RE: ISA running as reverse proxy and firewall
- From: "Quillman Shawn (RBNA/CIT1.1)" <Shawn.Quillman@xxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 25 Feb 2003 15:46:44 -0500
Yep, I was reminded of that :) Sorry for mis-speaking.
-Shawn
-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CIT1.1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-2855 (F)
shawn.quillman@xxxxxxxxxxxx
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, February 25, 2003 3:42 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA running as reverse proxy and firewall
http://www.ISAserver.org
Hi Shawn,
What about when ISA Server does SSL to SSL or SSL to HTTP bridging? In that
case, ISA Server decrypts the packet and either sends it in the clear, or
re-encrypts it. In both circumstances, the header information is available
to Web Filters, so full Application Layer examination can take place.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Quillman Shawn (RBNA/CIT1.1) [mailto:Shawn.Quillman@xxxxxxxxxxxx]
Sent: Tuesday, February 25, 2003 2:12 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA running as reverse proxy and firewall
http://www.ISAserver.org
The term "firewall" is very broad and just depends on the definitions of the
parties involved. An acl router could be termed a firewall. What he's
talking about when saying application level firewall is something that
monitors the commans of application level protocols (Gauntlet is another
example). Thus ISA would be monitoring things like HTTP gets/posts/heads,
etc and ftp gets/puts/ etc as opposed to what you're talking about at the
packet level. Yes ISA does this for HTTP, but not HTTPS because of the
nature of the protocol. The only application level command you'll see with
HTTPS is CONNECT, everything else will be encrypted.
-Shawn
-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CIT1.1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-2855 (F)
shawn.quillman@xxxxxxxxxxxx
-----Original Message-----
From: John Tolmachoff [mailto:isalist@xxxxxxxxxxxx]
Sent: Tuesday, February 25, 2003 2:48 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA running as reverse proxy and firewall
http://www.ISAserver.org
> I call "normal" firewall to a packet level firewall; application firewall
> for me it´s a firewall that it´s able to check what the users do (for
> example, if anything it´s trying to inject code). Is it the ISA server
> able to check this type of attacks ?
Checking to see if code is being injected into a return packet would be
caught at the packet level of the firewall, meaning the normal function of a
full firewall, as the injected code was not part of the request and the
firewall would see it as different and reject it. Yes, ISA does that.
Having the firewall take action or inaction based on other than IP falls
more into integration. ISA allows integration with users and groups and
domains and allows for rules and policies based on those.
CACHE only mode does not provide packet evaluation, and is therefore not a
firewall but as the name says. Its only "firewall" properties are in masking
either the source or destination depending upon use.
John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
