[isapros] Re: ISA, Exchange 2007 and Perimeter Networks

  • From: "Jason Jones" <Jason.Jones@xxxxxxxxxxxxxxxxx>
  • To: <isapros@xxxxxxxxxxxxx>
  • Date: Sat, 13 Jan 2007 23:46:27 -0000

For me, DMZ means scary place completely untrusted, perimeter network
means less scary place trusted to a degree, but strongly controlled

________________________________

From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
On Behalf Of Thor (Hammer of God)
Sent: 12 January 2007 23:51
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks


Interesting... Probably a good idea for us to actually articulate what
we really mean when we say DMZ.

I guess to some it means "free for all network" but for me, it should be
the network where you have the most restrictive policies controlling
each service so that it is obvious when malicious traffic hits the wire.
Thoughts>
t


On 1/12/07 3:30 PM, "Steve Moffat" <steve@xxxxxxxxxx> spoketh to all:



        That's what I thought, now it's what I know....
         
        
        From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
        Sent: Friday, January 12, 2007 6:35 PM
        To: isapros@xxxxxxxxxxxxx
        Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
        
        Aside from normal router & switch ACLs, ISA is the single line
of defense.
        "..we don't need no stinking DMZs"
         
        
        From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
        Sent: Friday, January 12, 2007 12:12 PM
        To: isapros@xxxxxxxxxxxxx
        Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
        
        Ahh...just had a thought.
         
        It's all labeling.
         
        Jason, and others (not Jason's fault), have been using the term
DMZ.
         
        Historically, is the term DMZ not taken literally as being
completely firewalled off from the trusted networks, and what Jason is
talking about is trusted network segmentation.
         
        I betcha that's why the Exchange team don't support it...they
think it's a typical run of the mill DMZ...
         
        Jim, isn't MS's Internal network segmented by usin ISA??
Including your mail servers?
         
        S 

        All mail to and from this domain is GFI-scanned.

Other related posts:

  1. Home
  2. isapros
  3. Archive
  4. 01-2007