[isalist] Re: Nothing is secure like PIX
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Wed, 21 Jun 2006 21:58:19 -0500
I need to get back on my meds ;)
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God)
Sent: Wednesday, June 21, 2006 9:42 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Nothing is secure like PIX
Don't you mean "anything correctly the first time?"
:-PPPPPPPPPPP
t
On 6/21/06 7:21 PM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
spoketh to all:
Sheesh, I can't write any correctly the first time.
I meant to say:
"Your comments just touched a nerve regarding all the
b*llsh*tology I hear from Cisco kewl-ayd drinkers and base their
opinions on the ISA firewall without evening knowing or considering the
facts"
Sorry about that.
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
<http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
<http://tinyurl.com/3xqb7> <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
Sent: Wednesday, June 21, 2006 9:04 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Nothing is secure like
PIX
Hi Mohemed,
By the way, I hope you didn't take my rant the
wrong way. It wasn't meant to be personal or anything, and I can see
that you're a fan of the ISA firewall which is a good thing. Your
comments just touched a nerve regarding all the b*llsh*tology I hear
from Cisco kewl-ayd drinkers and based your opinions on the ISA
firewall without evening knowing or considering the facts.
Just wanted to know that I still appreciate your
input and that we're still friends :)
Thanks!
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
<http://www.isaserver.org/> <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
<http://tinyurl.com/3xqb7> <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Egyptian Mind
Sent: Wednesday, June 21, 2006 9:01 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Nothing is secure like PIX
http://www.ISAserver.org
-------------------------------------------------------
Dears,
No doubt that ISA 2000 or 2004 or even 2006,
have increased the possibility of controling user access,,, by allowing
or denying the browsing or a tiny issue like downloding gif and not
downloading jpg as an example..
This shows how much we can control user
action,,,
Moreover, features like firewall services,
securing VPN connection, Nating, Publishing web sites, etc.... are very
helpfull features to make or Network Control is much easier...
But Nothing is secure like PIX...
I don't mean that PIX is more secure than ISA,
or more capable of handling requests... I'm talking about features and
design and even the hardware specification.... There is no comparison
between ISA and PIX
I'm here, in my network ; using two failover PIX
and two clustering ISA servers as well.. every device has it's
responsiblities...
ISA is responisble for handling he request from
users and filtering it depends on customized rules, and the great thing
that ISA server is a domain member, so I can customized the rules
directly to specific user ,,,
PIX is my Huge Body Guard which stand infront of
my Out Door, to filter any request come in or out my door... YEs ..( in
or out ) not just in .... and it is built on a very advanced built-in
program in the hardware it self, it is the adaptive security algorithm,
which has alot of tools to scan the coming packet,... like if we said ,
the ultravoilet, infarraed, and eye scanner and everything...
It's a very adaptive algorithm and it's very
hard to penetrate,,, note that this alogorithm is working on every
packet goes or come , also depend on your own cutomized rule you make
on PIX,,,
and instead that the windows how operates, the
adaptive security algorithm are running using the same processing speed
of it's processor, as it is already loaded in the PIX processor and
rams..
How faster do you think it will be !!!!!!?????
it also has a complete secure process for VPN
connection and PATING, NATING , ... etc
But PIX is not function as layer 7 appliance, so
we use ISA for this purpose,,, to control the Application layer and
presentation layer... nothing more, nothing less,, and also because PIX
is not integrating with Active Directory..
Finally, PIX is mandatory for security, and ISA
is mandatory for controling... but if we talked about the ability to be
hacked , I think you will agree with me that hacking a program runing
on Windows platform is much easier from penetrating program runing on
security dedicated appliance........ (( you can ask Bill Jates about it
))
Best Regards
Mohamed Saleh
Senior Network Administrator
College of Business Administration, CBA
Jeddah, Saudi Arabia
Tel: +966-02-6563199 ext 2521
Cell: - +966-50-2953591
!~` Yesterday is a History` ~!
!~` Tomorrow is a Mystery` ~!
!~` Today is a Gift` ~!
!~` So we call it ...............` ~!
!~` Present .......Simple` ~!
________________________________
From: "Shane Mullins"
<tsmullins@xxxxxxxxxxxxxx>
Reply-To: isalist@xxxxxxxxxxxxx
To: <isalist@xxxxxxxxxxxxx>
Subject: [isalist] Re: Hardware....
(cringe) ...firewall ?
Date: Tue, 20 Jun 2006 13:12:08 -0400
>http://www.ISAserver.org
>-------------------------------------------------------
> Good Deal,
>
> We have used ISA since Proxy 2.0. I
really liked the upgrade
>from 2.0 to ISA 2000. But, I really
really like ISA 2004. Some of
>the new features are great, esp in the
VPN areas, stateful packet
>inspection. Also, I like the way ISA
integrates into AD, this is
>huge if you are a Windows shop. Also,
there are some third party
>snap ins that are very helpful.
>
>Shane
>
>PS I also really enjoyed reading your
ISA 2004 book.
