RE: Major ISA Security question:
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 25 Feb 2003 17:31:33 -0600
Hi Eddie,
ISA Server uses Destination Sets to determine which Web Publishing Rule
is used to redirect incoming requests, but I don't see how external
users would be able to use these against you, unless they've compromise
your server.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Eddie Kwong [mailto:eddiek@xxxxxxxxxxxx]
Sent: Monday, February 24, 2003 8:57 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Major ISA Security question:
http://www.ISAserver.org
Since ISA will use destination for incoming request, I was
afraid that people has been using my ISA as a bouncing wall and redirect
traffic using my site name. (I could be wrong)
-----Original Message-----
From: Thomas W Shinder
[mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Monday, February 24, 2003 8:00 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Major ISA Security question:
http://www.ISAserver.org
Hi Eddie,
Why would you think your server was compromised?
Thanks!
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Eddie Kwong [mailto:eddiek@xxxxxxxxxxxx]
Sent: Monday, February 24, 2003 8:59 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Major ISA Security
question:
http://www.ISAserver.org
My ISA server has Win2k and ISA installed and
that is all of it.
My network is quite simple, just a simple with
ISA server that has two network cards. One facing the internal network,
one connecting to a CISCO DSL modem/router, and then the DSL line to the
outside world.
I use the ISA enterprise version, no restriction
for outbound, for inbound, there is a setup for Exchange 2000 using the
default setup by ISA for Exchange 2000.
There is also a OWA setup through https. I have
all the necessary certificate setup, export by internal server, import
by ISA server, etc...
I also allow VPN access with PPTP and no IPSec.
Other than these, I block(didn't set up) any
other inbound access.
Tom, does this mean that my ISA server has been
compromised!!! And will allow forwarding of incoming requests to these
FQDN??!!!
Please help
-----Original Message-----
From: Thomas W Shinder
[mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Sunday, February 23, 2003 12:45 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Major ISA
Security question:
http://www.ISAserver.org
Hi Eddie,
ISA Server Web Publishing Rules will use
Destination Sets for the incoming request. This is the FQDN (and
optionally a path) that is used by the external user to access the site.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
-----Original Message-----
From: Eddie Kwong
[mailto:eddiek@xxxxxxxxxxxx]
Sent: Friday, February 21, 2003 3:16 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Major ISA Security
question:
http://www.ISAserver.org
Hi list members, Please help me out
here.
If I understand it right, for someone to
publish an internal server through ISA server, other than other things
that needs to be done, under the ISA server management you must go to
Policy Elements -> Destination Sets and setup the INTERNAL server
location there. I use all cap for INTERNAL because this is how I
believed ISA server works. This rule is suppose to be for locating the
internal server that has the web site you would like to publish.
My problem: I have been too busy for the
last two months and didn't get a chance to browse around ISA server for
any un-usual events. This morning when I look, I found out that there
is an extra Destination Set under the Policy Elements->Destination Sets.
With the long name 'Friends Greeting Worm Block Properties', (every work
spell as in the quotes) and the address were a list of
*.friend.greeting.com
*.friend.greetings.com
207.21.272.104
64.191.7.4
cool-downloads.com
etc.....
My 1 millions dollar Question: What is
this?
I am the only one in my organization
that setup and manage ISA server and I didn't put that extra destination
set in!!!
Any ideas?
Many thanks
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site:
http://www.msexchange.org/
Windows Security Resource Site:
http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: eddiek@xxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
