In short words, because it's already too late over here and I need a good boy's sleep: you're right. I took a glance at NAI's Intrushield which introduces a so called Virtual IDS. Of course, Intrushield is an IDS appliance and does other things than ISA, but the concept of virtual segments that are being monitored is appealing. Mark > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] > Sent: Friday, August 15, 2003 12:12 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: MS-Blast scripts > > > http://www.ISAserver.org > > > Hi Mark, > > Actually, you have a good point. The time is near when we > need an ISA like device on every system. That is, a smart > layer 7 sophisticated firewall. Not a pixoid packet filter, > but an ISA that can examine the application layer headers and > data. Microsoft is a software company, they understand > software, and layer 7 is all about app software. If anyone > can do it right, its going to be Microsoft. Cisco is good at > fast, but all that accomplishes is passing exploits faster > than anyone else. > > In fact, personal firewalls do perform such a function > already. But most of them, from my experience, cause more > problems than they fix. The exception, again in my > experience, is the unfairly maligned ICF. Its very > transparent and blocks unsolicited inbound requests. You have > to go out of your way to allow inbound connections, but at > least you can do that. > > (Check out the lamer "firewall feature" included with the > Windows Server 2003 RRAS. It'll block unsolicited inbound > requests, but you can forget about reverse NAT. ICF is more > sophisticated than the RRAS firewall > "service") > > The personal firewall needs to have a central policy, so that > you essentially extend the ISA features to the desktops and > other devices. The would also have reporting mechanism like > ISA and feed this information to the central reporting > system. You can see where I'm going with this! Servers would > also have a similar "satellite" firewall system. ISA can be > the hub firewall system that manages, reports, and updates > the satellite firewall systems. > > Sound good so far? > > :-) > Tom > > Thomas W Shinder > www.isaserver.org/shinder > ISA Server and Beyond: http://tinyurl.com/1jq1 > Configuring ISA Server: http://tinyurl.com/1llp > > > >