RE: ISA smarter than Checkpoint

  • From: "Greg Mulholland" <gmulholland@xxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 11 Oct 2005 08:41:10 +1000

yeah but they are secure Tom, :)

________________________________

From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Tuesday, 11 October 2005 7:52 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA smarter than Checkpoint


http://www.ISAserver.org

OK, cool. I agree. Only a "hardware" firewall guy would do something
like that ;-)

Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls




________________________________

        From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
        Sent: Monday, October 10, 2005 4:24 PM
        To: [ISAserver.org Discussion List]
        Subject: RE: [isalist] RE: ISA smarter than Checkpoint


        True enough (and I do the same).
        What I should have said was "to the Internet".

________________________________

        From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
        Sent: Mon 10/10/2005 1:30 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: ISA smarter than Checkpoint


        http://www.ISAserver.org

        Hey Jim,
        
        How about multiple internal networks, where you've segmented the
Networks physically using ISA? Works OK for me.
        
        Tom
        
        Thomas W Shinder, M.D.
        Site: www.isaserver.org <http://www.isaserver.org/>
        Blog: http://spaces.msn.com/members/drisa/
        Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
        MVP -- ISA Firewalls

        


________________________________

                From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
                Sent: Monday, October 10, 2005 3:24 PM
                To: [ISAserver.org Discussion List]
                Subject: RE: [isalist] ISA smarter than Checkpoint
        
        
                I hate to sound negative, but anyone allowing file
shares or GPO access across a firewall deserves the heartache they get.
                There are just too many other options to this mechanism.

________________________________

                From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
                Sent: Mon 10/10/2005 12:59 PM
                To: [ISAserver.org Discussion List]
                Subject: [isalist] ISA smarter than Checkpoint
        
        

                http://www.ISAserver.org
        
                I usually try not to compare ISA and Checkpoint, because
CP is a darned
                good firewall, and you pay the price for it. Its not
like the PIX, which
                is about as secure as the US Social Security system.
But, thought you
                might want a nice ISA pat on the back on this one:
        
                ** Check Point Vulnerability Expanded
                By Russ Cooper
        
                * Hacking/Denial of Service
        
                - Check Point SecurePlatform NGX Firewall Rules Bypass
                Vulnerability (Intellishield ID: 9706): This warning has
been
                reissued to add additional impacted products. Initially
reported
                was Check Point SecurePlatform NGX R60 Build 244 and
prior. Now
                added to that list: VPN-1/FireWall-1 versions NG AI, 4.1
and NG;
                VPN-1 VSX version NG AI; and Provider-1 versions NG AI
and NG.
        
                The rule supplied with the Firewall product to handle
"CIFS"
                traffic is equivalent to "ANY," in that it actually
allows any
                traffic to/from the source/destination addresses added
to the
                rule. CIFS is a file sharing protocol used by Windows
systems
                which permits SMB over TCP. The rule permits CIFS as
well as
                some legacy NetBIOS traffic. A proper CIFS rule should
limit
                traffic to port 445.
        
                While no patch has yet been provided by Check Point,
anyone
                needing this rule group can create a custom group of
their own
                limiting what traffic is allowed.
        
        
        
        
                Thomas W Shinder, M.D.
                Site: www.isaserver.org <http://www.isaserver.org/>
                Blog: http://spaces.msn.com/members/drisa/
                Book: http://tinyurl.com/3xqb7
<http://tinyurl.com/3xqb7>
                MVP -- ISA Firewalls
        
        
        
                ------------------------------------------------------
                List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
                ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
                ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
                ------------------------------------------------------
                Visit TechGenix.com for more information about our other
sites:
                http://www.techgenix.com
                ------------------------------------------------------
                You are currently subscribed to this ISAserver.org
Discussion List as: jim@xxxxxxxxxxxx
                To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
                Report abuse to listadmin@xxxxxxxxxxxxx
        

        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Visit TechGenix.com for more information about our other sites:
        http://www.techgenix.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: jim@xxxxxxxxxxxx
        To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gmulholland@xxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx















All mail to and from this network has been scanned for viruses

Other related posts: