Re: Improving security of chained proxy

  • From: "Mojica, Joseph G.(Digitel-GSM)" <joseph.mojica@xxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 15 Jul 2004 14:33:35 +0800

Hi Jim, thanks anyway...btw, do you happen to know or heard any 3rd party
software/plugin to ISA that could alleviate this need? What about in the ISA
2004 version?

Thanks again!

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Thursday, July 15, 2004 2:14 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Improving security of chained proxy

http://www.ISAserver.org

ISA 2000 does not filter traffic on teh inside.
It's an unfortunate, unchangeable design choice.

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Thu, 15 Jul 2004 13:47:05 +0800
 "Mojica, Joseph G.(Digitel-GSM)" <joseph.mojica@xxxxxxxxxx> wrote:
http://www.ISAserver.org

Hi jim, 

A1 - I scanned my proxies from the inside using a desktop from one of our
users.
A2 - branch ISA is installed in integrated mode.

Hope to get your advise the soonest. Thanks!

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Wednesday, July 14, 2004 10:02 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Improving security of chained proxy

http://www.ISAserver.org

Q1 - you scanned tham from which side; internal or external?
Q2 - what mode are the branch ISA's installed in; Cache, Firewall or
Integrated?

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Wed, 14 Jul 2004 15:00:00 +0800
 "Mojica, Joseph G.(Digitel-GSM)" <joseph.mojica@xxxxxxxxxx> wrote:
http://www.ISAserver.org

Hi all, 

 

I'm using ISA Server 2000 Standard Ed., I have just setup 2 additional ISA
servers to our 2 remote offices chained to our main ISA Server here in our
main office. I'm confident that we're protected by ISA from outside
attacks...but what I would like to do now is to strengthen our defense from
inside attacks (LAN). I did a simple port scanning to my 2 chained ISA
server using GFI network security scanner and was able to gather a lot of
pertinent info about my servers including all open ports. Is it possible
and/or is there a way for me to somehow make my ISA servers invisible to our
internal users or to at least prevent them from port scanning my servers?

 

TIA,

Joseph



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
joseph.mojica@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
joseph.mojica@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 07-2004