RE: Protocol question

  • From: "Kenny Mann" <nazadus@xxxxxxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 7 Apr 2005 13:10:32 -0500

"The point I was trying to make is that Andrew, when offered fishing tackle,
only repeated his demands for a fish.

I agree, however it seems that he has already tried those (Am I wrong? He
did say he tried to open them... The FAQ only told him the information he
already knew). This feels like a "Hey, you need a spinner bait to catch this
kind of fish." after seeing, in his hand, a book on how to catch that kind
of fish mentioning the spinner bait. Wow, this feels convaluted. I may be
wrong here though.

"This, more than anything else, is what garners him my less-than-friendly
responses."

I disagree. I believe that when someone mentions they want to play a game,
the attitude changes towards "You idiot, you shouldn't do that. Catch a
clue". It's also quite possible it's just a communication problem and some
percieve it as a chewing out whereas some are just trying to inform. Such
things happen.

Steve:
"Andrew, the best way to do this, believe it or not, is put your pc in a dmz
that is wide open., then use xp firewall. "

This is going to sound stupid but I *really* hate relying on the built-in
windows firewall. I'm overly paranoid (justified or not, I am; I don't know
how it works or where it stocks the packets at, thusly I don't trust it).
Perhaps placing it in a DMZ and perhaps placing that computer behind the
linkysys (double NAT?). Then again, I hate most software firewalls (ISA
being the *only* exception... And that's only because I was forced to see
the light; Perhaps I'll get over the WinXP firewall eventually...).
This would also allow him to have a separate business and personal side to
his firewall... This might let you (Andrew) sleep better at night.

/two cents.

Kenny 

-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: Thursday, April 07, 2005 11:45 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Protocol question

http://www.ISAserver.org

You both raise valid points - if you pays your money, you can do whatever
you want with the product you purchased (within EULA limits, of course).
There are some very strong opinions here regarding what you should allow
through a firewall.
The fact that Andy chooses to mix his tenses in his own environment is his
choice (and hard to defend when he tries to account for it come tax time).

The point I was trying to make is that Andrew, when offered fishing tackle,
only repeated his demands for a fish.

This, more than anything else, is what garners him my less-than-friendly
responses.

-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 
-----Original Message-----
From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
Sent: Thursday, April 07, 2005 09:30
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Protocol question

http://www.ISAserver.org

I have to agree with you, there is nothing stopping someone from purchasing
ISA server for home use (except maybe money) and wanting to use it as their
"personal" firewall.  And, as a result, there is no reason why they can't
use it for gaming, and request help in doing so.
I think it is a valid question, how to get a certain software program to run
through an ISA server, whatever the software program may be.  People
shouldn't have to hide what program it is simply to avoid ridicule/flaming.

However, it also the right of the list managers to specify if they want to
provide support for such uses. If the people in charge of this mailing list
decide they don't want to discuss such topics, they can ban it, but it
should be clearly stated.

And don't get me started on that certification crap... *grin*

-----Original Message-----
From: Kenny Mann [mailto:nazadus@xxxxxxxxxxxxx]
Sent: Thursday, April 07, 2005 12:00
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Protocol question

http://www.ISAserver.org

So, does running IIS count as violation of a privacy statement too? What
about PHP on that web server? (Remember the PHP vuln recently?) Does running
*any* software that is not 100% security guaranteed count towards breaching
the contract? (we all know that no software is secure...
Or at least, that should be our attitudes towards it... I think)

Personally, I'm caught (emotionally) towards your feelings and his.
I don't think I've ever heard of someone getting hacked *only* because they
played some online game. Usually it's from their web server or running
something not properly secured or something inherently insecure piece of
software.
Online games are not inherently insecure or you would hear about people's
machines being zombies because of this.

Am I missing something?
What I'm questioning is the validity of your statements because I don't
understand.  I'm also no security expert either, so perhaps I'm just
ignorant of something.

What this guy has is a mixed situation. He has ISA on a business AND home
network. Not everyone has Fortune 100 clients, so I'm sure they know they
are getting what they pay for (well, I'm going out on a limb here... A
flakey fhakey limb that may hurt me... But for the sake of a good argument,
because this has been brought up before). If ISA is *only* for business,
then perhaps Microsoft (and perhaps more on this list) should advocate it as
such.

Now, I do recall someone asking on the forums and their was a thread about
games that had a pretty comprehensive list...
It's been my experience (coming from a non-certified
person/admin/thing-a-ma-bopper) that getting ISA to let stuff out (IE:
open
port button) can be rather difficult because not everythign is obvious.
Yes, ideally, you want your admin certified, but not every company can
afford it (heck, they hired me when I knew *nothing* for crying out
loud!)

I'm not trying to attack you (sorry, if it comes off as such), John, but I'm
just trying to get the conversation a little deeper.


Kenny Mann 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
nazadus@xxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx




Other related posts: