[isalist] Re: lockdown mode

• From: "Thor \(Hammer of God\)" <thor@xxxxxxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Mon, 2 Apr 2007 22:57:56 -0700

Re: [isalist] Re: lockdown modeThe "alert" configuration dictates the 
circumstances under which lockdown occurs.  You can define them to suit your 
needs. 

Regarding your "attack" question, no, ISA doesn't go into lockdown because of 
an attack.  That would defeat the purpose ;)

If you want to restart the services first and ask questions later when a 
lockdown occurs, that is completely your choice. I, however, would choose to 
appreciate the security posture of "lockdown" mode (as configured) and to 
perform due diligence in administration of my enterprise firewall before I just 
restart the services that have told you there is a serious issue in the very 
service that is protecting your network.  But that's just me.

t
  ----- Original Message ----- 
  From: D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR 
  To: isalist@xxxxxxxxxxxxx 
  Sent: Monday, April 02, 2007 5:29 PM
  Subject: [isalist] Re: lockdown mode


  And who told you that you will be able to solve the problem?
  Is the only reason for ISA to go to lock down mode an internal fail? What if 
was an attack and that will not happen again?

  --------------------------
  Sent from my BlackBerry Wireless Device


  -----Original Message-----
  From: isalist-bounce@xxxxxxxxxxxxx <isalist-bounce@xxxxxxxxxxxxx>
  To: isalist@xxxxxxxxxxxxx <isalist@xxxxxxxxxxxxx>
  Sent: Mon Apr 02 19:52:11 2007
  Subject: [isalist] Re: lockdown mode

  http://www.ISAserver.org
  -------------------------------------------------------
   
  In this case, if you don't solve the problem that caused the symptoms, you 
merely repeat the symptoms.
  Discover and solve the problem first.

  -----Original Message-----
  From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR
  Sent: Monday, April 02, 2007 4:02 PM
  To: isalist@xxxxxxxxxxxxx
  Subject: [isalist] Re: lockdown mode

  Well in a production environment I would restart the service first and then 
ask ISA why that happened.


  --------------------------
  Sent from my BlackBerry Wireless Device


  -----Original Message-----
  From: isalist-bounce@xxxxxxxxxxxxx <isalist-bounce@xxxxxxxxxxxxx>
  To: isalist@xxxxxxxxxxxxx <isalist@xxxxxxxxxxxxx>
  Sent: Mon Apr 02 18:53:12 2007
  Subject: [isalist] Re: lockdown mode

  http://www.ISAserver.org
  -------------------------------------------------------

  Do what Tim said.
  If you don't know why it happened, it's likely to happen again.

  -----Original Message-----
  From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
  On Behalf Of Thor (Hammer of God)
  Sent: Monday, April 02, 2007 2:26 PM
  To: isalist@xxxxxxxxxxxxx
  Subject: [isalist] Re: lockdown mode

  You have to find out what caused ISA to go into Lockdown first, rectify
  the situation, and then restart the services.

  t

  ----
  Timothy Mullen, MVP, MCSE, MCT, MCSD
  Vice President of Consulting Services
  NGS Software
  www.ngssoftware.com

  Check out Thor's "Microsoft Ninjitsu: Blackbelt Edition" at Blackhat
  Vegas
  2007!
  http://www.blackhat.com/html/bh-usa-07/train-bh-us-07-tm-ms-bbe.html



          ----- Original Message -----
          From: Michael Ross <mailto:mross@xxxxxxxxxxx>
          To: isalist@xxxxxxxxxxxxx
          Sent: Monday, April 02, 2007 1:54 PM
          Subject: [isalist] lockdown mode

          if an ISA box went into lockdown mode, how could you make it
  return to a normal state? (ISA 2004 SP2)


  All mail to and from this domain is GFI-scanned.

  ------------------------------------------------------
  List Archives: //www.freelists.org/archives/isalist/
  ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
  ISA Server Articles and Tutorials: 
http://www.isaserver.org/articles_tutorials/
  ISA Server Blogs: http://blogs.isaserver.org/
  ------------------------------------------------------
  Visit TechGenix.com for more information about our other sites:
  http://www.techgenix.com
  ------------------------------------------------------
  To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
  Report abuse to listadmin@xxxxxxxxxxxxx





  All mail to and from this domain is GFI-scanned.

  ------------------------------------------------------
  List Archives: //www.freelists.org/archives/isalist/ 
  ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
  ISA Server Articles and Tutorials: 
http://www.isaserver.org/articles_tutorials/
  ISA Server Blogs: http://blogs.isaserver.org/
  ------------------------------------------------------
  Visit TechGenix.com for more information about our other sites:
  http://www.techgenix.com
  ------------------------------------------------------
  To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
  Report abuse to listadmin@xxxxxxxxxxxxx

• Follow-Ups:
  • [isalist] Re: lockdown mode
    • From: D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR

Other related posts:

• » [isalist] lockdown mode
• » [isalist] Re: lockdown mode
• » [isalist] Re: lockdown mode
• » [isalist] Re: lockdown mode
• » [isalist] Re: lockdown mode
• » [isalist] Re: lockdown mode
• » [isalist] Re: lockdown mode
• » [isalist] Re: lockdown mode
• » [isalist] Re: lockdown mode
• » [isalist] Re: lockdown mode
• » [isalist] Re: lockdown mode
• » [isalist] Re: lockdown mode
• » [isalist] Re: lockdown mode
• » [isalist] Re: lockdown mode
• » [isalist] Re: lockdown mode
• » [isalist] Re: lockdown mode
• » [isalist] Re: lockdown mode
• » [isalist] Re: lockdown mode
• » [isalist] Re: lockdown mode

1. Home
2. isalist
3. Archive
4. 04-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---