That is kinda the approach our local University takes. The student laptops (which ALL students are required to lease) basically have their own public IP address via WAPs all over campus. Horrendous design, but takes all the pressure off their IT department as everything is web-based, and the rest is unsupported. -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, October 26, 2005 10:48 PM To: [ISAserver.org Discussion List] Subject: [isalist] FW: [fw-wiz] The Death Of A Firewall http://www.ISAserver.org This is a very interesting article: http://www.securitypipeline.com/165700439 I'll forgive the guy for thinking of high speed packet filters as the only type of "firewall" and some other conceptual blubobs. We can also ignore the title, since there are still firewalls segmenting different security perimeters, which is the thrust of the current article series on the www.isaserver.org Web site, and two more article series showing some other ways to do network security perimeter segmentation using ISA firewalls. What's interesting is that only the servers and other core network assets are protected and only to and from these assets are strong network access controls enforce. All the clients are considered untrusted, and sit behind an Internet router that lets everything in and out. I suppose this guy has a lot of public addresses to get away with this, but some companys have hundreds and thousands and tens of thousands to throw around. I'm going to chew on this idea some more, and see if I can tell a good ISA firewall story around it. It certainly would solve the "Open Port" button issue. Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: dball@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx