RE: ISA on SBS webcast
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 21 Nov 2005 14:42:58 -0600
That's what I was thinking. Although, I have no problems going through
the wizards. What I have a problem with is the dumb*ss defaults that are
used.
The "supportability" thing is a canard at best, and I won't say in mixed
company what it is at worst.
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: Steve Moffat [mailto:steve@xxxxxxxxxx]
> Sent: Monday, November 21, 2005 1:56 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA on SBS webcast
>
> http://www.ISAserver.org
>
> I have done it both ways....Takes an hour longer, but as the
> total setup
> time is a fixed rate...it don't cost the customer any extra...
>
> Steve
>
> -----Original Message-----
> From: sbradcpa@xxxxxxxxxxx [mailto:sbradcpa@xxxxxxxxxxx]
> Sent: Monday, November 21, 2005 2:12 PM
> To: ISA Mailing List
> Subject: [isalist] ISA on SBS webcast
>
> http://www.ISAserver.org
>
> Man the stereotypes in these threads :-)
>
> A couple of things of interest here....
>
> At SMBnation last year Mike Iem asked someone from the ISA
> team [not Jim
> I'm sure prob dark side of marketing] to represent ISA at
> SMBnation but
> they didn't accept [I don't know if a booth fee was involved or not
> ...just that there wasn't any ISA representation other than
> Jim Harrison
> and Amy and the rest of us going 'man...you should have
> presented...why
> was Sonicwall here?'
>
> ISA 2004 is finally a platform that the SBS consultant doesn't have to
> read Excel files to figure out what's going on. ISA 2000
> wasn't ready.
> 2004 is. You are seeing a maturing of ISA that finally has
> the balance
> of flexibility and monitoring/logging so that it makes sense now.
>
> You can see it in the marketplace as well, folks aren't going
> ...oooh....
> ISA....isn't that hard? Now they are saying ...hey the cool stuff in
> the monitoring tab and other such things.....
>
> Yes folks, this is about supportability. You don't own that SBS box,
> you have a fiduciary responsibility to that business owner to
> install a
> system in a manner that Mothership Los Colinas doesn't go
> "what the heck
> did you do with that SBS setup?'
>
> I challenge all of you to take a SBS box [vmware or vpc] install it
> with duhfaults [as a friend of mine would say on another
> listserve] and
> run the Connect to Internet wizard.
>
> Now... take a SBS box and stand it up manually...no wizards... all by
> hand.
>
> Okay now calculate a bill and present each one to your customer.
>
> Which one is that client going to pay for?
>
> How much more security is he getting?
>
> Questions to ask yourself... is the manual method so much more secure
> that
> the client is willing to pay for your time? Open up the icwtext.log
> file
> and see the umpteen selections there. Can you honestly say that a
> totally manual method is vastly superior over the using the wizard and
> then adjusting to the clients needs?
>
> If the client is that keen on a secure setup... then more than likely
> they'd be spending the money on additional hardware and operating
> licenses to split services and what not.
>
> The 'balanced way' is to stand it up with the wizards and 'then' you
> tweak. You get that box up to a known state and then you start adding
> your needs.
>
> As an example....I have yet to be convinced that naming a SBS box
> anything other than .local gives me any more choices for configuration
> than I already have. Again, we're dealing with a small
> business and for
> the vast majority of them, I'm not seeing that they benefit from
> deviation from the install routine.
>
> Once they are built... then yes, start building your own rule sets,
> adjusting whatever you'd like, but I guess I'm just not convinced that
> not using them is of benefit both in terms time spent to
> manually setup
> a SBS box and then to ensure it's been set up appropriately.
>
> Understand the wizards, but you'd be hard pressed to convince me that
> not using them provides any greater benefit, value for what
> you get and
> bang for the buck.
>
> Like someone said on the Focus on MS list... let's stop with the
> religious
> wars. These days a firewall runs on an operating system.
> One that can
> be secure or insecure depending on how you set it up.
>
> I would still argue that for that business owner, you stand
> up that SBS
> box with the defaults and then you adjust.
>
> Make no mistake about it those in the SBS world are still fighting the
> one nic/Sonicwall marketplace, but there are more and more folks that
> never installed ISA 2000 that are now looking at ISA 2004 with an open
> mind.
>
> In my opinion, the battle is now for my desktops... and my
> battle is for
> line of business apps that can't code worth a darn.
>
> There's a zero day IE exploit posted on www.incidents.org and
> folks are
> saying "quick run to Firefox". Uh.. how about we ensure that we are
> taking the long term view of moving our desktops to LUA, for
> now running
> with IE in high security or using Michael Howard's Drop My Rights, and
> then go beating up on vendors that can't code worth a darn.
>
> How about I ask again and all of us...including myself... start again
> with an open mind.
>
> Drop the stereotypes and assumptions and start fresh.
>
> How about we attempt to understand each others viewpoints and the
> marketplaces they are addressing?
>
> Susan
>
>
>
> Very well put!
>
> Joseph F. Danielsen,
> MCSA - Exchange Messaging Specialist, MCP Network Blade Inc.
> 49 Marcy Street
> Somerset, NJ 08873
> 732-213-0600
> www.networkblade.com
>
>
>
>
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Monday, November 21, 2005 9:16 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA on SBS webcast
>
> http://www.ISAserver.org
>
> Hi Amy,
>
> Indeed! Acutally, I was quite surprized by their overall low level of
> network awareness.
>
> That's why I was really getting into that SBS series on the
> ISAserver.org site and doing the analysis on what I thought
> was going on
> with the installation routine and explaning the meaning of the options
> to the folks. My take on things is that just 'cause someone
> doesn't know
> something doesn't mean he can't learn, and I wanted to make the
> opportunity available to learn about some interesting and important
> networking concepts, using the ISA firewall install and management as
> the framework.
>
> But then I hear that SBS is about running wizards and never deviating
> from them and the cr*ppy defaults they use, all for "supportability"
> reasons, and then end up dealing with a fraternity of folks
> like from a
> CM Kornbluth novel pounding on me for providing forbidden information.
>
> Who knows, I might go back into that space in the future.
> There's people
> like you, and Joseph, and heck ME who actually deploy this thing for
> people who aren't interested in being the lowest common denominator.
>
> Tom
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
>
>
>
> > -----Original Message-----
> > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
> > Sent: Monday, November 21, 2005 7:38 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: ISA on SBS webcast
> >
> > http://www.ISAserver.org
> >
> > Let's just say that year before last when you graciously
> wrangled me a
>
> > ticket into SMBNation it opened my eyes. I heard plenty of
> pretty dumb
>
> > things about ISA that weekend and I thought to myself, where have
> > these people come from? Then I thought, hey I'm pretty
> smart! I didn't
>
> > know anyone cared about SBS but me. I wasn't quite as bad
> as my friend
>
> > Mike "the island" (last name withheld) but I wasn't aware
> that there
> > was such a tight SBS community. I came in completely
> innocent and left
>
> > completely appalled at the level of ISA ignorance.
> >
> > The tide has turned. There is a tremendous thirst for ISA knowledge
> > among SBS consultants right now.
> >
> > Amy
> >
> > Harbor Computer Services
> > Small Business Computer Specialists
> >
> > Client Blog: http://smalltechnotes.blogspot.com/
> > Tech Blog: http://isainsbs.blogspot.com/
> > Website: http://www.harborcomputerservices.net/
> >
> >
> >
> > -----Original Message-----
> > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > Sent: Sunday, November 20, 2005 6:24 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: ISA on SBS webcast
> >
> > http://www.ISAserver.org
> >
> > Looks like Amy is a supporter of Jim Harrison's Blue Ribbon
> Campaign:
> >
> > http://www.msfirewall.org/isa2004/jimssbswork.htm
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://spaces.msn.com/members/drisa/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> >
> >
> >
> > > -----Original Message-----
> > > From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
> > > [mailto:sbradcpa@xxxxxxxxxxx]
> > > Sent: Sunday, November 20, 2005 4:08 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] ISA on SBS webcast
> > >
> > > http://www.ISAserver.org
> > >
> > > Amy Babinchak's ISA 2004 "taco talk" is now available for viewing:
> > > http://msmvps.com/bradley/archive/2005/11/20/76038.aspx
> > >
> > > Microsoft Office Live Meeting - View A Recording:
> > > https://www120.livemeeting.com/cc/winserver_usergroup/view?id=
> > > Q78FXW&pw=SqPq4%60P
> > >
> > >
> > > Live meeting recording thanks to the WinServer community
> group who
> > > also is bringing you www.theworkingnetwork.com
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> Discussion List
> > > as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> isalist@xxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
Other related posts:
