RE: Protocol question

  • From: "Kenny Mann" <nazadus@xxxxxxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 7 Apr 2005 11:00:11 -0500

So, does running IIS count as violation of a privacy statement too? What
about PHP on that web server? (Remember the PHP vuln recently?)
Does running *any* software that is not 100% security guaranteed count
towards breaching the contract? (we all know that no software is secure...
Or at least, that should be our attitudes towards it... I think)

Personally, I'm caught (emotionally) towards your feelings and his.
I don't think I've ever heard of someone getting hacked *only* because they
played some online game. Usually it's from their web server or running
something not properly secured or something inherently insecure piece of
software.
Online games are not inherently insecure or you would hear about people's
machines being zombies because of this.

Am I missing something?
What I'm questioning is the validity of your statements because I don't
understand.  I'm also no security expert either, so perhaps I'm just
ignorant of something.

What this guy has is a mixed situation. He has ISA on a business AND home
network. Not everyone has Fortune 100 clients, so I'm sure they know they
are getting what they pay for (well, I'm going out on a limb here... A
flakey fhakey limb that may hurt me... But for the sake of a good argument,
because this has been brought up before). If ISA is *only* for business,
then perhaps Microsoft (and perhaps more on this list) should advocate it as
such.

Now, I do recall someone asking on the forums and their was a thread about
games that had a pretty comprehensive list...
It's been my experience (coming from a non-certified
person/admin/thing-a-ma-bopper) that getting ISA to let stuff out (IE: open
port button) can be rather difficult because not everythign is obvious.
Yes, ideally, you want your admin certified, but not every company can
afford it (heck, they hired me when I knew *nothing* for crying out loud!)

I'm not trying to attack you (sorry, if it comes off as such), John, but I'm
just trying to get the conversation a little deeper.


Kenny Mann 

-----Original Message-----
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] 
Sent: Thursday, April 07, 2005 10:45 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Protocol question

http://www.ISAserver.org

> As I explained John in one of my post I have a home business which 
> relies on ISA 2004 Server for my clients, and business security, the 
> issue was that my wife and I decided it was best for the time being to 
> cut our home DSL connection and use our business connection for the 
> time being. So using a linksys router or another method other than ISA 
> 2004 Server is simply not an option.

Andrew, you seem to be missing a basic fundamental point. Firewalls and
on-line games are almost mutually exclusive.

What you are saying is you are using ISA for your clients and/or to provide
service to your clients, yet you also want to play on-line games through the
same connection.

Why would you compromise the security of your clients in that manner? Are
your clients aware of the fact that you are playing on-line games through
that very same connection? What are you going to tell your clients WHEN not
if your computer becomes compromised as a result of playing on-line games
and client data either becomes corrupted or is stolen? You do have a privacy
statement with your clients, correct? I believe playing on-line games on the
same connection will be seen by any court of law as a breach of that privacy
statement.

When you are providing a service to others, your interests and desires MUST
take a back seat to the safety and security as well as fulfilling the agreed
upon services to those others.

I am sorry Andrew, but from a professional, legal, moral and ethical
standpoint, what you are trying to do is flat out wrong!

I hope you reconsider.

John T
eServices For You



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
nazadus@xxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx




Other related posts: