Hi Jim, thanks anyway...btw, do you happen to know or heard any 3rd party software/plugin to ISA that could alleviate this need? What about in the ISA 2004 version? Thanks again! -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Thursday, July 15, 2004 2:14 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Improving security of chained proxy http://www.ISAserver.org ISA 2000 does not filter traffic on teh inside. It's an unfortunate, unchangeable design choice. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Thu, 15 Jul 2004 13:47:05 +0800 "Mojica, Joseph G.(Digitel-GSM)" <joseph.mojica@xxxxxxxxxx> wrote: http://www.ISAserver.org Hi jim, A1 - I scanned my proxies from the inside using a desktop from one of our users. A2 - branch ISA is installed in integrated mode. Hope to get your advise the soonest. Thanks! -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Wednesday, July 14, 2004 10:02 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Improving security of chained proxy http://www.ISAserver.org Q1 - you scanned tham from which side; internal or external? Q2 - what mode are the branch ISA's installed in; Cache, Firewall or Integrated? Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Wed, 14 Jul 2004 15:00:00 +0800 "Mojica, Joseph G.(Digitel-GSM)" <joseph.mojica@xxxxxxxxxx> wrote: http://www.ISAserver.org Hi all, I'm using ISA Server 2000 Standard Ed., I have just setup 2 additional ISA servers to our 2 remote offices chained to our main ISA Server here in our main office. I'm confident that we're protected by ISA from outside attacks...but what I would like to do now is to strengthen our defense from inside attacks (LAN). I did a simple port scanning to my 2 chained ISA server using GFI network security scanner and was able to gather a lot of pertinent info about my servers including all open ports. Is it possible and/or is there a way for me to somehow make my ISA servers invisible to our internal users or to at least prevent them from port scanning my servers? TIA, Joseph ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: joseph.mojica@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: joseph.mojica@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist