RE: Anti-virus on Exchange
- From: Sarbjit Singh Gill <ssgill@xxxxxxxxxxxxxxxxxxxx>
- To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
- Date: Wed, 16 Feb 2005 13:11:43 +0800
It is 60 vulnerabilities and not 60 patches.
---- Original message ----
>Date: Tue, 15 Feb 2005 21:53:59 -0500
>From: "Andrew English" <andrew@xxxxxxxxxxxxxxxxxxxxxx>
>Subject: [exchangelist] RE: Anti-virus on Exchange
>To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
>
>http://www.MSExchange.org/
>
>Danny,
>
>Can you confirm these 60 patches for ISA server that were
released last
>week because there is no mention of it on
www.microsoft.com/isaserver
>
>Thanks
>Andrew
>
>
>-----Original Message-----
>From: Danny [mailto:nocmonkey@xxxxxxxxx]
>Sent: Tuesday, February 15, 2005 9:12 PM
>To: [ExchangeList]
>Subject: [exchangelist] RE: Anti-virus on Exchange
>
>http://www.MSExchange.org/
>
>On Tue, 15 Feb 2005 17:08:17 -0600, Thomas W Shinder
><tshinder@xxxxxxxxxxx> wrote:
>> http://www.MSExchange.org/
>>
>> Hi Danny,
>>
>> Where is the:
>>
>> -- RADIUS based pre-authetication for
OWA/OMA/ActiveSync/RPC over HTTP
>> access?
>
>RADIUS, yes. The rest is probably possible.
>
>> -- Where is the SSL to SSL bridging feature that prevents
exploits
>from
>> being tunneled inside an SSL tunnel?
>
>If your ISA Windows box is compromised (just last week, MS
released
>patches for over 60 vulnerabilities - ouch!), valid SSL
sessions could
>be read.
>
>> -- Where is the forms-based authentication that generates
the form at
>> the firewall, so as to allow for pre-authentication,
session limits
>and
>> attachment control?
>
>Haven't looked into it. Attachment control? We block all
executables.
>
>> -- Where is the per user/per group, per protocol, per
server, per time
>> of day, stateful filtering and stateful application layer
inspection
>for
>> VPN remote access client connections?
>
>Done and done.
>
>> -- Where is the stateful application layer support for
Secure Exchange
>> RPC publishing, so that your entire organization doesn't
have to
>upgrade
>> to OL2003, and even if they did, where is the RPC
scrubbing for the
>> de-tunneled connections?
>
>What do you expect from a $500 firewall? My initial
comparison was
>the BASE model Fortigate firewall.
>
>> In addition to that, ISA does have:
>>
>> -Anti-malware (virus, worms, etc.) protection (HTTP,
POP3, SMTP, etc.)
>> as part of its HTTP Security Filter at NO extra cost or
licensing
>> restriction
>
>Out-of-the-box, ISA 2004 scans for brand new and old
viruses? Which
>engine does it use?
>
>> -Grayware protection
>> ISA does have this, as part of its built-in and add only
suites of
>> application layer inspection filters
>
>Add-on, then? Who provides updates to grayware and spyware
definitions?
>
>> -Signature and custom Intrusion Prevention and Protection
>> I can use the built-in ISA firewall's IDS/IPS, add-on 3rd
party
>IDS/IPS
>> or use Snort.
>
>Who updates ISA's IDS/IPS signatures?
>
>> -Anti-spam - RBL, content, etc.
>> You can add this on to the ISA firewall, and includes
basic SMTP
>> filtering and inspection right out of the box with its
SMTP Filter and
>> SMTP Message Screener.
>
>A.K.A Add-on...
>
>> -Email content and attachment blocking/filtering
>> The ISA firewall has this right out of the box.
>
>'bout time.
>
>
>> -ActiveX, java, cookie, protection
>> Again, the ISA firewall has this right out of the box.
Just configure
>> it!
>
>Cool.
>
>> -Web URL and content filtering
>> The ISA firewall has this right out of the box.
>
>Cool.
>
>> -End-to-end VPN (IPSec, PPTP, L2TP, and multiple
encryption level
>> options) solution
>> This ISA firewall also has this right out of the box, and
also has VPN
>> Quaratine support right out of the box.
>
>Sweet. How about AES256?
>
>> -Client VPN software which includes firewall and anti-
virus component
>> Why use proprietary VPN client software when *every
version of
>Windows*
>> has a VPN client built-in. Best of all, no finger
pointing when
>> something goes haywire! :)
>
>Microsoft has built-in anti-virus, egress and ingress
stateful
>firewall, and IPSec VPN support in *every version of
Windows*?
>
>> -Traffic shaping
>> Not included with the ISA firewall :(
>
>Uh oh.
>
>> -Syslog output
>> ISA includes right out of the box, text logging, MDSE
logging and SQL
>> logging. Can get it to work with MySQL and Access if you
like.
>
>I output to syslog running a FreeBSD box.
>
>> -Protocol authentication
>> Not sure what you mean, but I'll bet its not as
comprehensive as
>ISA's,
>> if you mean that you can control user/group access to ALL
protocols
>> through the miracle of the Firewall client (the generic
Winsock Proxy
>> client)
>
>LDAP, RADIUS, etc. authentication for specific protocol-
based (HTTP,
>etc.) access.
>
>> -VLAN support
>> ISA supports this right out of the box, we're using in a
couple places
>> in product now.
>
>Awesome.
>
>> -HTTPS and SSH admin access
>> ISA supports FIPS compliant encrypted RDP -- much more
secure!
>
>SSH2 works well here.
>
>> -Support & Maintenance includes virus and attack
definitions
>> Same when we install GFI add-ons
>
>No add-ons necessary here. Second year maintenance is
cheap; less than
>half the price of unit.
>
>> -NAT or transparent mode
>> The ISA firewall supports both NAT and Route
relationships. No
>> transparent mode though, MAC exploits are too problematic
from my
>point
>> of view to want support for this.
>
>Fortinet has this covered in the least with IPS.
>
>Defense in depth: NAT firewall, then a transparent one
logically
>behind it. Ohhh man I love it.
>
>> You can also purchase the ISA firewall as a hardware
appliance from
>> Network Engines, RimApp and Celestix. In fact, not even
Microsoft PSS
>> can break into the Network Engines ISA hardware firewall,
even when
>they
>> have console access!
>
>Do we have to bring up how many Microsoft software
vulnerabilities
>were exposed just last week? And I want my border firewall
running on
>what? Microsoft software?
>
>ISA is a great product, but for my current environments is
too
>expensive up-front and in the long-term from a cost point
of view and
>a risk point of view.
>
>
>> Fortigate does cost less, but you don't get as much
either.
>
>RPC(oh boy, ask the security experts about good ol'
RPC)/HTTP/OWA
>integrations aside, the Fortigate is not comparable in cost.
>
>Respectfully,
>
>...D
>
>------------------------------------------------------
>List Archives: http://www.webelists.com/cgi/lyris.pl?
enter=exchangelist
>Exchange Newsletters:
http://www.msexchange.org/pages/newsletter.asp
>Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?
type=FAQ
>------------------------------------------------------
>Other Internet Software Marketing Sites:
>World of Windows Networking:
http://www.windowsnetworking.com
>Leading Network Software Directory:
http://www.serverfiles.com
>No.1 ISA Server Resource Site: http://www.isaserver.org
>Windows Security Resource Site:
http://www.windowsecurity.com/
>Network Security Library: http://www.secinf.net/
>Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
>------------------------------------------------------
>You are currently subscribed to this MSEXchange.org
Discussion List as:
>andrew@xxxxxxxxxxxxxxxxxxxxxx
>To unsubscribe visit
>http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>Report abuse to listadmin@xxxxxxxxxxxxxx
>
>------------------------------------------------------
>List Archives: http://www.webelists.com/cgi/lyris.pl?
enter=exchangelist
>Exchange Newsletters:
http://www.msexchange.org/pages/newsletter.asp
>Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?
type=FAQ
>------------------------------------------------------
>Other Internet Software Marketing Sites:
>World of Windows Networking:
http://www.windowsnetworking.com
>Leading Network Software Directory:
http://www.serverfiles.com
>No.1 ISA Server Resource Site: http://www.isaserver.org
>Windows Security Resource Site:
http://www.windowsecurity.com/
>Network Security Library: http://www.secinf.net/
>Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
>------------------------------------------------------
>You are currently subscribed to this MSEXchange.org
Discussion List as: ssgill@xxxxxxxxxxxxxxxxxxxx
>To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?
enter=exchangelist
>Report abuse to listadmin@xxxxxxxxxxxxxx
Sarbjit Singh Gill
ssgill@xxxxxxxxxxxxxxxxxxxx
Other related posts:
