RE: FW: VPN/Routing Hardware Solutions

  • From: "cismic" <cismic@xxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 15 Oct 2003 01:14:05 -0700

Drop the scalpel give me words.

Joseph

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, October 15, 2003 12:54 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] FW: VPN/Routing Hardware Solutions


AD: Get Thawte's New Step-by-Step SSL Guide for MSIIS: 
http://www.isaserver.org/thawte/

Hey everyone,

Here's a nice response I sent to some dunderhead on the Sunbelt software
NTSYSADMIN list.

Hope you enjoy it. I did :-)

Tom
www.isaserver.org/shinder


-----Original Message-----
From: Thomas W Shinder 
Sent: Wednesday, October 15, 2003 2:48 AM
To: NT System Admin Issues
Subject: RE: VPN/Routing Hardware Solutions

Hi Don,

Until you learn about how ISA handles RPC, you're giving all USA admins
a *very bad name*. Maybe you're leaning on firewall concepts your
learned a decade ago, but things have changed a bit since then.

BTW -- I never said any about publishing over HTTPS. If I did, please
point that out.

PLEASE do your research! No wonder all the jobs are going over to India.
I don't see this kind of poor research happen with my friends from over
there, and I'm not even a fan of off-shoring.

You really need to research things before showing your ignorance and
prejudice. 

Until you can give a cogent reason for ignorantly and blindly blocking
the RPC port mapper (other than laziness and incomptence) then as we
used to say back in the day "shut the pie hole".

HTH,
Tom
www.isaserver.org/shinder

 

-----Original Message-----
From: Ely, Don [mailto:dely@xxxxxxxxxxxxxxxxxx]
Sent: Monday, October 13, 2003 11:42 AM
To: NT System Admin Issues
Subject: RE: VPN/Routing Hardware Solutions

I believe you'd be incorrect...

While the "Firewall for Dummies" or ISA Server as Thomas calls it makes
it simpler to publish RPC over HTTP/S, all of the major firewall vendors
would have still prevented the RPC attack if the firewall was configured
properly.


-----Original Message-----
From: Stephen I. Woolhead
[mailto:Stephen.Woolhead@xxxxxxxxxxxxxxxxxxxxxxx]
Sent: Monday, October 13, 2003 12:35 PM
To: NT System Admin Issues
Subject: RE: VPN/Routing Hardware Solutions



> -----Original Message-----
> From: Daniel Chenault [mailto:DanielC@xxxxxxxxxxxxxxxx]
> Sent: 12 October 2003 19:00
> To: NT System Admin Issues
> Subject: RE: VPN/Routing Hardware Solutions
> 
> My $120 D-Link router here at the house handled the RPC/DCOM attacks
with
> aplomb. I have the logs to prove it.

The difference, I think, is with ISA you could have published RPC from
an un-patched internal Exchange server and ISA will protect it.  A new
feature of FR1 for ISA I believe especially for exchange.

If you had published the same server via simple port forwarding,
regardless if you used a Cisco or ISA, it (the exchange server) would
have been at risk from the RPC attack until it was patched.

Stephen.


Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
This Month Sponsored By: iHateSpam Server Edition:
http://www.sunbelt-software.com/rd/rd.cfm?id=030501BA-iHateSpamServer

Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
This Month Sponsored By: iHateSpam Server Edition:
http://www.sunbelt-software.com/rd/rd.cfm?id=030501BA-iHateSpamServer



Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
This Month Sponsored By: iHateSpam Server Edition:
http://www.sunbelt-software.com/rd/rd.cfm?id=030501BA-iHateSpamServer



Get Thawte's New Step-by-Step SSL Guide for MSIIS
Find out how to test, purchase, and install a Thawte Digital Certificate
on your MSIIS web server: 
http://www.isaserver.org/thawte/

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


Other related posts: