RE: ISA 2004 Enterprise is Out
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 3 Mar 2005 12:31:14 -0600
Hi Troy,
I hear you. When you mix two groups of people who don't know which end
eats: the Fed Govt and "security experts", then nothing good, right or
valid can come out of it :)
The compliance auditors remind of the MCSEs of the late 90s. Everyone
was jumping on the bandwagon and didn't know a packet from a frame. They
just did it because there was big money in it. I'm seeing the same thing
in the Regulatory Compliance assessment field now -- a bunch of
know-littles who make marginal assesssment based on little or no data.
If you change fields, don't go into medicine, its 100 times worse! :)
Thanks!
Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: TRadtke@xxxxxxxxxxxx [mailto:TRadtke@xxxxxxxxxxxx]
Sent: Thursday, March 03, 2005 12:20 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 Enterprise is Out
http://www.ISAserver.org
Hi Tom,
S.OX and G.L.B. have this one vague section about accessing resource
that you don't need to have access to. Some auditors have apparently
taken this as "This network needs no internet access therefore no
computer on the domain should be able to talk to the internet directly."
It's ok to go via proxy in another domain, but not directly. It's
weird. Considering all the banks and remittance places we work with,
some audits are completely painless and some are so convoluted that the
auditors don't even know when we're fixed any outstanding issues that
they "had".
This stuff makes the IRS tax codes look like "Dick and Jane Go For a
Walk In the Park". It's almost easier to Sneakernet stuff now days than
pass files back and forth between our systems and a mainframe. And
don't even get me started about how they don't even care about a Root
account but will blast you back into last Tuesday for having a disabled
user account with no privileges that's unable to log into the domain
that is called Administrator.
Man, it's almost time to take up being a dog groomer for abused pit
bulls....... It's almost safer and involves less jail time if I screw
something up......
Troy
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Thursday, March 03, 2005 12:02 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 Enterprise is Out
http://www.ISAserver.org
Hi Troy,
I just noticed something. I don't recall SOX or GLB explicitly
stating something like this. Are the morons who are doing the compliancy
testing enforcing this fantasy?
Thanks!
Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: TRadtke@xxxxxxxxxxxx [mailto:TRadtke@xxxxxxxxxxxx]
Sent: Thursday, March 03, 2005 11:25 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 Enterprise is Out
http://www.ISAserver.org
Hi Tom,
In a domain/child domain infrastructure, where would you put it?
ISA2000 in an array was always best served by being in it's own domain
with a one way trust to the network behind it, so it's isolated from the
rest of the network in case it's compromised some how, yet trusting the
internal network so it's manageable. In that form it's been passing
S.OX. and G.L.B. compliancy testing and audits. Now I'm seeing you say
to toss it into the domain and let it run. Any comments on that so I
can see if we need to attack ISA2004EE from a different perspective?
Thanks,
Troy
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Thursday, March 03, 2005 10:57 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 Enterprise is Out
http://www.ISAserver.org
Hi Steve,
The primary issues you'll run into are related to a
"workgroup" installation, as its not a no-brainer and not for the those
who aren't very jiggy with PKI. However, if you make the array a member
of the domain, ISA EE is a true pleasure to behold. The integrated NLB
feature is fantastic, the integrated logging and reporting is top shelf,
and CARP exceptions are icing on the cake. I pity the fool who'd by
SonicWall :-))
HTH,
Tom
www.isaserver.org/shinder
<http://www.isaserver.org/shinder>
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: SteveC [mailto:stevec@xxxxxxxxxxx]
Sent: Thursday, March 03, 2005 10:51 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA 2004 Enterprise is Out
http://www.ISAserver.org
How'd I miss the release of this one? Dr. Shinder, do
you have any comments/news/tidbits on it before I dive in?
Thanks.
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking:
http://www.windowsnetworking.com
Leading Network Software Directory:
http://www.serverfiles.com
No.1 Exchange Server Resource Site:
http://www.msexchange.org
Windows Security Resource Site:
http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
--
http://www.atomic9.net/public
<http://www.atomic9.net/public>
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking:
http://www.windowsnetworking.com
Leading Network Software Directory:
http://www.serverfiles.com
No.1 Exchange Server Resource Site:
http://www.msexchange.org
Windows Security Resource Site:
http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: tradtke@xxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tradtke@xxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
