FW: RE: SBS

• From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 14 Oct 2005 10:27:11 -0400

 

I've never thought of the IRS and network security together before. I
don't think I want to, makes my brain panic. In some ways it's a good
analogy though. In both cases we're out here trying to do the right
thing while possessing imperfect knowledge about hackers and tax laws.
Truth is, if you're an SBS admin you possess imperfect knowledge about
everything. We got 6 server apps running on one box (before the business
adds any LOB's, backup, anti-virus, etc) and we've got to know enough
about each of them to keep them running. Back in the enterprise I was
only in charge of Exchange and Netware migration. (Well, OK that
annoying unix pbx too but only because no one else would touch it, not
because I wanted to.) Which meant that I knew a lot more about those
individual technologies. SBS isn't a technology, it's a whole IT
infrastructure. SBS is the best thing since the fax machine for small
business. We're talking real impact on how these business operate. 

 

Maybe Susan's answer about firewall best practice should be "You got a
better solution? I didn't think so." It would seem in character. 

 

I'm anxious for Centro to come out too. It's killing me that I had to
order the medium business bundle for a 200 user client and it doesn't
include ISA. They just couldn't wait. It's a pirated software, you call
that an active directory, clean up and it's got to be done now. Now,
I've got to figure out how I can sell Centro support into medium
businesses that already have an IT department. I'm secretly hoping that
it turns out to be as easy to screw up as SBS is. Businesses in that
size range tend to have PC techs, but not much above that.

 

Amy

 

Harbor Computer Services

Small Business Computer Specialists

 

Client Blog: http://smalltechnotes.blogspot.com/

Tech Blog: http://isainsbs.blogspot.com/

Website: http://www.harborcomputerservices.net/

 

  

 

________________________________

From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Friday, October 14, 2005 9:49 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: SBS

 

http://www.ISAserver.org
http://www.ISAserver.org

Hi Amy,

 

Its not suspending reality, is suspending disbelief. Let me give you an
example of how I've been guilty of this. You'll recall that ISA2k had
very poor support for DMZ networking. Well, a lot of people, for good
reason, wanted to put their front-end Exchange Server on the DMZ
network, since the front-end Exchange Server is an Internet facing host,
you certainly don't want it on the same security zone as non-Internet
facing hosts.

 

The problem was that ISA2k's DMZ support could not allow for a secure
DMZ networking solution with strong pre-authentication to the DMZ
segment and strong access controls between the DMZ segment and the
non-Internet facing security zone.

 

So, what did I do? I said "why would you want to extend your AD into the
DMZ"? and "the AD shouldn't be extended into different security zones".
Of course I knew this was bunk, but I suspended disbelief, crossed my
fingers behind my back, and tried to repeat the phrases so often that I
would almost believe them.

 

Of course, now that the ISA firewall supports secure DMZ networking
where you can securely place the front-end Exchange Server on the DMZ,
the Exchange teams horks (thanks for term, Jim!) their documentation and
promulgates b*llsh*t about having to "open too many ports" from the DMZ
to the non-Internet facing security zone.

 

Your right about the price point issues, and this isn't the area where
there's any suspension of reason or normal network security practices. I
don't have any problem accepting that reality and appreciate you get the
level of security you can pay for. I also heartily agree that they need
to come up with an ISA SKU that supports like 10-20 users and hits the
SonicWall, Check Point, and other vendors SOHO/SBS price points.

 

What I'm really referring to are things like
this:http://msmvps.com/bradley/archive/2005/10/10/69994.aspx

 

Its OK for her not to like the fact that you need to meet some minimum
requirements for a secure requirements, heck, I hate April 14 with a
passion. But network security principles and the IRS are realities
independent of our wishes and wants.

 

I can't wait until Centro comes out. We're going to have a KILLER
centro.org site. All the key components are included and the ISA
firewall will be on its own server. Life is going to be good, very good
:)

 

Thanks!

 

 

Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls

Other related posts:

• » FW: RE: SBS

1. Home
2. isalist
3. Archive
4. 10-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---