Hi Troy, I hear you. When you mix two groups of people who don't know which end eats: the Fed Govt and "security experts", then nothing good, right or valid can come out of it :) The compliance auditors remind of the MCSEs of the late 90s. Everyone was jumping on the bandwagon and didn't know a packet from a frame. They just did it because there was big money in it. I'm seeing the same thing in the Regulatory Compliance assessment field now -- a bunch of know-littles who make marginal assesssment based on little or no data. If you change fields, don't go into medicine, its 100 times worse! :) Thanks! Tom www.isaserver.org/shinder <http://www.isaserver.org/shinder> Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: TRadtke@xxxxxxxxxxxx [mailto:TRadtke@xxxxxxxxxxxx] Sent: Thursday, March 03, 2005 12:20 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 Enterprise is Out http://www.ISAserver.org Hi Tom, S.OX and G.L.B. have this one vague section about accessing resource that you don't need to have access to. Some auditors have apparently taken this as "This network needs no internet access therefore no computer on the domain should be able to talk to the internet directly." It's ok to go via proxy in another domain, but not directly. It's weird. Considering all the banks and remittance places we work with, some audits are completely painless and some are so convoluted that the auditors don't even know when we're fixed any outstanding issues that they "had". This stuff makes the IRS tax codes look like "Dick and Jane Go For a Walk In the Park". It's almost easier to Sneakernet stuff now days than pass files back and forth between our systems and a mainframe. And don't even get me started about how they don't even care about a Root account but will blast you back into last Tuesday for having a disabled user account with no privileges that's unable to log into the domain that is called Administrator. Man, it's almost time to take up being a dog groomer for abused pit bulls....... It's almost safer and involves less jail time if I screw something up...... Troy -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Thursday, March 03, 2005 12:02 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 Enterprise is Out http://www.ISAserver.org Hi Troy, I just noticed something. I don't recall SOX or GLB explicitly stating something like this. Are the morons who are doing the compliancy testing enforcing this fantasy? Thanks! Tom www.isaserver.org/shinder <http://www.isaserver.org/shinder> Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: TRadtke@xxxxxxxxxxxx [mailto:TRadtke@xxxxxxxxxxxx] Sent: Thursday, March 03, 2005 11:25 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 Enterprise is Out http://www.ISAserver.org Hi Tom, In a domain/child domain infrastructure, where would you put it? ISA2000 in an array was always best served by being in it's own domain with a one way trust to the network behind it, so it's isolated from the rest of the network in case it's compromised some how, yet trusting the internal network so it's manageable. In that form it's been passing S.OX. and G.L.B. compliancy testing and audits. Now I'm seeing you say to toss it into the domain and let it run. Any comments on that so I can see if we need to attack ISA2004EE from a different perspective? Thanks, Troy -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Thursday, March 03, 2005 10:57 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 Enterprise is Out http://www.ISAserver.org Hi Steve, The primary issues you'll run into are related to a "workgroup" installation, as its not a no-brainer and not for the those who aren't very jiggy with PKI. However, if you make the array a member of the domain, ISA EE is a true pleasure to behold. The integrated NLB feature is fantastic, the integrated logging and reporting is top shelf, and CARP exceptions are icing on the cake. I pity the fool who'd by SonicWall :-)) HTH, Tom www.isaserver.org/shinder <http://www.isaserver.org/shinder> Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: SteveC [mailto:stevec@xxxxxxxxxxx] Sent: Thursday, March 03, 2005 10:51 AM To: [ISAserver.org Discussion List] Subject: [isalist] ISA 2004 Enterprise is Out http://www.ISAserver.org How'd I miss the release of this one? Dr. Shinder, do you have any comments/news/tidbits on it before I dive in? Thanks. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx -- http://www.atomic9.net/public <http://www.atomic9.net/public> ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tradtke@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tradtke@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx