Well, It's like the old saying....trust someone till they give you a reason not to. It just depends on you decide to trust to begin with and stick with them till you have reason not to. John http://www.aquesthosting.com Premium .Net Hosting Services ----- Original Message ----- From: "shane mullins" <tsmullins@xxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, October 14, 2003 5:40 PM Subject: [isalist] Re: Interesting Article Found In Linux Users & Developer > AD: Get Thawte's New Step-by-Step SSL Guide for MSIIS: > http://www.isaserver.org/thawte/ > well said kenny. i like to think "use what works for you". i try not to > bash others work, and i don't worry about what everybody else is doing. > > > > shane > > ----- Original Message ----- > From: "Kenny Mann" <Kennymann@xxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Tuesday, October 14, 2003 2:36 PM > Subject: [isalist] Re: Interesting Article Found In Linux Users & Developer > > > > AD: Get Thawte's New Step-by-Step SSL Guide for MSIIS: > > http://www.isaserver.org/thawte/ > > >Anyway... is ISA a fit for everybody? No. Is an Open Source=20 > > >solution to ISA a fit for everybody? No. > > > > Well said. We have trucks for all those off-road people and > > fast cars for people that want to burn some rubber. > > Is one better than the other? Only in perception. > > > > > > >spite of all the MS bashing and security "Chicken Little's"=20 > > >out there, ISA has stood its ground just fine. > > > > I started an admin as of a year and a half ago (roughly). > > I would have to say that ISA server, is somewhat easy to understand = > > (assuming you apply some common sense, or at least research before you = > > implement on a production server). I would have to say that my Microsoft = > > software hasn't fail me yet, OTOH neither has my Linux software at home = > > (I'm too poor to afford MS Win2K3 Server for personal use). > > For a noob admin, I would have to say that I am very impressed with ISA = > > Server. (I was very skeptical at first, but I'll give anything a fair = > > chance). > > > > >response on the OS side than I ever do with any MS product=20 > > >with the exception of this group. And I sincerely mean that. =20 > > >The ISA support list is truly awesome. > > > > Indeed. This list (and especially Tom and Jim) is probably one of the = > > few lists I am on that seems to be very effective, without being rude. > > I, for one, appreciate all your work and knowledge you have spread. > > > > Sincerely, > > Kenny Mann > > > > > > >-----Original Message----- > > >From: Ray Dzek [mailto:rdzek@xxxxxxxxxxxxxxx]=20 > > >Sent: Tuesday, October 14, 2003 12:35 PM > > >To: [ISAserver.org Discussion List] > > >Subject: [isalist] Re: Interesting Article Found In Linux=20 > > >Users & Developer > > > > > > > > >AD: Get Thawte's New Step-by-Step SSL Guide for MSIIS:=20 > > >http://www.isaserver.org/thawte/ > > >MS Hype vs. OS Hype > > > > > >Who wins? Depends on your point of view. I work with both MS=20 > > >and OS products in my environment. I find ISA to have most of=20 > > >the "problems" listed, but none of them have ever been acute=20 > > >or chronic. My own personal experiences with Squid have been=20 > > >reasonably pleasant, but I am a linux neophyte and do not=20 > > >*yet* trust myself to properly run a secured linux based PC as=20 > > >my border gateway. On the other hand, I have been running=20 > > >dual-homed NT boxes for years with no problems whatsoever. =20 > > >You can DDOS them to death, but you can't traverse them unless=20 > > >you've done something really silly which applies to any=20 > > >product. There have been plenty of attempts. I know this=20 > > >because we use Snort (open source) to detect intrusion=20 > > >attempts. The email from the ISA list was scanned by=20 > > >SpamAssassin, another excellent open source spam detection=20 > > >product, which runs in conjunction with Postfix, an open source MTA. > > > > > >Does this mean I am Anti-MS? Not at all. I am certainly in=20 > > >NO rush to start replacing desktops with Lindows, or any=20 > > >variant thereof. ISA does what we need to to do. In a=20 > > >"typical" medium to small business that is probably all MS=20 > > >desktops anyway, ISA is probably a very good fit. But in=20 > > >mixed environments, such as mine, with mixed linux, unix, Mac,=20 > > >and MS based PC's, ISA's appeal starts to fade. But I have=20 > > >certainly found certain niches within my IT structure where OS=20 > > >is a very good fit. > > > > > >Frankly I am sick-to-death of having to reboot production MS=20 > > >servers after hours all the freakin time for the exploit de'=20 > > >jour. On my linux boxes, I simply recompile the binary and=20 > > >restart the service and I'm done. I can do it any time and=20 > > >almost always do so without the users having a clue it was done. > > > > > >As far as tech support goes, I typically get better and faster=20 > > >response on the OS side than I ever do with any MS product=20 > > >with the exception of this group. And I sincerely mean that. =20 > > >The ISA support list is truly awesome. Which, quite frankly,=20 > > >is one of the compelling reasons why I have not been in a=20 > > >hurry to try anything else. > > > > > >Then there is the learning curve of setting up an OS solution.=20 > > > You have to gather all the components together, and hope that=20 > > >somebody has written a "how-to" that is actually legible, and=20 > > >without important steps missing (The how-to's have a bad habit=20 > > >of assuming you know certain things and leaving out critical=20 > > >tweaks to the operating system or which file permissions need=20 > > >to be set, etc.). And so now you have a working system, but=20 > > >you really don't understand how or why it works because the=20 > > >entire project was just a "paint by numbers" from somebody=20 > > >else's experience. (This was the most frustrating part for me=20 > > >when setting up SpamAssassin. But I had no budget and we were=20 > > >suddenly getting over 30,000 spam a month.) > > > > > >But a "dyed in the wool" unix person would probably find=20 > > >setting up ISA just as frustrating. > > > > > >From a security standpoint, which is what it really all boils=20 > > >down to, I have never read about, or heard about, a properly=20 > > >configured ISA box that has been broken into or through. In=20 > > >spite of all the MS bashing and security "Chicken Little's"=20 > > >out there, ISA has stood its ground just fine. > > > > > >Anyway... is ISA a fit for everybody? No. Is an Open Source=20 > > >solution to ISA a fit for everybody? No. > > > > > >----- Original Message ----- > > >From: "Paul Crisp" <PCrisp@xxxxxxxxxxxxxxxxx> > > >To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > >Sent: Tuesday, October 14, 2003 8:34 AM > > >Subject: [isalist] Interesting Article Found In Linux Users & Developer > > > > > > > > >> AD: Get Thawte's New Step-by-Step SSL Guide for MSIIS:=20 > > >> http://www.isaserver.org/thawte/ Any comments ?? > > >> > > >> >From a personal experience I find MS ISA brilliant, does=20 > > >everything I > > >want > > >> and more, and I haven't had all these troubles they mention in this > > >article > > >> Apologies for quality, just quickly OCR'd it. > > >> > > >> > > >> > > >> OPEN FOR BUSINESS > > >> Had enough of Microsoft? Open For Business is our monthly=20 > > >look at how=20 > > >> any business can replace proprietary software with open source=20 > > >> alternatives Replacing ISA B > > >> y adopting open source software you can slash costs, vastly=20 > > >improve speed > > >> and reliability and, perhaps even more importantly, wrest=20 > > >control back > > >from > > >> proprietary IT suppliers. > > >> In this month's column we look at providing secure, fast and=20 > > >reliable=20 > > >> Internet access for your business. We will be replacing a=20 > > >widely used,=20 > > >> yet heavily criticised Microsoft product, Internet Security and=20 > > >> Acceleration server (ISA). It elucidates on the case study=20 > > >of Aquatint=20 > > >> Printing on page 44, where much the same task was=20 > > >undertaken. ISA LOAD=20 > > >> OF TROUBLE ISA refers to Internet Security and Acceleration server.=20 > > >> Replacing it with an open source alternative is not only simple and=20 > > >> easy to do - it will > > >also > > >> save your business a huge amount of money and save your IT staff's=20 > > >> time > > >and > > >> stress levels. > > >> Add in vastly improved business functionality, performance,=20 > > >speed and=20 > > >> reliability, and there's no reason not to change over. Microsoft=20 > > >> describe ISA as "an extensible, multilayer, enterprise firewall and=20 > > >> Web cache that helps provide secure, fast, and manageable Internet=20 > > >> connectivity". Sounds great doesn't it? Unfortunately, the reality=20 > > >> does not match the marketing. Let's be kind and leave aside how=20 > > >> expensive deploying ISA is. However, a simple Google search=20 > > >brings up=20 > > >> a huge list of reported > > >problems, > > >> problems that any honest systems administrator will=20 > > >instantly confirm. > > >They > > >> include: > > >> These release notes contain the most up-to-date information about=20 > > >> installation, documentation, support, and other known issues.=20 > > >> Microsoft's Internet Security and Acceleration server has been known=20 > > >> to drive people mad - open source provides a much-needed alternative=20 > > >> Read Installation Guide > > >> > > >> Register I A Server > > >> * Installation problems > > >> * Spurious reboots needed to fix cranky behaviour > > >> * Traffic redirected to the wrong websites > > >> * Classic Microsoft reformat and reinstall needed for fixes > > >> * Reports not generated > > >> * Authentication problems > > >> * Poor performance and worse scalability * Users not being able to=20 > > >> connect when they should ... and more! > > >> ISA also locks you into a Microsoft-only infrastructure.=20 > > >That's fine if > > >you > > >> trust their future plans for your business and are happy with the=20 > > >> amount you're paying in license and compliance fees. But if=20 > > >you would=20 > > >> like to get off that treadmill, open source is the only way to go.=20 > > >> What's involved Providing Internet access for a network is quite=20 > > >> different from providing > > >it > > >> for a single machine. On a single machine you attach a modem. For a > > >network > > >> you have to have a dedicated machine (called a proxy server)=20 > > >that goes=20 > > >> online on behalf of any machine on the network. It grabs the=20 > > >requested=20 > > >> content and then passes it to the machine that asked for it.=20 > > >Most good=20 > > >> proxy servers will also save a local copy of the content (known > > >> as'caching') so that only changes to the content need be=20 > > >downloaded in=20 > > >> future. If your users look at some sites frequently, caching=20 > > >gives big=20 > > >> savings on your bandwidth needs whilst also dramatically improving > > >browsing > > >> speeds. > > >> Providing secure access for a network is generally done with a=20 > > >> firewall. Firewall is a hugely misunderstood and ambiguous term - it=20 > > >> can trigger religious wars amongst security experts. You'll be=20 > > >> relieved to hear that > > >for > > >> the sake of this article we're not going to join in and merely=20 > > >> understand > > >it > > >> to be a box you plug in to protect your network from bad things out=20 > > >> there > > >on > > >> the Internet. > > >> THIS MIGHT BE GREAT BUSINESS FOR MICROSOFT AND INTEL BUT=20 > > >EXPENSIVE FOR > > >YOU. > > >> THOSE DAYS ARE NOW GONE! > > >> Open source > > >> We'll use Linux as our underlying operating system. On top of this=20 > > >> we'll > > >be > > >> layering some of the open source world's leading projects,=20 > > >all best of=20 > > >> breed, and all included in the unbeatable purchase price (zero!) of=20 > > >> your Linux system. The proxying and caching is provided by Squid.=20 > > >> Squid is almost certainly what your own ISP uses (ask them!). Why?=20 > > >> Because it's the best. It's > > >hugely > > >> reliable, tunable, and faster than anything else out there.=20 > > >It will do=20 > > >> distributed and hierarchical caching (that is, several machines=20 > > >> running Squid co-operate and share cached content) both within your=20 > > >> network and/or with any of the global community of Squid users. Its=20 > > >> scalability is superb-serving a network of a thousand users=20 > > >will take=20 > > >> four or five ISA servers. Squid needs just one, or two if=20 > > >you want to=20 > > >> go > > >way > > >> over the top on resilience. > > >> The firewall is provided by netfilter, Linux's=20 > > >next-generation packet=20 > > >> filtering and stateful inspection engine. That mouthful of jargon=20 > > >> simply means it inspects incoming and outgoing information=20 > > >and decides=20 > > >> whether to pass it on or not- thus protecting your business from=20 > > >> unauthorised access, illegal attacks (including well known=20 > > >attacks on=20 > > >> Run ISA Server Enterprise Initialization Install ISA Server > > >> ad About igrat!nq to ISA er > > >> > > >> > > >> > > >> =A9=AE LinuxUser&Developer/33 > > >> FIREWALL IS A HUGELY MISUNDERSTOOD AND AMBIGUOUS TERM - IT=20 > > >CAN TRIGGER=20 > > >> RELIGIOUS WARS AMONGST SECURITY EXPERTS > > >> > > >> your other Microsoft software), worms, trojans, etc. > > >> In fact whatever you've read a proprietary firewall can do, netfilter > > >does, > > >> and then some more. Better than this, it has an open, modular > > >architecture. > > >> Modules for pretty much any security feature you can think of are > > >available > > >> (such as application-layer filtering, load-balancing,.etc), enabling=20 > > >> you > > >to > > >> intercept, analyse or modify any protocol over any port. > > >> Your Open Source Security & Internet Access server (as we're=20 > > >going to=20 > > >> call > > >> it) is completed with the addition of SpamAssassin for email=20 > > >filtering, > > >> snort for intrusion detection, ntop for reporting, and Webmin for > > >> any-platform GUI administration. > > >> You now have a system that beats Microsoft ISA on every score with no > > >> purchase costs or extortionate licensing fees every year.=20 > > >And it's future > > >> proof. When the next version is available, you simply update=20 > > >the modules > > >you > > >> need. You don't need to do the Microsoft thing and buy it all again=20 > > >> and > > >also > > >> buy a new, faster, bigger machine to run it on. This might be great > > >business > > >> for Microsoft and Intel > > >> but expensive and disruptive for you. Those days are now gone! > > >> > > >> ISA vs OPEN SOURCE > > >> Microsoft ISA Linux > > >> Easy GUI Configuration J J > > >> . > > >> J J > > >> Access Control > > >> *.. > > >> Content Caching J r > > >> Email Filtering J ,/ > > >> .-.- . > > >> X J > > >> Free Upgrades > > >> Firewall Firmware Based X X > > >> Speed/Reliability/Scalability Poor Good > > >> -.0. > > >> CAL Cost/User **=A368.64 =A30 > > >> * Approximate purchase price for W2K Advanced Server plus Microsoft=20 > > >> Internet Security & Acceleration Server 2000 Enterprise Edition > > >> ** Lowest per desktop price from Microsoft UK recommended > > >> online store (wwwwstore.co.uk). Based on Open Subscription > > >> Licence for 100 > > >> Mark Taylor is a Lead Consultant with Sirius. An early and continuing > > >> contributor to a wide spectrum of open source development=20 > > >projects, Mark > > >> actively works on wide-scale deployments of open source=20 > > >technologies in a > > >> variety of business environments. Sirius have help and documentation > > >> covering ISA migration on its website - www.siriusit.co.uk/=20 > > >ofb/isa-begone > > >> <http://www.siriusit.co.uk/ofb/isa-begone> . > > >> Mark is happy to reply to specific questions or queries=20 > > >raised by Open For > > >> Business. He can be contacted at mark.taylor@xxxxxxxxxxxxxx > > >> <mailto:mark.taylor@xxxxxxxxxxxxxx> > > >> > > >> > > >> Paul Crisp > > >> Snr Network Support Analyst > > >> t: 020 7 827 5201 > > >> f: 020 7 827 5266 > > >> > > >> > > >> > > >> Get Thawte's New Step-by-Step SSL Guide for MSIIS > > >> Find out how to test, purchase, and install a Thawte Digital=20 > > >> Certificate > > >on your MSIIS web server: > > >> http://www.isaserver.org/thawte/ > > >> > > >> ------------------------------------------------------ > > >> You are currently subscribed to this ISAserver.org=20 > > >Discussion List as: > > >rdzek@xxxxxxxxxxxxxxx > > >> To unsubscribe send a blank email to=20 > > >> $subst('Email.Unsub') > > > > > > > > >Get Thawte's New Step-by-Step SSL Guide for MSIIS > > >Find out how to test, purchase, and install a Thawte Digital=20 > > >Certificate on your MSIIS web server:=20 > > >http://www.isaserver.org/thawte/ > > > > > >------------------------------------------------------ > > >You are currently subscribed to this ISAserver.org Discussion=20 > > >List as: kennymann@xxxxxxxxxxx To unsubscribe send a blank=20 > > >email to $subst('Email.Unsub') > > > > > > > Get Thawte's New Step-by-Step SSL Guide for MSIIS > > Find out how to test, purchase, and install a Thawte Digital Certificate > on your MSIIS web server: > > http://www.isaserver.org/thawte/ > > > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > tsmullins@xxxxxxxxxxxxxx > > To unsubscribe send a blank email to $subst('Email.Unsub') > > > > > > > > > Get Thawte's New Step-by-Step SSL Guide for MSIIS > Find out how to test, purchase, and install a Thawte Digital Certificate on your MSIIS web server: > http://www.isaserver.org/thawte/ > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: jlyon@xxxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > >