[isapros] Re: ISA, Exchange 2007 and Perimeter Networks

  • From: "Greg Mulholland" <gmulholland@xxxxxxxxxxxx>
  • To: <isapros@xxxxxxxxxxxxx>
  • Date: Mon, 15 Jan 2007 09:33:15 +1100

Re: [isapros] Re: ISA, Exchange 2007 and Perimeter Networksinterested in their 
reasoning Jim. doesnt it pain you to have two different carts being pulled by 
basically the same horse?

"bring out ya dead"
  ----- Original Message ----- 
  From: Jim Harrison 
  To: isapros@xxxxxxxxxxxxx 
  Sent: Sunday, January 14, 2007 2:47 PM
  Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks


  They do ask; they just don't listen.

  I was asked to review a doc on EAS via ISA that's coming out soon and 
couldn't get them to drop the "ISA as domain member == bad" mantra.



  From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jason Jones
  Sent: Saturday, January 13, 2007 3:46 PM
  To: isapros@xxxxxxxxxxxxx
  Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks



  Can't believe they just make their own decision terminology/security 
architecture rather than asking ISA product team for advise on what they should 
be saying....maybe that is just me being incredibly naive though ;-)




------------------------------------------------------------------------------

  From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On 
Behalf Of Thomas W Shinder
  Sent: 13 January 2007 17:32
  To: isapros@xxxxxxxxxxxxx
  Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks

  However, one thing I DON'T want to get back to is the "single model" DMZ -- 
because the entire point of this conversation is that there is a heterogeniety 
of DMZs and that the problem with the Exchange team is that they didn't 
understand this in the first place. :)



  Thomas W Shinder, M.D.
  Site: www.isaserver.org
  Blog: http://blogs.isaserver.org/shinder/
  Book: http://tinyurl.com/3xqb7
  MVP -- Microsoft Firewalls (ISA)






----------------------------------------------------------------------------

    From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On 
Behalf Of Thomas W Shinder
    Sent: Saturday, January 13, 2007 11:23 AM
    To: isapros@xxxxxxxxxxxxx
    Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks

    It's interesting how the canaille misinterprets the term DMZ, like they do 
for most things :)



    Think about the Korean DMZ -- is that really a "free for all" place? Or one 
of the most monitored and secured areas in the world, where nothing happens 
without someone knowing about it almost immediately?



    That what you get when the Syphco reps teach a generation of "port 
openers"....



    Thomas W Shinder, M.D.
    Site: www.isaserver.org
    Blog: http://blogs.isaserver.org/shinder/
    Book: http://tinyurl.com/3xqb7
    MVP -- Microsoft Firewalls (ISA)






--------------------------------------------------------------------------

      From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] 
On Behalf Of Thor (Hammer of God)
      Sent: Friday, January 12, 2007 5:51 PM
      To: isapros@xxxxxxxxxxxxx
      Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks

      Interesting... Probably a good idea for us to actually articulate what we 
really mean when we say DMZ.

      I guess to some it means "free for all network" but for me, it should be 
the network where you have the most restrictive policies controlling each 
service so that it is obvious when malicious traffic hits the wire.  Thoughts>
      t


      On 1/12/07 3:30 PM, "Steve Moffat" <steve@xxxxxxxxxx> spoketh to all:

      That's what I thought, now it's what I know..
       

      From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] 
On Behalf Of Jim Harrison
      Sent: Friday, January 12, 2007 6:35 PM
      To: isapros@xxxxxxxxxxxxx
      Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks

      Aside from normal router & switch ACLs, ISA is the single line of defense.
      "..we don't need no stinking DMZs"
       

      From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] 
On Behalf Of Steve Moffat
      Sent: Friday, January 12, 2007 12:12 PM
      To: isapros@xxxxxxxxxxxxx
      Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks

      Ahh.just had a thought.
       
      It's all labeling.
       
      Jason, and others (not Jason's fault), have been using the term DMZ.
       
      Historically, is the term DMZ not taken literally as being completely 
firewalled off from the trusted networks, and what Jason is talking about is 
trusted network segmentation.
       
      I betcha that's why the Exchange team don't support it.they think it's a 
typical run of the mill DMZ.
       
      Jim, isn't MS's Internal network segmented by usin ISA?? Including your 
mail servers?
       
      S 

      All mail to and from this domain is GFI-scanned. 





  All mail to and from this domain is GFI-scanned.

Other related posts:

  1. Home
  2. isapros
  3. Archive
  4. 01-2007