>
>
>
>----- Original Message ----- From:
"Thomas W Shinder"
><tshinder@xxxxxxxxxxx>
>To: <isalist@xxxxxxxxxxxxx>
>Sent: Tuesday, June 20, 2006 10:33 AM
>Subject: [isalist] Re: Hardware....
(cringe) ...firewall ?
>
>
>http://www.ISAserver.org
>-------------------------------------------------------
>
>Hi Shane,
>
>No problems, that's how I took it! :)
>
>The PIX tax reminds of when in the
middle ages you could pay the
>church
>to absolve you of your sins. The
situation here is that they're
>paying
>Cisco for their sin of slothfullness.
Slothful in that they haven't
>spent the time and effort to
understand real network security and
>blindly pay a router and switch
company big money to protect
>comporate
>data (does anyone see the paradox in
this?)
>
>Thanks!
>Tom
>
>Thomas W Shinder, M.D.
>Site: www.isaserver.org
>Blog:
http://blogs.isaserver.org/shinder/
>Book: http://tinyurl.com/3xqb7
>MVP -- ISA Firewalls
>
>
>
>>-----Original Message-----
>>From: isalist-bounce@xxxxxxxxxxxxx
>>[mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Shane Mullins
>>Sent: Tuesday, June 20, 2006 7:56 AM
>>To: isalist@xxxxxxxxxxxxx
>>Subject: [isalist] Re: Hardware....
(cringe) ...firewall ?
>>
>>http://www.ISAserver.org
>>-------------------------------------------------------
>>
>>Hey Thomas,
>>
>> I meant that to be a plug for ISA
2004. I think ISA 2004
>>is great. We
>>have two ISA 2004 boxes that firewall
and provide internet
>>access for 3,500
>>machines. ISA 2004 has been rock solid
for us. ISA 2004
>>provides advanced
>>logging and caching functions that a
"hardware" firewall
>>cannot provide. I
>>have nothing against unix, but ISA
2004 is great.
>> We could have paid 50k for a single
pix to provide
>>firewall services.
>>Then signed up for a 5k a year
maintenance agreement (so we could
>>rcv
>>updates). And all machines need
updates, even "hardware"
>>firewalls have an
>>OS. And ISA still does so much more.
>>
>>Shane
>>
>>
>>
>>
>>
>> > On 6/19/06, Thomas W Shinder
<tshinder@xxxxxxxxxxx> wrote:
>> >> http://www.ISAserver.org
>> >>
-------------------------------------------------------
>> >>
>> >> Yes, it's that good. Go Daddy and
the ISP are clueless.
>>Have you ever
>> >> talked to your ISP's "tech guys"
who make these
>>recommendations? Let's
>> >> just say that the typical
interaction leaves you with the
>>feeling that
>> >> they're not on the top of the
firewall and networking food
>>chains :)
>> >>
>> >> Thomas W Shinder, M.D.
>> >> Site: www.isaserver.org
>> >> Blog:
http://blogs.isaserver.org/shinder/
>> >> Book: http://tinyurl.com/3xqb7
>> >> MVP -- ISA Firewalls
>> >>
>> >>
>> >>
>> >> > -----Original Message-----
>> >> > From:
isalist-bounce@xxxxxxxxxxxxx
>> >> >
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Shane
>>Mullins
>> >> > Sent: Monday, June 19, 2006
1:10 PM
>> >> > To: isalist@xxxxxxxxxxxxx
>> >> > Subject: [isalist] Re:
Hardware.... (cringe) ...firewall ?
>> >> >
>> >> > http://www.ISAserver.org
>> >> >
-------------------------------------------------------
>> >> >
>> >> > ISA 2K4 is really good? There is
an eval version. Maybe he
>> >> > would let you
>> >> > try that.
>> >> >
>> >> >
>> >> > Shane
>> >> >
>> >> > ----- Original Message -----
>> >> > From: "G.Waleed Kavalec"
<kavalec@xxxxxxxxx>
>> >> > To: <isalist@xxxxxxxxxxxxx>
>> >> > Sent: Monday, June 19, 2006
1:08 PM
>> >> > Subject: [isalist] Hardware....
(cringe) ...firewall ?
>> >> >
>> >> >
>> >> > > http://www.ISAserver.org
>> >> > >
-------------------------------------------------------
>> >> > > My boss has been talking to
our ISP and also to some folks
>> >> > at GoDaddy.
>> >> > >
>> >> > > Both use - and recommend -
hardware firewall solutions.
>> >> > >
>> >> > > What do I tell him? He is
poised to make one of those
>>classic PHB
>> >> > > decisions.
>> >> > >
>> >> > > (currently on ISA 2K)
>> >> > >
>> >> > > --
>> >> > >
>> >> > > G. Waleed Kavalec
>> >> > > -------------------------
>> >> > > Why are we all in this
handbasket
>> >> > > and where is it going so
fast?
