISAserver.org <http://www.isaserver.org/> > ------------------------------------------------------- > > Secure is in the eye of the beholder, isn't it? I talked a business owner > that only allows 1 PC to be connected to the Internet because he wants his > network to be secure. You want to send an email, you walk over and sit down > at the "internet" computer. It's security vs function and ability to manage. > Not every company has a Thor. > > thanks, > > Amy Babinchak > > Harbor Computer Services | 248-850-8616 | Mobile 248-890-1794 > > Phone Number: 248-850-8616 > > Web http://www.harborcomputerservices.net > Client Blog http://smalltechnotes.blogspot.com > Tech Blog http://securesmb.harborcomputerservices.net > > Buy My House: http:// > www.HomesByOwner.com/15490<http://www.homesbyowner.com/15490> > > Are you an IT Pro? http://www.thirdtier.net > > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Thor (Hammer of God) > Sent: Monday, August 17, 2009 10:55 AM > To: ISA Mailing List > Subject: [isalist] Re: New Articles on Tales > > http://www.ISAserver.org <http://www.isaserver.org/> > ------------------------------------------------------- > > Oh, well if MSFT released it like that, then it must be secure. Sorry, my > bad. > > t > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Amy Babinchak > Sent: Monday, August 17, 2009 5:41 AM > To: ISA Mailing List > Subject: [isalist] Re: New Articles on Tales > > http://www.ISAserver.org <http://www.isaserver.org/> > ------------------------------------------------------- > > Doesn't matter really. The point is that Microsoft has a released firewall > product called TMG with the EE installed on the domain member server. It's > the same enough. > > thanks, > > Amy Babinchak > > Harbor Computer Services | 248-850-8616 | Mobile 248-890-1794 > > Phone Number: 248-850-8616 > > Web http://www.harborcomputerservices.net > Client Blog http://smalltechnotes.blogspot.com > Tech Blog http://securesmb.harborcomputerservices.net > > Buy My House: http:// > www.HomesByOwner.com/15490<http://www.homesbyowner.com/15490> > > Are you an IT Pro? http://www.thirdtier.net > > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Steve Moffat > Sent: Monday, August 17, 2009 8:38 AM > To: ISA Mailing List > Subject: [isalist] Re: New Articles on Tales > > http://www.ISAserver.org <http://www.isaserver.org/> > ------------------------------------------------------- > > Not the same TMG.... > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Amy Babinchak > Sent: Monday, August 17, 2009 9:35 AM > To: ISA Mailing List > Subject: [isalist] Re: New Articles on Tales > > http://www.ISAserver.org <http://www.isaserver.org/> > ------------------------------------------------------- > > Microsoft has a released product where the TMG (with EBS) also running the > Exchange 2007 Edge role is a domain member. > > thanks, > > Amy Babinchak > > Harbor Computer Services | 248-850-8616 | Mobile 248-890-1794 > > Phone Number: 248-850-8616 > > Web http://www.harborcomputerservices.net > Client Blog http://smalltechnotes.blogspot.com > Tech Blog http://securesmb.harborcomputerservices.net > > Buy My House: http:// > www.HomesByOwner.com/15490<http://www.homesbyowner.com/15490> > > Are you an IT Pro? http://www.thirdtier.net > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Han Valk > Sent: Monday, August 17, 2009 1:37 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: New Articles on Tales > > http://www.ISAserver.org <http://www.isaserver.org/> > ------------------------------------------------------- > > Ok I understand, that still leaves the point that some 'official' guidance > from Microsoft would be nice. > > Han. > > ________________________________ > From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On > Behalf Of Jim Harrison [Jim@xxxxxxxxxxxx] > Sent: Sunday, August 16, 2009 4:32 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: New Articles on Tales > > http://www.ISAserver.org <http://www.isaserver.org/>< > http://www.isaserver.org/> > ------------------------------------------------------- > > There is no "always" or "never" to either of them. It's situational and > requires that the deployment team perform their own threat modeling. > Exchange supports placing the edge role on a WG server to appease the "no > domain members at the edge" tinfoil hat crowd, but when you combine it with > TMG, the attack surface and thus the perceived threat of having the Exch > edge role as a domain member is greatly reduced; even over that offered by > Windows Firewall policies. > > Jim > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Han Valk > Sent: Saturday, August 15, 2009 11:54 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: New Articles on Tales > > http://www.ISAserver.org <http://www.isaserver.org/>< > http://www.isaserver.org/> > ------------------------------------------------------- > > As far as I know Exchange Edge is to be installed on a workgroup server > while TMG does its best job when domain joined. So this is a bit of a > contradiction to me. I would love to see guidance from Microsoft on that. > Maybe this can be added to the Q&A in Understanding Email Protection on TMG. > > Han. > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > On Behalf Of Jim Harrison > > Sent: Sunday, August 16, 2009 00:35 > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] New Articles on Tales > > > > http://blogs.technet.com/isablog/archive/2009/08/15/new-tales-from-the > > - > > edge-articles.aspx > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com<http://www.techgenix.com/> > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com<http://www.techgenix.com/> > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > -- > ExchangeDefender Message Security: Click below to verify authenticity > http://www.exchangedefender.com/verify.asp?id=n7HCZOeB031684&from=amy@xxxxxxxxxxxxxxxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > -- > ExchangeDefender Message Security: Click below to verify authenticity > http://www.exchangedefender.com/verify.asp?id=n7HChniQ000721&from=amy@xxxxxxxxxxxxxxxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > -- > ExchangeDefender Message Security: Click below to verify authenticity > http://www.exchangedefender.com/verify.asp?id=n7HF7rbs004934&from=amy@xxxxxxxxxxxxxxxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > -- > ExchangeDefender Message Security: Click below to verify authenticity > http://www.exchangedefender.com/verify.asp?id=n7HFx3pN028517&from=amy@xxxxxxxxxxxxxxxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > -- Cordially yours, Jerry G. Young II Microsoft Certified Systems Engineer