RE: ISA 2004 Enterprise is Out
- From: TRadtke@xxxxxxxxxxxx
- To: isalist@xxxxxxxxxxxxx
- Date: Thu, 3 Mar 2005 12:19:54 -0600
Hi Tom,
S.OX and G.L.B. have this one vague section about accessing resource that
you don't need to have access to. Some auditors have apparently taken this
as "This network needs no internet access therefore no computer on the
domain should be able to talk to the internet directly." It's ok to go via
proxy in another domain, but not directly. It's weird. Considering all the
banks and remittance places we work with, some audits are completely
painless and some are so convoluted that the auditors don't even know when
we're fixed any outstanding issues that they "had".
This stuff makes the IRS tax codes look like "Dick and Jane Go For a Walk In
the Park". It's almost easier to Sneakernet stuff now days than pass files
back and forth between our systems and a mainframe. And don't even get me
started about how they don't even care about a Root account but will blast
you back into last Tuesday for having a disabled user account with no
privileges that's unable to log into the domain that is called
Administrator.
Man, it's almost time to take up being a dog groomer for abused pit
bulls....... It's almost safer and involves less jail time if I screw
something up......
Troy
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Thursday, March 03, 2005 12:02 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 Enterprise is Out
http://www.ISAserver.org
Hi Troy,
I just noticed something. I don't recall SOX or GLB explicitly stating
something like this. Are the morons who are doing the compliancy testing
enforcing this fantasy?
Thanks!
Tom
<http://www.isaserver.org/shinder> www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
<http://tinyurl.com/3xqb7> http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
_____
From: TRadtke@xxxxxxxxxxxx [mailto:TRadtke@xxxxxxxxxxxx]
Sent: Thursday, March 03, 2005 11:25 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 Enterprise is Out
http://www.ISAserver.org
Hi Tom,
In a domain/child domain infrastructure, where would you put it? ISA2000 in
an array was always best served by being in it's own domain with a one way
trust to the network behind it, so it's isolated from the rest of the
network in case it's compromised some how, yet trusting the internal network
so it's manageable. In that form it's been passing S.OX. and G.L.B.
compliancy testing and audits. Now I'm seeing you say to toss it into the
domain and let it run. Any comments on that so I can see if we need to
attack ISA2004EE from a different perspective?
Thanks,
Troy
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Thursday, March 03, 2005 10:57 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 Enterprise is Out
http://www.ISAserver.org
Hi Steve,
The primary issues you'll run into are related to a "workgroup"
installation, as its not a no-brainer and not for the those who aren't very
jiggy with PKI. However, if you make the array a member of the domain, ISA
EE is a true pleasure to behold. The integrated NLB feature is fantastic,
the integrated logging and reporting is top shelf, and CARP exceptions are
icing on the cake. I pity the fool who'd by SonicWall :-))
HTH,
Tom
<http://www.isaserver.org/shinder> www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
<http://tinyurl.com/3xqb7> http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
_____
From: SteveC [mailto:stevec@xxxxxxxxxxx]
Sent: Thursday, March 03, 2005 10:51 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA 2004 Enterprise is Out
http://www.ISAserver.org
How'd I miss the release of this one? Dr. Shinder, do you have any
comments/news/tidbits on it before I dive in?
Thanks.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
--
<http://www.atomic9.net/public> http://www.atomic9.net/public
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tradtke@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tradtke@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