>> >> > >
------------------------------------------------------
>> >> > > List Archives:
//www.freelists.org/archives/isalist/
>> >> > ISA Server
>> >> > > Newsletter:
http://www.isaserver.org/pages/newsletter.asp
>> >> > ISA Server
>> >> > > Articles and Tutorials:
>> >> >
http://www.isaserver.org/articles_tutorials/ ISA
>> >> > > Server Blogs:
>> >> > > http://blogs.isaserver.org/
>> >> >
------------------------------------------------------
>> >> > > Visit TechGenix.com for more
information about our other
>>sites:
>> >> > > http://www.techgenix.com
>> >> >
------------------------------------------------------
>> >> > > To unsubscribe visit
>> >> >
http://www.isaserver.org/pages/isalist.asp Report
>> >> > > abuse to
listadmin@xxxxxxxxxxxxx
>> >> > >
>> >> >
>> >> >
------------------------------------------------------
>> >> > List Archives:
//www.freelists.org/archives/isalist/
>> >> > ISA Server Newsletter:
>>http://www.isaserver.org/pages/newsletter.asp
>> >> > ISA Server Articles and
Tutorials:
>> >> >
http://www.isaserver.org/articles_tutorials/
>> >> > ISA Server Blogs:
http://blogs.isaserver.org/
>> >> >
------------------------------------------------------
>> >> > Visit TechGenix.com for more
information about our other
>>sites:
>> >> > http://www.techgenix.com
>> >> >
------------------------------------------------------
>> >> > To unsubscribe visit
>>http://www.isaserver.org/pages/isalist.asp
>> >> > Report abuse to
listadmin@xxxxxxxxxxxxx
>> >> >
>> >> >
>> >> >
>> >>
------------------------------------------------------
>> >> List Archives:
//www.freelists.org/archives/isalist/
>> >> ISA Server Newsletter:
>>http://www.isaserver.org/pages/newsletter.asp
>> >> ISA Server Articles and
Tutorials:
>> >>
http://www.isaserver.org/articles_tutorials/
>> >> ISA Server Blogs:
http://blogs.isaserver.org/
>> >>
------------------------------------------------------
>> >> Visit TechGenix.com for more
information about our other sites:
>> >> http://www.techgenix.com
>> >>
------------------------------------------------------
>> >> To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
>> >> Report abuse to
listadmin@xxxxxxxxxxxxx
>> >>
>> >>
>> >
>> >
>> > -- >
>> > G. Waleed Kavalec
>> > -------------------------
>> > Why are we all in this handbasket
>> > and where is it going so fast?
>> >
>> >
http://www.kavalec.com/thisisislam.swf
>> >
------------------------------------------------------
>> > List Archives:
//www.freelists.org/archives/isalist/
>>ISA Server
>> > Newsletter:
http://www.isaserver.org/pages/newsletter.asp
>>ISA Server
>> > Articles and Tutorials:
>>http://www.isaserver.org/articles_tutorials/ ISA
>> > Server Blogs:
>> > http://blogs.isaserver.org/
>>------------------------------------------------------
>> > Visit TechGenix.com for more
information about our other sites:
>> > http://www.techgenix.com
>>------------------------------------------------------
>> > To unsubscribe visit
>>http://www.isaserver.org/pages/isalist.asp Report
>> > abuse to listadmin@xxxxxxxxxxxxx
>>
>>------------------------------------------------------
>>List Archives:
//www.freelists.org/archives/isalist/
>>ISA Server Newsletter:
>>http://www.isaserver.org/pages/newsletter.asp
>>ISA Server Articles and Tutorials:
>>http://www.isaserver.org/articles_tutorials/
>>ISA Server Blogs:
http://blogs.isaserver.org/
>>------------------------------------------------------
>>Visit TechGenix.com for more
information about our other sites:
>>http://www.techgenix.com
>>------------------------------------------------------
>>To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
>>Report abuse to
listadmin@xxxxxxxxxxxxx
>>
>>
>>
>------------------------------------------------------
>List Archives:
//www.freelists.org/archives/isalist/
>ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
>ISA Server Articles and Tutorials:
>http://www.isaserver.org/articles_tutorials/
>ISA Server Blogs:
http://blogs.isaserver.org/
>------------------------------------------------------
>Visit TechGenix.com for more
information about our other sites:
>http://www.techgenix.com
>------------------------------------------------------
>To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
>Report abuse to
listadmin@xxxxxxxxxxxxx
>
>------------------------------------------------------
>List Archives:
//www.freelists.org/archives/isalist/ ISA
>Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp ISA
>Server Articles and Tutorials:
>http://www.isaserver.org/articles_tutorials/ ISA Server Blogs:
>http://blogs.isaserver.org/
>------------------------------------------------------
>Visit TechGenix.com for more
information about our other sites:
>http://www.techgenix.com
>------------------------------------------------------
>To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
>Report abuse to
listadmin@xxxxxxxxxxxxx
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/ ISA Server
Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server
Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA
Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------ Visit
TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------ To unsubscribe
visit http://www.isaserver.org/pages/isalist.asp Report abuse to
listadmin@xxxxxxxxxxxxx
Other related posts:
