[isalist] Re: Nothing is secure like PIX
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Wed, 21 Jun 2006 21:21:42 -0500
Sheesh, I can't write any correctly the first time.
I meant to say:
"Your comments just touched a nerve regarding all the b*llsh*tology I
hear from Cisco kewl-ayd drinkers and base their opinions on the ISA
firewall without evening knowing or considering the facts"
Sorry about that.
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
Sent: Wednesday, June 21, 2006 9:04 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Nothing is secure like PIX
Hi Mohemed,
By the way, I hope you didn't take my rant the wrong way. It
wasn't meant to be personal or anything, and I can see that you're a fan
of the ISA firewall which is a good thing. Your comments just touched a
nerve regarding all the b*llsh*tology I hear from Cisco kewl-ayd
drinkers and based your opinions on the ISA firewall without evening
knowing or considering the facts.
Just wanted to know that I still appreciate your input and that
we're still friends :)
Thanks!
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Egyptian Mind
Sent: Wednesday, June 21, 2006 9:01 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Nothing is secure like PIX
http://www.ISAserver.org
-------------------------------------------------------
Dears,
No doubt that ISA 2000 or 2004 or even 2006, have
increased the possibility of controling user access,,, by allowing or
denying the browsing or a tiny issue like downloding gif and not
downloading jpg as an example..
This shows how much we can control user action,,,
Moreover, features like firewall services, securing VPN
connection, Nating, Publishing web sites, etc.... are very helpfull
features to make or Network Control is much easier...
But Nothing is secure like PIX...
I don't mean that PIX is more secure than ISA, or more
capable of handling requests... I'm talking about features and design
and even the hardware specification.... There is no comparison between
ISA and PIX
I'm here, in my network ; using two failover PIX and two
clustering ISA servers as well.. every device has it's
responsiblities...
ISA is responisble for handling he request from users
and filtering it depends on customized rules, and the great thing that
ISA server is a domain member, so I can customized the rules directly to
specific user ,,,
PIX is my Huge Body Guard which stand infront of my Out
Door, to filter any request come in or out my door... YEs ..( in or out
) not just in .... and it is built on a very advanced built-in program
in the hardware it self, it is the adaptive security algorithm, which
has alot of tools to scan the coming packet,... like if we said , the
ultravoilet, infarraed, and eye scanner and everything...
It's a very adaptive algorithm and it's very hard to
penetrate,,, note that this alogorithm is working on every packet goes
or come , also depend on your own cutomized rule you make on PIX,,,
and instead that the windows how operates, the adaptive
security algorithm are running using the same processing speed of it's
processor, as it is already loaded in the PIX processor and rams..
How faster do you think it will be !!!!!!?????
it also has a complete secure process for VPN connection
and PATING, NATING , ... etc
But PIX is not function as layer 7 appliance, so we use
ISA for this purpose,,, to control the Application layer and
presentation layer... nothing more, nothing less,, and also because PIX
is not integrating with Active Directory..
Finally, PIX is mandatory for security, and ISA is
mandatory for controling... but if we talked about the ability to be
hacked , I think you will agree with me that hacking a program runing on
Windows platform is much easier from penetrating program runing on
security dedicated appliance........ (( you can ask Bill Jates about it
))
Best Regards
Mohamed Saleh
Senior Network Administrator
College of Business Administration, CBA
Jeddah, Saudi Arabia
Tel: +966-02-6563199 ext 2521
Cell: - +966-50-2953591
!~` Yesterday is a History` ~!
!~` Tomorrow is a Mystery` ~!
!~` Today is a Gift` ~!
!~` So we call it ...............` ~!
!~` Present .......Simple` ~!
________________________________
From: "Shane Mullins" <tsmullins@xxxxxxxxxxxxxx>
Reply-To: isalist@xxxxxxxxxxxxx
To: <isalist@xxxxxxxxxxxxx>
Subject: [isalist] Re: Hardware.... (cringe)
...firewall ?
Date: Tue, 20 Jun 2006 13:12:08 -0400
>http://www.ISAserver.org
>-------------------------------------------------------
> Good Deal,
>
> We have used ISA since Proxy 2.0. I really
liked the upgrade
>from 2.0 to ISA 2000. But, I really really like
ISA 2004. Some of
>the new features are great, esp in the VPN
areas, stateful packet
>inspection. Also, I like the way ISA integrates
into AD, this is
>huge if you are a Windows shop. Also, there are
some third party
>snap ins that are very helpful.
>
>Shane
>
>PS I also really enjoyed reading your ISA 2004
book.
>
>
>
>----- Original Message ----- From: "Thomas W
Shinder"
><tshinder@xxxxxxxxxxx>
>To: <isalist@xxxxxxxxxxxxx>
>Sent: Tuesday, June 20, 2006 10:33 AM
>Subject: [isalist] Re: Hardware.... (cringe)
...firewall ?
>
>
>http://www.ISAserver.org
>-------------------------------------------------------
>
>Hi Shane,
>
>No problems, that's how I took it! :)
>
>The PIX tax reminds of when in the middle ages
you could pay the
>church
>to absolve you of your sins. The situation here
is that they're
>paying
>Cisco for their sin of slothfullness. Slothful
in that they haven't
>spent the time and effort to understand real
network security and
>blindly pay a router and switch company big
money to protect
>comporate
>data (does anyone see the paradox in this?)
>
>Thanks!
>Tom
>
>Thomas W Shinder, M.D.
>Site: www.isaserver.org
>Blog: http://blogs.isaserver.org/shinder/
>Book: http://tinyurl.com/3xqb7
>MVP -- ISA Firewalls
>
>
>
>>-----Original Message-----
>>From: isalist-bounce@xxxxxxxxxxxxx
>>[mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Shane Mullins
>>Sent: Tuesday, June 20, 2006 7:56 AM
>>To: isalist@xxxxxxxxxxxxx
>>Subject: [isalist] Re: Hardware.... (cringe)
...firewall ?
>>
>>http://www.ISAserver.org
>>-------------------------------------------------------
>>
>>Hey Thomas,
>>
>> I meant that to be a plug for ISA 2004. I
think ISA 2004
>>is great. We
>>have two ISA 2004 boxes that firewall and
provide internet
>>access for 3,500
>>machines. ISA 2004 has been rock solid for us.
ISA 2004
>>provides advanced
>>logging and caching functions that a
"hardware" firewall
>>cannot provide. I
>>have nothing against unix, but ISA 2004 is
great.
>> We could have paid 50k for a single pix to
provide
>>firewall services.
>>Then signed up for a 5k a year maintenance
agreement (so we could
>>rcv
>>updates). And all machines need updates, even
"hardware"
>>firewalls have an
>>OS. And ISA still does so much more.
>>
>>Shane
>>
>>
>>
>>
>>
>> > On 6/19/06, Thomas W Shinder
<tshinder@xxxxxxxxxxx> wrote:
>> >> http://www.ISAserver.org
>> >>
-------------------------------------------------------
>> >>
>> >> Yes, it's that good. Go Daddy and the ISP
are clueless.
>>Have you ever
>> >> talked to your ISP's "tech guys" who make
these
>>recommendations? Let's
>> >> just say that the typical interaction
leaves you with the
>>feeling that
>> >> they're not on the top of the firewall and
networking food
>>chains :)
>> >>
>> >> Thomas W Shinder, M.D.
>> >> Site: www.isaserver.org
>> >> Blog: http://blogs.isaserver.org/shinder/
>> >> Book: http://tinyurl.com/3xqb7
>> >> MVP -- ISA Firewalls
>> >>
>> >>
>> >>
>> >> > -----Original Message-----
>> >> > From: isalist-bounce@xxxxxxxxxxxxx
>> >> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Shane
>>Mullins
>> >> > Sent: Monday, June 19, 2006 1:10 PM
>> >> > To: isalist@xxxxxxxxxxxxx
>> >> > Subject: [isalist] Re: Hardware....
(cringe) ...firewall ?
>> >> >
>> >> > http://www.ISAserver.org
>> >> >
-------------------------------------------------------
>> >> >
>> >> > ISA 2K4 is really good? There is an eval
version. Maybe he
>> >> > would let you
>> >> > try that.
>> >> >
>> >> >
>> >> > Shane
>> >> >
>> >> > ----- Original Message -----
>> >> > From: "G.Waleed Kavalec"
<kavalec@xxxxxxxxx>
>> >> > To: <isalist@xxxxxxxxxxxxx>
>> >> > Sent: Monday, June 19, 2006 1:08 PM
>> >> > Subject: [isalist] Hardware.... (cringe)
...firewall ?
>> >> >
>> >> >
>> >> > > http://www.ISAserver.org
>> >> > >
-------------------------------------------------------
>> >> > > My boss has been talking to our ISP
and also to some folks
>> >> > at GoDaddy.
>> >> > >
>> >> > > Both use - and recommend - hardware
firewall solutions.
>> >> > >
>> >> > > What do I tell him? He is poised to
make one of those
>>classic PHB
>> >> > > decisions.
>> >> > >
>> >> > > (currently on ISA 2K)
>> >> > >
>> >> > > --
>> >> > >
>> >> > > G. Waleed Kavalec
>> >> > > -------------------------
>> >> > > Why are we all in this handbasket
>> >> > > and where is it going so fast?
>> >> > >
------------------------------------------------------
>> >> > > List Archives:
//www.freelists.org/archives/isalist/
>> >> > ISA Server
>> >> > > Newsletter:
http://www.isaserver.org/pages/newsletter.asp
>> >> > ISA Server
>> >> > > Articles and Tutorials:
>> >> >
http://www.isaserver.org/articles_tutorials/ ISA
>> >> > > Server Blogs:
>> >> > > http://blogs.isaserver.org/
>> >> >
------------------------------------------------------
>> >> > > Visit TechGenix.com for more
information about our other
>>sites:
>> >> > > http://www.techgenix.com
>> >> >
------------------------------------------------------
>> >> > > To unsubscribe visit
>> >> >
http://www.isaserver.org/pages/isalist.asp Report
>> >> > > abuse to listadmin@xxxxxxxxxxxxx
>> >> > >
>> >> >
>> >> >
------------------------------------------------------
>> >> > List Archives:
//www.freelists.org/archives/isalist/
>> >> > ISA Server Newsletter:
>>http://www.isaserver.org/pages/newsletter.asp
>> >> > ISA Server Articles and Tutorials:
>> >> >
http://www.isaserver.org/articles_tutorials/
>> >> > ISA Server Blogs:
http://blogs.isaserver.org/
>> >> >
------------------------------------------------------
>> >> > Visit TechGenix.com for more information
about our other
>>sites:
>> >> > http://www.techgenix.com
>> >> >
------------------------------------------------------
>> >> > To unsubscribe visit
>>http://www.isaserver.org/pages/isalist.asp
>> >> > Report abuse to listadmin@xxxxxxxxxxxxx
>> >> >
>> >> >
>> >> >
>> >>
------------------------------------------------------
>> >> List Archives:
//www.freelists.org/archives/isalist/
>> >> ISA Server Newsletter:
>>http://www.isaserver.org/pages/newsletter.asp
>> >> ISA Server Articles and Tutorials:
>> >>
http://www.isaserver.org/articles_tutorials/
>> >> ISA Server Blogs:
http://blogs.isaserver.org/
>> >>
------------------------------------------------------
>> >> Visit TechGenix.com for more information
about our other sites:
>> >> http://www.techgenix.com
>> >>
------------------------------------------------------
>> >> To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
>> >> Report abuse to listadmin@xxxxxxxxxxxxx
>> >>
>> >>
>> >
>> >
>> > -- >
>> > G. Waleed Kavalec
>> > -------------------------
>> > Why are we all in this handbasket
>> > and where is it going so fast?
>> >
>> > http://www.kavalec.com/thisisislam.swf
>> >
------------------------------------------------------
>> > List Archives:
//www.freelists.org/archives/isalist/
>>ISA Server
>> > Newsletter:
http://www.isaserver.org/pages/newsletter.asp
>>ISA Server
>> > Articles and Tutorials:
>>http://www.isaserver.org/articles_tutorials/
ISA
>> > Server Blogs:
>> > http://blogs.isaserver.org/
>>------------------------------------------------------
>> > Visit TechGenix.com for more information
about our other sites:
>> > http://www.techgenix.com
>>------------------------------------------------------
>> > To unsubscribe visit
>>http://www.isaserver.org/pages/isalist.asp
Report
>> > abuse to listadmin@xxxxxxxxxxxxx
>>
>>------------------------------------------------------
>>List Archives:
//www.freelists.org/archives/isalist/
>>ISA Server Newsletter:
>>http://www.isaserver.org/pages/newsletter.asp
>>ISA Server Articles and Tutorials:
>>http://www.isaserver.org/articles_tutorials/
>>ISA Server Blogs: http://blogs.isaserver.org/
>>------------------------------------------------------
>>Visit TechGenix.com for more information about
our other sites:
>>http://www.techgenix.com
>>------------------------------------------------------
>>To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
>>Report abuse to listadmin@xxxxxxxxxxxxx
>>
>>
>>
>------------------------------------------------------
>List Archives:
//www.freelists.org/archives/isalist/
>ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
>ISA Server Articles and Tutorials:
>http://www.isaserver.org/articles_tutorials/
>ISA Server Blogs: http://blogs.isaserver.org/
>------------------------------------------------------
>Visit TechGenix.com for more information about
our other sites:
>http://www.techgenix.com
>------------------------------------------------------
>To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
>Report abuse to listadmin@xxxxxxxxxxxxx
>
>------------------------------------------------------
>List Archives:
//www.freelists.org/archives/isalist/ ISA
>Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp ISA
>Server Articles and Tutorials:
>http://www.isaserver.org/articles_tutorials/
ISA Server Blogs:
>http://blogs.isaserver.org/
>------------------------------------------------------
>Visit TechGenix.com for more information about
our other sites:
>http://www.techgenix.com
>------------------------------------------------------
>To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
>Report abuse to listadmin@xxxxxxxxxxxxx
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/ ISA Server
Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server
Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA
Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------ Visit
TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------ To unsubscribe
visit http://www.isaserver.org/pages/isalist.asp Report abuse to
listadmin@xxxxxxxxxxxxx
Other related posts:
