http://www.ISAserver.org ------------------------------------------------------- There's always room... not sure how *I* was the one that got tagged with absolutes here... My current 'home' network consists of a NetgearFVS publishing to a single nic ISA VM under ESX. Some would draw exception from that. But it works for me, and I understand the risks involved. I also don't (until recently) publish anything (here). And our set up in Bermuda is similar to the Internet -> ISA -> LAN environment. I'm fine with that (particularly with Steve around. While Steve is huge dork, he's actually quite smart). It all depends on what assets we're trying to protect. But we all know that. t -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak Sent: Monday, August 17, 2009 8:59 AM To: ISA Mailing List Subject: [isalist] Re: New Articles on Tales http://www.ISAserver.org ------------------------------------------------------- The end user does care about security, just not in the same way that pros like you do. I've no problem with a least privilege discussion provided there's room for the rest of us living in a slightly different reality. thanks, Amy -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Monday, August 17, 2009 11:29 AM To: ISA Mailing List Subject: [isalist] Re: New Articles on Tales http://www.ISAserver.org ------------------------------------------------------- Sure, but I was hoping the conversation could be escalated out of the "crazy man with one box" stories and on to the business models that drive the product we're all talking about. The "oh just bolt TMG on it and it will be more secure" mentality keeps it in the realm of a host-based firewall toy; something I've been fighting against for years. But you know, at least the guy was concerned about security. It think there is a lesson there too. Everyone saying the end user doesn't know and doesn't care, and yet we've got a guy who gives a damn enough to go out of his way and deal with the PITA of only having one box on the internet because of security. Crappy solution, but at least he was looking for one. t -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak Sent: Monday, August 17, 2009 8:08 AM To: ISA Mailing List Subject: [isalist] Re: New Articles on Tales http://www.ISAserver.org ------------------------------------------------------- Secure is in the eye of the beholder, isn't it? I talked a business owner that only allows 1 PC to be connected to the Internet because he wants his network to be secure. You want to send an email, you walk over and sit down at the "internet" computer. It's security vs function and ability to manage. Not every company has a Thor. thanks, Amy Babinchak Harbor Computer Services | 248-850-8616 | Mobile 248-890-1794 Phone Number: 248-850-8616 Web http://www.harborcomputerservices.net Client Blog http://smalltechnotes.blogspot.com Tech Blog http://securesmb.harborcomputerservices.net Buy My House: http:// www.HomesByOwner.com/15490 Are you an IT Pro? http://www.thirdtier.net -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Monday, August 17, 2009 10:55 AM To: ISA Mailing List Subject: [isalist] Re: New Articles on Tales http://www.ISAserver.org ------------------------------------------------------- Oh, well if MSFT released it like that, then it must be secure. Sorry, my bad. t -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak Sent: Monday, August 17, 2009 5:41 AM To: ISA Mailing List Subject: [isalist] Re: New Articles on Tales http://www.ISAserver.org ------------------------------------------------------- Doesn't matter really. The point is that Microsoft has a released firewall product called TMG with the EE installed on the domain member server. It's the same enough. thanks, Amy Babinchak Harbor Computer Services | 248-850-8616 | Mobile 248-890-1794 Phone Number: 248-850-8616 Web http://www.harborcomputerservices.net Client Blog http://smalltechnotes.blogspot.com Tech Blog http://securesmb.harborcomputerservices.net Buy My House: http:// www.HomesByOwner.com/15490 Are you an IT Pro? http://www.thirdtier.net -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat Sent: Monday, August 17, 2009 8:38 AM To: ISA Mailing List Subject: [isalist] Re: New Articles on Tales http://www.ISAserver.org ------------------------------------------------------- Not the same TMG.... -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak Sent: Monday, August 17, 2009 9:35 AM To: ISA Mailing List Subject: [isalist] Re: New Articles on Tales http://www.ISAserver.org ------------------------------------------------------- Microsoft has a released product where the TMG (with EBS) also running the Exchange 2007 Edge role is a domain member. thanks, Amy Babinchak Harbor Computer Services | 248-850-8616 | Mobile 248-890-1794 Phone Number: 248-850-8616 Web http://www.harborcomputerservices.net Client Blog http://smalltechnotes.blogspot.com Tech Blog http://securesmb.harborcomputerservices.net Buy My House: http:// www.HomesByOwner.com/15490 Are you an IT Pro? http://www.thirdtier.net -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Han Valk Sent: Monday, August 17, 2009 1:37 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: New Articles on Tales http://www.ISAserver.org ------------------------------------------------------- Ok I understand, that still leaves the point that some 'official' guidance from Microsoft would be nice. Han. ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison [Jim@xxxxxxxxxxxx] Sent: Sunday, August 16, 2009 4:32 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: New Articles on Tales http://www.ISAserver.org<http://www.isaserver.org/> ------------------------------------------------------- There is no "always" or "never" to either of them. It's situational and requires that the deployment team perform their own threat modeling. Exchange supports placing the edge role on a WG server to appease the "no domain members at the edge" tinfoil hat crowd, but when you combine it with TMG, the attack surface and thus the perceived threat of having the Exch edge role as a domain member is greatly reduced; even over that offered by Windows Firewall policies. Jim -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Han Valk Sent: Saturday, August 15, 2009 11:54 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: New Articles on Tales http://www.ISAserver.org<http://www.isaserver.org/> ------------------------------------------------------- As far as I know Exchange Edge is to be installed on a workgroup server while TMG does its best job when domain joined. So this is a bit of a contradiction to me. I would love to see guidance from Microsoft on that. Maybe this can be added to the Q&A in Understanding Email Protection on TMG. Han. > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Jim Harrison > Sent: Sunday, August 16, 2009 00:35 > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] New Articles on Tales > > http://blogs.technet.com/isablog/archive/2009/08/15/new-tales-from-the > - > edge-articles.aspx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com<http://www.techgenix.com/> ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com<http://www.techgenix.com/> ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx -- ExchangeDefender Message Security: Click below to verify authenticity http://www.exchangedefender.com/verify.asp?id=n7HCZOeB031684&from=amy@xxxxxxxxxxxxxxxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx -- ExchangeDefender Message Security: Click below to verify authenticity http://www.exchangedefender.com/verify.asp?id=n7HChniQ000721&from=amy@xxxxxxxxxxxxxxxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx -- ExchangeDefender Message Security: Click below to verify authenticity http://www.exchangedefender.com/verify.asp?id=n7HF7rbs004934&from=amy@xxxxxxxxxxxxxxxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx -- ExchangeDefender Message Security: Click below to verify authenticity http://www.exchangedefender.com/verify.asp?id=n7HFx3pN028517&from=amy@xxxxxxxxxxxxxxxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx