I could feed ya once, or I could show ya how to fish: Google Search: split tunneling http://www.google.com/search?q=split%20tunneling&sourceid=mozilla-search &start=0&start=0&ie=utf-8&oe=utf-8 (The second link from nortel networks, has a good page) BTW, I didn't know what it was until 5 minutes again ;-) Kenny Mann >-----Original Message----- >From: Yakesh Arora [mailto:aroray@xxxxxxxxxxxxxxxxxx] >Sent: Tuesday, September 02, 2003 11:11 AM >To: [ISAserver.org Discussion List] >Subject: [isalist] Re: Mail filter and anti-virus, please advise! > > >http://www.ISAserver.org > > >What is split tunneling? >----- Original Message ----- >From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> >To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> >Sent: Tuesday, September 02, 2003 5:05 PM >Subject: [isalist] Re: Mail filter and anti-virus, please advise! > > >http://www.ISAserver.org > > >Hi Kenny, > >And don't forget to NEVER allow split tunneling and NEVER >allow users to connect modems to their computers. Both these >config allow users to subvert firewall policy. > >HTH, >Tom > >Thomas W Shinder >www.isaserver.org/shinder >ISA Server and Beyond: http://tinyurl.com/1jq1 >Configuring ISA Server: http://tinyurl.com/1llp > > > > >-----Original Message----- >From: Kenny Mann [mailto:Kennymann@xxxxxxxxxxx] >Sent: Tuesday, September 02, 2003 10:57 AM >To: [ISAserver.org Discussion List] >Subject: [isalist] Re: Mail filter and anti-virus, please advise! > > >http://www.ISAserver.org > > >In general (IMO: In all cases) it's a bad idea to rely on a >single point, as that will inevitably be your single-point of >failure. From your emails I father you are focusing on >security in general so... Many things make up a secure network. > >1.) Firewall (ISA, Cisco, IPTables, etc Even Windows 2000 and >XP have TCP/IP filtering built-in, so your client machines can >have their own firewalls, just in case). >2.) Software Updates. I say software updates because this >effects everything. Your firewall, your OS, and your running >software. Windows Update is a good thing to run on a regular >basis. If you are worried about an update hosing your >machines, once a week run it on your machine, then allow other >people to update a couple days later. I believe that Isa 2000 >is on SP1. >3.) Antivirus. Having an Exchange addon or mail addon (for >whatever mail server you use) is a good idea. Some machines >may not be powerful enough to run a real-time virus scanner. >Upgrade them, or at least install it and once a week (day?) >scan the machine. >4.) When installing Win2K/XP give it an administrator >password. Even if it's something simple/stupid. It may stop a >worm that exploits blank admin passwords or mounts the C$ share. > >Anything I missed anyone? > >>> Thats the reason, I didnt see any reason for av on every machine. >>> >>> Would'nt you agree? >Me being me, I would rather play paranoid. It's very difficult >to cover all the holes and to stop someone from getting data >in. It's been my experience that people who generally don't >know any better accidently find a way in.. Maybe it's just my >luck but... What if someone sends an attachment that the >server can not scan or accidently allows through? If your AV >doesn't catch a virus, but the next day it's added to your >definitions. You already have a virus in your network. It is >not a fun way to spend a weekend dis-infecting computers >(unless you have some Nerf toys ;-) and a few friends) You say >that only a couple computers are allows to have access to >floppies and cd-roms, do you mean the drive or disk? Someone >could bring a disk from home and show joe blow in the cube >next door this cool neat game, which is virus infected. Is it >possible for any of them to bring a laptop in and jack it into >the network? What if they have a USB drive? FTP access? > ></two cents> >Hope this helps! > >Kenny Mann > >------------------------------------------------------ >List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist >ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ >------------------------------------------------------ >Other Internet Software Marketing Sites: >Leading Network Software Directory: http://www.serverfiles.com >No.1 Exchange Server Resource Site: http://www.msexchange.org >Windows Security Resource Site: http://www.windowsecurity.com/ >Network Security Library: http://www.secinf.net/ Windows >2000/NT Fax Solutions: http://www.ntfaxfaq.com >------------------------------------------------------ >You are currently subscribed to this ISAserver.org Discussion >List as: aroray@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank >email to $subst('Email.Unsub') > > > >------------------------------------------------------ >List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist >ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ >------------------------------------------------------ >Other Internet Software Marketing Sites: >Leading Network Software Directory: http://www.serverfiles.com >No.1 Exchange Server Resource Site: http://www.msexchange.org >Windows Security Resource Site: http://www.windowsecurity.com/ >Network Security Library: http://www.secinf.net/ Windows >2000/NT Fax Solutions: http://www.ntfaxfaq.com >------------------------------------------------------ >You are currently subscribed to this ISAserver.org Discussion >List as: kennymann@xxxxxxxxxxx To unsubscribe send a blank >email to $subst('Email.Unsub') >