you should be so lucky! :p -----Original Message----- From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Thursday, 1 March 2007 11:27 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks Yeah- he found out by shagging some ugg's that were still alive!!! t ----- Original Message ----- From: "John T (lists)" <johnlist@xxxxxxxxxxxxxxxxxxx> To: <isapros@xxxxxxxxxxxxx> Sent: Wednesday, February 28, 2007 3:35 PM Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks Wait a minute! You mean to tell me you're an ausie and you just found out the Uggs are made of sheep skin? Dude! John T > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] > On Behalf Of Greg Mulholland > Sent: Wednesday, February 28, 2007 2:45 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > I just found out ugg boots are made from sheepskin-Pamela Anderson > > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] > On > Behalf Of Steve Moffat > Sent: Thursday, 1 March 2007 9:40 AM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > America will never run... And we will always be grateful that liberty > has found such brave defenders. > George W. Bush > > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] > On Behalf Of Greg Mulholland > Sent: Wednesday, February 28, 2007 6:20 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > Ooh ooh.. even better > > Dude, wheres my DMZ?? > > In the days of perimter networks :) > > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] > On > Behalf Of Greg Mulholland > Sent: Thursday, 1 March 2007 9:15 AM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > A few I thought of > > ISA - The route to firewall bliss > Where all your networks are related > Where networks rule (get it network.. rule.. c?) > ISA Server - The one and only firewall policy (my fav) > > > > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] > On > Behalf Of Thomas W Shinder > Sent: Thursday, 1 March 2007 8:47 AM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > "ISA, the Firewall that Cares" > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- Microsoft Firewalls (ISA) > > > > > -----Original Message----- > > From: isapros-bounce@xxxxxxxxxxxxx > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of John T (lists) > > Sent: Wednesday, February 28, 2007 1:34 PM > > To: isapros@xxxxxxxxxxxxx > > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > > > "ISA, not your average hardware firewall!" > > > > "An ISA you can trust!" > > > > "ISA, it just keeps working and working and working!" > > > > "ISA blocks what others let through!" > > > > John T > > > > > -----Original Message----- > > > From: isapros-bounce@xxxxxxxxxxxxx > > [mailto:isapros-bounce@xxxxxxxxxxxxx] > > > On Behalf Of Greg Mulholland > > > Sent: Tuesday, February 27, 2007 1:36 PM > > > To: isapros@xxxxxxxxxxxxx > > > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > > > > > An aussie contribution: > > > > > > ISA ISA ISA, Oi Oi Oi. > > > > > > Sorry that's really bad.. > > > > > > -----Original Message----- > > > From: isapros-bounce@xxxxxxxxxxxxx > > [mailto:isapros-bounce@xxxxxxxxxxxxx] > > > On > > > Behalf Of Thor (Hammer of God) > > > Sent: Wednesday, 28 February 2007 1:51 AM > > > To: isapros@xxxxxxxxxxxxx > > > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > > > > > How about "ISA. So simple a caveman can use it." Oh wait. > > SBS already > > > took > > > that one! :-p > > > > > > t > > > > > > > > > On 2/27/07 6:36 AM, "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx> > > > spoketh > > > to all: > > > > > > > Should be "Firewall's make me Hot", shouldn't it? > > > > > > > > How about "Flames, baby flames, you're goin' down." As said by The > > > > Bomber What Bombs at Midnight. (from The Tick, of course) > > > > > > > > Amy > > > > > > > > > > > > -----Original Message----- > > > > From: isapros-bounce@xxxxxxxxxxxxx > > [mailto:isapros-bounce@xxxxxxxxxxxxx] > > > > On Behalf Of Gerald G. Young > > > > Sent: Tuesday, February 27, 2007 9:12 AM > > > > To: isapros@xxxxxxxxxxxxx > > > > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > > > > > > > "ISA, your friendly, neighborhood firewall." > > > > "Never a dull rule in ISA." > > > > "ISA's hot." - as imagined said by Paris Hilton. > > > > "ISA and PIX, sitting in a tree..." - yeah, not so much. ;) > > > > "I'll show you my certificate if you'll show me yours." > > > > > > > > Cordially yours, > > > > Jerry G. Young II > > > > Application Engineer, Platform Engineering and Architecture > > > > NTT America, an NTT Communications Company > > > > > > > > 22451 Shaw Rd. > > > > Sterling, VA 20166 > > > > > > > > Office: 571-434-1319 > > > > Fax: 703-333-6749 > > > > Email: g.young@xxxxxxxx > > > > > > > > > > > > -----Original Message----- > > > > From: isapros-bounce@xxxxxxxxxxxxx > > [mailto:isapros-bounce@xxxxxxxxxxxxx] > > > > On Behalf Of Thomas W Shinder > > > > Sent: Monday, February 26, 2007 7:22 PM > > > > To: isapros@xxxxxxxxxxxxx > > > > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > > > > > > > "ISA's Got You In Its Sites" > > > > > > > > Thomas W Shinder, M.D. > > > > Site: www.isaserver.org > > > > Blog: http://blogs.isaserver.org/shinder/ > > > > Book: http://tinyurl.com/3xqb7 > > > > MVP -- Microsoft Firewalls (ISA) > > > > > > > > > > > > > > > >> -----Original Message----- > > > >> From: isapros-bounce@xxxxxxxxxxxxx > > > >> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak > > > >> Sent: Monday, February 26, 2007 4:01 PM > > > >> To: isapros@xxxxxxxxxxxxx > > > >> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > > >> > > > >> I'd rather be on Layer 7 > > > >> > > > >> Amy > > > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > > >> -----Original Message----- > > > >> From: isapros-bounce@xxxxxxxxxxxxx > > > >> [mailto:isapros-bounce@xxxxxxxxxxxxx] > > > >> On Behalf Of Jim Harrison > > > >> Sent: Monday, February 26, 2007 4:45 PM > > > >> To: isapros@xxxxxxxxxxxxx > > > >> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > > >> > > > >> Not bad; except for the trailing commentary... > > > >> :-p > > > >> > > > >> -----Original Message----- > > > >> From: isapros-bounce@xxxxxxxxxxxxx > > > >> [mailto:isapros-bounce@xxxxxxxxxxxxx] > > > >> On Behalf Of Thomas W Shinder > > > >> Sent: Monday, February 26, 2007 12:53 PM > > > >> To: isapros@xxxxxxxxxxxxx > > > >> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > > >> > > > >> How about: > > > >> > > > >> "ISA Firewall Rules!" > > > >> > > > >> Get it? Firewall rules? Like in firewall ruleset? You > > know, sort of a > > > >> double entendre sort of thingie :)) > > > >> > > > >> Thomas W Shinder, M.D. > > > >> Site: www.isaserver.org > > > >> Blog: http://blogs.isaserver.org/shinder/ > > > >> Book: http://tinyurl.com/3xqb7 > > > >> MVP -- Microsoft Firewalls (ISA) > > > >> > > > >> > > > >> > > > >>> -----Original Message----- > > > >>> From: isapros-bounce@xxxxxxxxxxxxx > > > >>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > > > >>> Sent: Monday, February 26, 2007 2:27 PM > > > >>> To: isapros@xxxxxxxxxxxxx > > > >>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > > >>> > > > >>> Ok - it's official - let's get an "ISABlog motto" contest going. > > > >>> Basic rules: > > > >>> - no derogatory comments about CheckPix or similar (makes > > > >> the lawyers > > > >>> tremble) > > > >>> - no marketing spew > > > >>> - keep it short (10 words max) > > > >>> - must use ISA behavior or feature (like "wpad") > > > >>> - should abuse a common phrase (like "does a nautical > > pimp keep his > > > >>> 'oars' in the water?") > > > >>> > > > >>> -----Original Message----- > > > >>> From: isapros-bounce@xxxxxxxxxxxxx > > > >>> [mailto:isapros-bounce@xxxxxxxxxxxxx] > > > >>> On Behalf Of Thomas W Shinder > > > >>> Sent: Monday, February 26, 2007 12:23 PM > > > >>> To: isapros@xxxxxxxxxxxxx > > > >>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > > >>> > > > >>> You had me at WPAD? :) > > > >>> > > > >>> Thomas W Shinder, M.D. > > > >>> Site: www.isaserver.org > > > >>> Blog: http://blogs.isaserver.org/shinder/ > > > >>> Book: http://tinyurl.com/3xqb7 > > > >>> MVP -- Microsoft Firewalls (ISA) > > > >>> > > > >>> > > > >>> > > > >>>> -----Original Message----- > > > >>>> From: isapros-bounce@xxxxxxxxxxxxx > > > >>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > > > >>>> Sent: Monday, February 26, 2007 12:26 PM > > > >>>> To: isapros@xxxxxxxxxxxxx > > > >>>> Subject: [isapros] Re: ISA, Exchange 2007 and > > Perimeter Networks > > > >>>> > > > >>>> NDA is a completely different point and Amy has it right - > > > >>>> non-MS lists > > > >>>> are verboten to NDA material. > > > >>>> I'm an "odd duck" in this context (for more than one reason - > > > >>>> ha! - beat > > > >>>> ya to it!), because it's actually a large part of my job > > > >> to "keep my > > > >>>> finger on the pulse", as it were. This is why you see me > > > >>> doing trips > > > >>>> like tech Ready & Black Hat. Unfortunately, fiscal > > > >>>> limitations curtail > > > >>>> any further involvement, but such is corporate life. > > > >>>> > > > >>>> I agree that the ISA team hasn't exactly kept pace > > with teams like > > > >>>> Exchange (we don't even have a silly motto like "you had me > > > >>> at ehlo"), > > > >>>> but it still comes back to the "effort priorities". I've > > > >>> been working > > > >>>> with the right folks to make this a better experience > > all around > > > >>>> (especially for the MVPs), but these things tend to > > move slowly... > > > >>>> > > > >>>> -----Original Message----- > > > >>>> From: isapros-bounce@xxxxxxxxxxxxx > > > >>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] > > > >>>> On Behalf Of Thor (Hammer of God) > > > >>>> Sent: Monday, February 26, 2007 9:54 AM > > > >>>> To: isapros@xxxxxxxxxxxxx > > > >>>> Subject: [isapros] Re: ISA, Exchange 2007 and > > Perimeter Networks > > > >>>> > > > >>>> Conflicting info, then. I was told by a source that non-MSFT > > > >>>> lists were > > > >>>> poo-poo'ed on for liability and NDA reasons. > > > >>>> > > > >>>> And while I totally understand the "bottom line" thinking, it > > > >>>> seems like > > > >>>> a > > > >>>> huge waste to initiate something like the MVP program and to > > > >>>> go through > > > >>>> all > > > >>>> the motions only to do it half-assed. > > > >>>> > > > >>>> t > > > >>>> > > > >>>> > > > >>>> On 2/26/07 9:35 AM, "Jim Harrison" <Jim@xxxxxxxxxxxx> > > > >>> spoketh to all: > > > >>>> > > > >>>>> In fact, ISA product team members are strongly encouraged to > > > >>>> participate > > > >>>>> in lists, NG, blogs and all other manner of public > > communication > > > >>>>> efforts. > > > >>>>> The sad fact is; the time available for such endeavors > > > >> is woefully > > > >>>>> small. > > > >>>>> MS, like many profit-making businesses, operates with > > > >> the smallest > > > >>>> teams > > > >>>>> required to produce product "X". > > > >>>>> Unfortunately, with software engineering being what it > > > >> is, and the > > > >>>>> pressures of the marketing "old boy club", the teams are > > > >>>> too small to > > > >>>>> cover all the "nice to do" bases and still leave > > folks time for > > > >>>>> themselves. > > > >>>>> > > > >>>>> > > > >>>>> -----Original Message----- > > > >>>>> From: isapros-bounce@xxxxxxxxxxxxx > > > >>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] > > > >>>>> On Behalf Of Thor (Hammer of God) > > > >>>>> Sent: Monday, February 26, 2007 9:07 AM > > > >>>>> To: isapros@xxxxxxxxxxxxx > > > >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and > > Perimeter Networks > > > >>>>> > > > >>>>> I never really saw much from the PM's over there- just that > > > >>>> one stint > > > >>>>> about SQL logging, and to be honest, there wasn't > > much valuable > > > >>>> content > > > >>>>> sourced from the MSFT side... In fact, as I understand it, > > > >>>> the PM and > > > >>>>> product support people (other than Jim) are apparently > > > >>> not pushed to > > > >>>>> participate (and may be asked not to) because of the fact > > > >>> that it is > > > >>>> NOT > > > >>>>> an official MSFT site, and that NDA and product liability > > > >>> may be an > > > >>>>> issue. > > > >>>>> > > > >>>>> I'm going to draft up a "suggestions for the MVP program" > > > >>> and submit > > > >>>>> them to the powers that be, just so that things like > > this can be > > > >>>>> addressed. > > > >>>>> > > > >>>>> t > > > >>>>> > > > >>>>> > > > >>>>> On 2/26/07 8:50 AM, "Thomas W Shinder" > > > >>>> <tshinder@xxxxxxxxxxx> spoketh > > > >>>> to > > > >>>>> all: > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> It's been a real problem for the ISA PG to work with the ISA > > > >>>>> MVPs, because they think that the ISA MVPs are still > > > >>>> involved with the > > > >>>>> ISA MVP mailing list. I explained to them that because > > > >> of "issues" > > > >>>> with > > > >>>>> that list that there was less than optimal participation > > > >>>> and that they > > > >>>>> needed to get a MS managed solution. At the very least, > > > >> they could > > > >>>>> create their own DL and send mail to people on that > > list. I hate > > > >>>> missing > > > >>>>> out on the ISA PGs communications on that "other" list, but > > > >>>> my life is > > > >>>>> so much better not having to listen to the ****** that > > > >>> happens over > > > >>>>> there. > > > >>>>> > > > >>>>> Thomas W Shinder, M.D. > > > >>>>> Site: www.isaserver.org <http://www.isaserver.org/> > > > >>>>> <http://www.isaserver.org/> > > > >>>>> Blog: http://blogs.isaserver.org/shinder/ > > > >>>>> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> > > > >>>>> <http://tinyurl.com/3xqb7> > > > >>>>> MVP -- Microsoft Firewalls (ISA) > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> ________________________________ > > > >>>>> > > > >>>>> From: isapros-bounce@xxxxxxxxxxxxx > > > >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor > > > >> (Hammer of > > > >>>> God) > > > >>>>> Sent: Monday, February 26, 2007 8:56 AM > > > >>>>> To: isapros@xxxxxxxxxxxxx > > > >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter > > > >>>>> Networks > > > >>>>> > > > >>>>> > > > >>>>> I spoke with Melissa Travers, the MVP Lead for both ISA > > > >>>>> and Exchange, and she said the Exchange group's MVP site > > > >>> was really, > > > >>>>> really good, and that the Exchange group themselves is > > > >>> quite active. > > > >>>>> Being they are the Exchange group, I can see why they > > > >> would have a > > > >>>>> decent portal. ;) > > > >>>>> > > > >>>>> I suggested that if there were a single sourced, > > > >>>>> Microsoft controlled MVP site where we could "browse > > > >>> through" other > > > >>>> MVP > > > >>>>> list content, that issues like this (the perceptions > > > >>>> surrounding what > > > >>>>> Exchange will and won't support and why) would be much > > > >> easier to > > > >>>>> manage, and that "the right people" from both sides could > > > >>>> engage each > > > >>>>> other in a positive way when two technologies collide like > > > >>>> this. To > > > >>>>> me, this is a major shortcoming in the MVP program > > > >>> overall. Given > > > >>>> the > > > >>>>> fact that the MVP program was created in order to provide a > > > >>>>> collaborative environment for various technologies, it > > > >>> seems like a > > > >>>>> horrible waste of a perfect opportunity to expand that > > > >>> environment > > > >>>> out > > > >>>>> to the MVP's and product teams in other product > > > >>> competencies. The > > > >>>>> fate of the ISA-MVP list is testament to that. > > > >>>>> > > > >>>>> So, in the absence of a coordinated effort on > > > >>>>> Microsoft's part to wrap it's collective arms around the > > > >>> MVP's and > > > >>>>> product teams, I'll see if I can get on the Exchange > > > >> MVP list and > > > >>>> begin > > > >>>>> a dialog of exactly what is going on here. But I'll > > > >> need to get > > > >>>>> immersed in Ex2007 first, which I've just not had the > > > >> time to do. > > > >>>> The > > > >>>>> promise of true unified messaging in 2007 was a major draw > > > >>>> to me, but > > > >>>>> given the apparent narrow PBX support and lack of official > > > >>>>> functionality documentation, the rush to explore has lost it's > > > >>>> luster. > > > >>>>> > > > >>>>> t > > > >>>>> > > > >>>>> > > > >>>>> On 2/26/07 6:02 AM, "Jim Harrison" <Jim@xxxxxxxxxxxx> > > > >>>>> spoketh to all: > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> Documentation always follows the product, which > > > >>>>> is barely on the streets. > > > >>>>> I've seen some regarding WM6, but the basic > > > >>>>> concepts are the same. > > > >>>>> ..coming soon to a website near you... > > > >>>>> > > > >>>>> > > > >>>>> From: isapros-bounce@xxxxxxxxxxxxx > > > >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of > > Jason Jones > > > >>>>> Sent: Monday, February 26, 2007 3:31 AM > > > >>>>> To: isapros@xxxxxxxxxxxxx > > > >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and > > > >>>>> Perimeter Networks > > > >>>>> > > > >>>>> Hi All, > > > >>>>> > > > >>>>> Anyone (Tim?) had chance to look at the least > > > >>>>> privilige approach with Exchange 2007 yet? > > > >>>>> > > > >>>>> From what I am hearing the "CAS not supported in > > > >>>>> perimeter" statement is based more on "we haven't tested it > > > >>>> yet" more > > > >>>>> than "we don't think it is a good idea". > > > >>>>> > > > >>>>> I have a few customers looking at placing the > > > >>>>> entire Exchange architecture behind ISA (very > > > >> untrusted LANs) - I > > > >>>> have > > > >>>>> done this with Exch2k3, but has anyone looked at this > > > >>> for Exch2k7? > > > >>>>> > > > >>>>> I am guessing this is not supported either, but > > > >>>>> documentation is very thin on the ground with reference > > > >> to 2k7 and > > > >>>>> periemeter networking.... > > > >>>>> > > > >>>>> Cheers > > > >>>>> > > > >>>>> JJ > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> ________________________________ > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> From: isapros-bounce@xxxxxxxxxxxxx > > > >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor > > > >>> (Hammer of > > > >>>> God) > > > >>>>> Sent: 15 January 2007 15:27 > > > >>>>> To: isapros@xxxxxxxxxxxxx > > > >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and > > > >>>>> Perimeter Networks > > > >>>>> Right you are... The analogy fits when you use > > > >>>>> "comparative logic" as opposed to just thinking of the zone in > > > >>>>> singularity... Compared to the areas on either side of > > > >> the DMZ, it > > > >>>>> should be easy to discern any activity at all in the > > > >> DMZ itself- > > > >>>>> particularly hostile activities. There are strict > > > >> policies about > > > >>>> what > > > >>>>> can go on in the Korean DMZ, as there should be in one's > > > >>>> network DMZ. > > > >>>>> Internet traffic is chaotic, and I don't even bother > > trying to > > > >>>>> determine what is going on out on my Internet > > segment- I can't > > > >>>> control > > > >>>>> it anyway (other than my policy of implementing router > > > >>>> ACL's to match > > > >>>>> inbound/outbound traffic policies at my border > > > >> router). Internal > > > >>>>> traffic isn't chaotic, but it is hard to monitor > > for "hostile" > > > >>>> packets > > > >>>>> given the sheer volume and type of traffic being generated by > > > >>>> internal > > > >>>>> users, servers, services, etc to any number of different > > > >>> hosts and > > > >>>>> clients. But in the DMZ, you should be able to > > > >>> immediately notice > > > >>>> when > > > >>>>> something out of the ordinary is going on. For > > > >>> instance, if I see > > > >>>> POP3 > > > >>>>> logon traffic, I know something is FUBAR, as I don't > > > >>>> support POP3 in > > > >>>> my > > > >>>>> DMZ at all. If I see modal enumeration by way of a null > > > >>> session, I > > > >>>>> know something is going on. And etc, etc. > > > >>>>> > > > >>>>> So, to me, it fits, and that is the term I > > > >>>>> choose to use. I won't be changing ;) > > > >>>>> > > > >>>>> t > > > >>>>> > > > >>>>> > > > >>>>> On 1/15/07 6:40 AM, "Gerald G. Young" > > > >>>>> <g.young@xxxxxxxx> spoketh to all: > > > >>>>> The DMZ in Korea itself isn't crawling with > > > >>>>> military. Either side of it is, ensuring that the > > > >> definition of a > > > >>>>> demilitarized zone is observed and maintained. Before > > > >>> the advent of > > > >>>>> DMZs in networking, a DMZ meant an area from which > > > >>> military forces, > > > >>>>> operations, and installations were prohibited. > > > >>> Essentially, it's a > > > >>>>> wide empty area that constitutes a border with forces on > > > >>> either side > > > >>>>> pointing guns into it. > > > >>>>> > > > >>>>> I've always thought the adaptation of the > > > >>>>> acronym to the world of networking a bit strange. > > "Oh! We got > > > >>>>> activity in our networked DMZ! Kill it!" :-) > > > >>>>> > > > >>>>> > > > >>>>> Cordially yours, > > > >>>>> Jerry G. Young II > > > >>>>> Product Engineer - Senior > > > >>>>> Platform Engineering, Enterprise Hosting > > > >>>>> NTT America, an NTT Communications Company > > > >>>>> > > > >>>>> 22451 Shaw Rd. > > > >>>>> Sterling, VA 20166 > > > >>>>> > > > >>>>> Office: 571-434-1319 > > > >>>>> Fax: 703-333-6749 > > > >>>>> Email: g.young@xxxxxxxx > > > >>>>> > > > >>>>> > > > >>>>> From: isapros-bounce@xxxxxxxxxxxxx > > > >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy > > > >> Babinchak > > > >>>>> Sent: Sunday, January 14, 2007 7:08 PM > > > >>>>> To: isapros@xxxxxxxxxxxxx > > > >>>>> Subject: RE: [isapros] Re: ISA, Exchange 2007 > > > >>>>> and Perimeter Networks > > > >>>>> > > > >>>>> > > > >>>>> That's what it means to me too. Can't see the > > > >>>>> Korean no mans' land as qualifying as a DMZ when it's > > > >>> crawling with > > > >>>>> military. > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> In this conversation we have to take into > > > >>>>> consideration that CAS also includes the capability to > > > >>>> provide access > > > >>>> to > > > >>>>> folders and files right in OWA. This may be the thing that the > > > >>>> Exchange > > > >>>>> team thinks throws a monkey wrench into the secure > > > >>>> deployment of CAS > > > >>>> in > > > >>>>> a a DMZ. > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> ________________________________ > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> From: isapros-bounce@xxxxxxxxxxxxx on behalf of > > > >>>>> Jason Jones > > > >>>>> Sent: Sat 1/13/2007 6:46 PM > > > >>>>> To: isapros@xxxxxxxxxxxxx > > > >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and > > > >>>>> Perimeter Networks > > > >>>>> > > > >>>>> For me, DMZ means scary place completely > > > >>>>> untrusted, perimeter network means less scary place > > > >> trusted to a > > > >>>>> degree, but strongly controlled > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> ________________________________ > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> From: isapros-bounce@xxxxxxxxxxxxx > > > >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor > > > >>> (Hammer of > > > >>>> God) > > > >>>>> Sent: 12 January 2007 23:51 > > > >>>>> To: isapros@xxxxxxxxxxxxx > > > >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and > > > >>>>> Perimeter Networks > > > >>>>> Interesting... Probably a good idea for us to > > > >>>>> actually articulate what we really mean when we say DMZ. > > > >>>>> > > > >>>>> I guess to some it means "free for all network" > > > >>>>> but for me, it should be the network where you have the most > > > >>>>> restrictive policies controlling each service so that it > > > >>> is obvious > > > >>>>> when malicious traffic hits the wire. Thoughts> > > > >>>>> t > > > >>>>> > > > >>>>> > > > >>>>> On 1/12/07 3:30 PM, "Steve Moffat" > > > >>>>> <steve@xxxxxxxxxx> spoketh to all: > > > >>>>> That's what I thought, now it's what I know.... > > > >>>>> > > > >>>>> > > > >>>>> From: isapros-bounce@xxxxxxxxxxxxx > > > >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of > > Jim Harrison > > > >>>>> Sent: Friday, January 12, 2007 6:35 PM > > > >>>>> To: isapros@xxxxxxxxxxxxx > > > >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and > > > >>>>> Perimeter Networks > > > >>>>> > > > >>>>> Aside from normal router & switch ACLs, ISA is > > > >>>>> the single line of defense. > > > >>>>> "..we don't need no stinking DMZs" > > > >>>>> > > > >>>>> > > > >>>>> From: isapros-bounce@xxxxxxxxxxxxx > > > >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of > > Steve Moffat > > > >>>>> Sent: Friday, January 12, 2007 12:12 PM > > > >>>>> To: isapros@xxxxxxxxxxxxx > > > >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and > > > >>>>> Perimeter Networks > > > >>>>> > > > >>>>> Ahh...just had a thought. > > > >>>>> > > > >>>>> It's all labeling. > > > >>>>> > > > >>>>> Jason, and others (not Jason's fault), have been > > > >>>>> using the term DMZ. > > > >>>>> > > > >>>>> Historically, is the term DMZ not taken > > > >>>>> literally as being completely firewalled off from the trusted > > > >>>> networks, > > > >>>>> and what Jason is talking about is trusted network > > > >> segmentation. > > > >>>>> > > > >>>>> I betcha that's why the Exchange team don't > > > >>>>> support it...they think it's a typical run of the mill DMZ... > > > >>>>> > > > >>>>> Jim, isn't MS's Internal network segmented by > > > >>>>> usin ISA?? Including your mail servers? > > > >>>>> > > > >>>>> S > > > >>>>> > > > >>>>> > > > >>>>> All mail to and from this domain is > > > >>>>> GFI-scanned. > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> All mail to and from this domain is GFI-scanned. > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> All mail to and from this domain is GFI-scanned. > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>> > > > >>>> > > > >>>> > > > >>>> > > > >>>> All mail to and from this domain is GFI-scanned. > > > >>>> > > > >>>> > > > >>>> > > > >>>> > > > >>> > > > >>> > > > >>> All mail to and from this domain is GFI-scanned. > > > >>> > > > >>> > > > >>> > > > >>> > > > >> > > > >> > > > >> All mail to and from this domain is GFI-scanned. > > > >> > > > >> > > > >> > > > >> > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >