Re: FW: CISCO ALERT - Cisco warns of holes in PIX f irewalls

• From: Phill Hardstaff <phillh@xxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 24 Dec 2003 09:28:25 +1100

You are probably right :) OK, one last time and I will shut up !! I keep
stirring it up in the hope someone listens for the next ISA (like control of
all NICs). I have a largish network (by Pacific standards anyway :) that
covers 2 countries with dial up's in the other country that I have almost
zero control over, trying to secure EVERYTHING against Nachi was nigh on
impossible, I got about 98% of the machines here patched in time but one or
2 got it, the  entry point was someone from outside who waltzed in and
connected their laptop onto the network, till that point I had been doing
well. I tend to take issue a little with people who keep throwing the blame
at me and think I am trashing ISA, I like ISA a lot and I don't want to
change, but I have ICMP off on the internal NIC's right now and that’s a
pain but maybe something I have to live with, I have found other ways to
stop attacks from the dial ups, like blocking ICMP at the dial ups router
and access lists to let them only have what they need to the destinations
they need, I guess someone is going to say this should have already been in
place, and maybe they are right, but I have limited resources and time and
until Nachi no real problems (2 AV on mail system, 2 AV on firewall,
different AV on desktops + SUS). Anyway, life goes on and Nachi on my
network is my fault, fine :)

Merry Christmas to all and a pox on virus writers everywhere !!

Cheers

Phill

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Wednesday, 24 December 2003 1:26 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: FW: CISCO ALERT - Cisco warns of holes in PIX
firewalls

http://www.ISAserver.org

Phil, Phil, Phil...

Don't you know that in this forum everything but ISA sucks the chrome off a
'57 Chevy?


  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Tue, 23 Dec 2003 21:03:29 +1100
 "Phill Hardstaff - SPC" <phillh@xxxxxxx> wrote:
http://www.ISAserver.org

Nachi behind ISA kills it stone dead (just one infected machine is enough),
the point is every system has it's weaknesses, don't get too cocky guys.
Maybe PIX handles Nachi OK :)

Cheers

Phill

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.554 / Virus Database: 346 - Release Date: 20/12/2003
 

Other related posts:

• » Re: FW: CISCO ALERT - Cisco warns of holes in PIX f irewalls

1. Home
2. isalist
3. Archive
4. 12-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---