[isalist] Re: Idiot ISA Comment of the Year
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Thu, 17 Aug 2006 19:18:55 -0500
ACK!!! You knew "bucky the admin" in real life!
Whenever I hear that someone isn't "comfortable" with something, but
can't provide valid information support this discomfort, I know its time
to head for the hills before that stuff that flies off fans hits me.
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
Sent: Thursday, August 17, 2006 7:03 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Idiot ISA Comment of the Year
Separate forest brings me back to the day when my boss sent me
to Pennsylvania to consolidate 4 domains into one. Upon completion the
"admin" at the school district told me he wasn't comfortable with all of
the schools being in the same domain, called my boss and had me undo a
weeks worth of work and put every school back into its own domain with a
two way trust between every domain in the name of security. That's when
I realized I needed to start looking for a new job.
Amy
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
Sent: Thursday, August 17, 2006 7:59 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Idiot ISA Comment of the Year
"Although my preference is to install ISA Server 2004 in a
workgroup, especially when it's protecting the edge of the network, if
you need domain membership for ISA Server 2004, consider installing it
in a separate forest. For example, if you are running ISA Server 2004 in
a DMZ, install it in a separate forest and then create a one-way trust
between your internal forest and your ISA Server 2004 forest."
http://www.certcities.com/editorial/columns/story.asp?EditorialsID=207
I hate when these guys stick their collective thumbs up their
a**es with this kind of idiot advice. Just what type of "protection" to
they think they're going to stick by putting a PIX in front of the ISA
firewall in this scenario? Like a friggin bullet fired in in certain
establishments, this misconception continues to ricochet throughout the
clueless without burying itself in the right target. ACK.
If you don't understand why this is one of the most moronic
statements you can make about the ISA firewall, stay tuned to my blog
for "Attack of Truth" :)
And to think guys like this are poisoning the minds of poor
fledgling ISA admins who are trying to get their MCP in ISA :(
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
Other related posts:
