[isalist] Re: Idiot ISA Comment of the Year

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 18 Aug 2006 09:48:10 -0500

Yikes! Sounds like a snake oil salesman's dream. Where can I find chumps like 
this to sell to?
 
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls

 


________________________________

        From: isalist-bounce@xxxxxxxxxxxxx 
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
        Sent: Friday, August 18, 2006 9:15 AM
        To: isalist@xxxxxxxxxxxxx
        Subject: [isalist] Re: Idiot ISA Comment of the Year
        
        

        This is where NDA is a bad thing.

        Otherwise, I'd be able to tell some hair-raising tales of my own...

        You wouldn't believe (maybe you would) some of the design proposals I 
get.

         

        ..stuff like:

        BOBOI ßà PIX ß|à CP ß|à Juniper ßà LAN

                       ISA ßà Net1

         

        ..all for the sake of "separation as security"

         

        From: isalist-bounce@xxxxxxxxxxxxx 
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
        Sent: Thursday, August 17, 2006 5:03 PM
        To: isalist@xxxxxxxxxxxxx
        Subject: [isalist] Re: Idiot ISA Comment of the Year

         

        Separate forest brings me back to the day when my boss sent me to 
Pennsylvania to consolidate 4 domains into one. Upon completion the "admin" at 
the school district told me he wasn't comfortable with all of the schools being 
in the same domain, called my boss and had me undo a weeks worth of work and 
put every school back into its own domain with a two way trust between every 
domain in the name of security. That's when I realized I needed to start 
looking for a new job.

         

        Amy 

         

________________________________

        From: isalist-bounce@xxxxxxxxxxxxx 
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
        Sent: Thursday, August 17, 2006 7:59 PM
        To: isalist@xxxxxxxxxxxxx
        Subject: [isalist] Idiot ISA Comment of the Year

         

        "Although my preference is to install ISA Server 2004 in a workgroup, 
especially when it's protecting the edge of the network, if you need domain 
membership for ISA Server 2004, consider installing it in a separate forest. 
For example, if you are running ISA Server 2004 in a DMZ, install it in a 
separate forest and then create a one-way trust between your internal forest 
and your ISA Server 2004 forest."

        http://www.certcities.com/editorial/columns/story.asp?EditorialsID=207

        I hate when these guys stick their collective thumbs up their a**es 
with this kind of idiot advice. Just what type of "protection" to they think 
they're going to stick by putting a PIX in front of the ISA firewall in this 
scenario? Like a friggin bullet fired in in certain establishments, this 
misconception continues to ricochet throughout the clueless without burying 
itself in the right target. ACK.

        If you don't understand why this is one of the most moronic statements 
you can make about the ISA firewall, stay tuned to my blog for "Attack of 
Truth" :)

        And to think guys like this are poisoning the minds of poor fledgling 
ISA admins who are trying to get their MCP in ISA :(

        Thomas W Shinder, M.D.
        Site: www.isaserver.org <http://www.isaserver.org/> 
        Blog: http://blogs.isaserver.org/shinder/
        Book: http://tinyurl.com/3xqb7
        MVP -- ISA Firewalls

         

        All mail to and from this domain is GFI-scanned.

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 08-2006