Hi Amy, The thing that gets me is that the term is useless and meaningless and leads to uneeded confusion. The tech support guy who says "open ports 1, 2 and 3". OK, first there is no open port button. Second, there is no directionality to the statement. Third, there is no source or destination port information in the statement. Fourth, there is no indication of whether this is a primary to secondary connection. Fifth, it says nothing about things like the app layer protocol embedding private addresses in the comm stream. The "open a port" concept comes from people who have no idea what's going on. They imagine that the firewall is a wall with a series of serrated circles on it, and each of these circles has a number. Now, to open port 3, you just punch is out and "stuff" (not otherwise specified) flows through it. Too bad things don't work that way, otherwise the Open Port Button [patent pending] would be a useful thing and not something used for comic relief :) Thanks! Tom _____ From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Wednesday, January 21, 2004 3:04 PM To: [ISAserver.org Discussion List] Subject: RE: [isalist] Stop me before I jump... Yes, well the information is uesful for those of us that have to support non-ISA firewall configurations. Beleive me I hate that my only options on a symantec firewall/VPN thingy are open or non-existant. Talk about a security problem waiting to happen. Such is the life of a consultant. Amy _____ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Wed 1/21/2004 3:58 PM To: [ISAserver.org Discussion List] Subject: [isalist] Stop me before I jump... http://www.ISAserver.org http://www.ISAserver.org From the Windows 2003 Help File: "To use Remote Assistance through a firewall Remote Assistance uses the Remote Desktop Protocol (RDP) to establish a connection between a user requesting help and an assistant providing it. The RDP uses TCP port 3389 for this connection. To allow users within an organization to request help outside your organization using Remote Assistance, port 3389 must be open at the firewall. To prohibit users from requesting help outside the organization, this port should be closed at the firewall." ...where is that dreaded Open Port[Patent Pending] button?... Thomas W Shinder www.isaserver.org/shinder <http://www.isaserver.org/shinder> <http://www.microsoft.com/isaserver/beta/default.asp> ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp> ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=alist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?typeúQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=alist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?typeúQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')