RE: Protocol question

  • From: "Ball, Dan" <DBall@xxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 7 Apr 2005 12:29:32 -0400

I have to agree with you, there is nothing stopping someone from
purchasing ISA server for home use (except maybe money) and wanting to
use it as their "personal" firewall.  And, as a result, there is no
reason why they can't use it for gaming, and request help in doing so.
I think it is a valid question, how to get a certain software program to
run through an ISA server, whatever the software program may be.  People
shouldn't have to hide what program it is simply to avoid
ridicule/flaming.

However, it also the right of the list managers to specify if they want
to provide support for such uses. If the people in charge of this
mailing list decide they don't want to discuss such topics, they can ban
it, but it should be clearly stated.

And don't get me started on that certification crap... *grin*

-----Original Message-----
From: Kenny Mann [mailto:nazadus@xxxxxxxxxxxxx] 
Sent: Thursday, April 07, 2005 12:00
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Protocol question

http://www.ISAserver.org

So, does running IIS count as violation of a privacy statement too? What
about PHP on that web server? (Remember the PHP vuln recently?)
Does running *any* software that is not 100% security guaranteed count
towards breaching the contract? (we all know that no software is
secure...
Or at least, that should be our attitudes towards it... I think)

Personally, I'm caught (emotionally) towards your feelings and his.
I don't think I've ever heard of someone getting hacked *only* because
they
played some online game. Usually it's from their web server or running
something not properly secured or something inherently insecure piece of
software.
Online games are not inherently insecure or you would hear about
people's
machines being zombies because of this.

Am I missing something?
What I'm questioning is the validity of your statements because I don't
understand.  I'm also no security expert either, so perhaps I'm just
ignorant of something.

What this guy has is a mixed situation. He has ISA on a business AND
home
network. Not everyone has Fortune 100 clients, so I'm sure they know
they
are getting what they pay for (well, I'm going out on a limb here... A
flakey fhakey limb that may hurt me... But for the sake of a good
argument,
because this has been brought up before). If ISA is *only* for business,
then perhaps Microsoft (and perhaps more on this list) should advocate
it as
such.

Now, I do recall someone asking on the forums and their was a thread
about
games that had a pretty comprehensive list...
It's been my experience (coming from a non-certified
person/admin/thing-a-ma-bopper) that getting ISA to let stuff out (IE:
open
port button) can be rather difficult because not everythign is obvious.
Yes, ideally, you want your admin certified, but not every company can
afford it (heck, they hired me when I knew *nothing* for crying out
loud!)

I'm not trying to attack you (sorry, if it comes off as such), John, but
I'm
just trying to get the conversation a little deeper.


Kenny Mann 


Other related posts: