[isalist] Re: Nothing is secure like PIX
- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 21 Jun 2006 20:08:22 -0700
Are you sharing??? ;)
On 6/21/06 7:58 PM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> spoketh to
all:
> I need to get back on my meds ;)
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org <http://www.isaserver.org/>
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
> MVP -- ISA Firewalls
>
>
>
>>
>>
>>
>> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
>> Behalf Of Thor (Hammer of God)
>> Sent: Wednesday, June 21, 2006 9:42 PM
>> To: isalist@xxxxxxxxxxxxx
>> Subject: [isalist] Re: Nothing is secure like PIX
>>
>>
>> Don¹t you mean ³anything correctly the first time?² :-PPPPPPPPPPP
>>
>> t
>>
>>
>> On 6/21/06 7:21 PM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> spoketh to
>> all:
>>
>>
>>> Sheesh, I can't write any correctly the first time.
>>>
>>> I meant to say:
>>>
>>> "Your comments just touched a nerve regarding all the b*llsh*tology I hear
>>> from Cisco kewl-ayd drinkers and base their opinions on the ISA firewall
>>> without evening knowing or considering the facts"
>>>
>>> Sorry about that.
>>>
>>> Tom
>>>
>>> Thomas W Shinder, M.D.
>>> Site: www.isaserver.org <http://www.isaserver.org/>
>>> Blog: http://blogs.isaserver.org/shinder/
>>> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
>>> MVP -- ISA Firewalls
>>>
>>>
>>>
>>>
>>>>
>>>>
>>>>
>>>>
>>>> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
>>>> On Behalf Of Thomas W Shinder
>>>> Sent: Wednesday, June 21, 2006 9:04 PM
>>>> To: isalist@xxxxxxxxxxxxx
>>>> Subject: [isalist] Re: Nothing is secure like PIX
>>>>
>>>>
>>>>
>>>> Hi Mohemed,
>>>>
>>>>
>>>>
>>>> By the way, I hope you didn't take my rant the wrong way. It wasn't meant
>>>> to be personal or anything, and I can see that you're a fan of the ISA
>>>> firewall which is a good thing. Your comments just touched a nerve
>>>> regarding all the b*llsh*tology I hear from Cisco kewl-ayd drinkers and
>>>> based your opinions on the ISA firewall without evening knowing or
>>>> considering the facts.
>>>>
>>>>
>>>>
>>>> Just wanted to know that I still appreciate your input and that we're
>>>> still friends :)
>>>>
>>>>
>>>>
>>>> Thanks!
>>>>
>>>> Tom
>>>>
>>>>
>>>>
>>>>
>>>> Thomas W Shinder, M.D.
>>>> Site: www.isaserver.org <http://www.isaserver.org/>
>>>> Blog: http://blogs.isaserver.org/shinder/
>>>> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
>>>> MVP -- ISA Firewalls
>>>
>>>
>>>
>>>
>>>
>>>>
>>>>
>>>>
>>>>
>>>> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
>>>> On Behalf Of Egyptian Mind
>>>> Sent: Wednesday, June 21, 2006 9:01 AM
>>>> To: isalist@xxxxxxxxxxxxx
>>>> Subject: [isalist] Nothing is secure like PIX
>>>>
>>>>
>>>> http://www.ISAserver.org
>>>> -------------------------------------------------------
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Dears,
>>>>
>>>>
>>>> No doubt that ISA 2000 or 2004 or even 2006, have increased the
>>>> possibility of controling user access,,, by allowing or denying the
>>>> browsing or a tiny issue like downloding gif and not downloading jpg as
>>>> an example..
>>>>
>>>>
>>>> This shows how much we can control user action,,,
>>>>
>>>>
>>>> Moreover, features like firewall services, securing VPN connection,
>>>> Nating, Publishing web sites, etc.... are very helpfull features to make
>>>> or Network Control is much easier...
>>>>
>>>>
>>>> But Nothing is secure like PIX...
>>>>
>>>>
>>>> I don't mean that PIX is more secure than ISA, or more capable of
>>>> handling requests... I'm talking about features and design and even the
>>>> hardware specification.... There is no comparison between ISA and PIX
>>>>
>>>>
>>>> I'm here, in my network ; using two failover PIX and two clustering ISA
>>>> servers as well.. every device has it's responsiblities...
>>>>
>>>>
>>>> ISA is responisble for handling he request from users and filtering it
>>>> depends on customized rules, and the great thing that ISA server is a
>>>> domain member, so I can customized the rules directly to specific user
>>>> ,,,
>>>>
>>>>
>>>> PIX is my Huge Body Guard which stand infront of my Out Door, to filter
>>>> any request come in or out my door... YEs ..( in or out ) not just in
>>>> .... and it is built on a very advanced built-in program in the hardware
>>>> it self, it is the adaptive security algorithm, which has alot of tools
>>>> to scan the coming packet,... like if we said , the ultravoilet,
>>>> infarraed, and eye scanner and everything...
>>>>
>>>>
>>>> It's a very adaptive algorithm and it's very hard to penetrate,,, note
>>>> that this alogorithm is working on every packet goes or come , also
>>>> depend on your own cutomized rule you make on PIX,,,
>>>>
>>>>
>>>> and instead that the windows how operates, the adaptive security
>>>> algorithm are running using the same processing speed of it's processor,
>>>> as it is already loaded in the PIX processor and rams..
>>>>
>>>>
>>>> How faster do you think it will be !!!!!!?????
>>>>
>>>>
>>>> it also has a complete secure process for VPN connection and PATING,
>>>> NATING , ... etc
>>>>
>>>>
>>>> But PIX is not function as layer 7 appliance, so we use ISA for this
>>>> purpose,,, to control the Application layer and presentation layer...
>>>> nothing more, nothing less,, and also because PIX is not integrating with
>>>> Active Directory..
>>>>
>>>>
>>>> Finally, PIX is mandatory for security, and ISA is mandatory for
>>>> controling... but if we talked about the ability to be hacked , I think
>>>> you will agree with me that hacking a program runing on Windows platform
>>>> is much easier from penetrating program runing on security dedicated
>>>> appliance........ (( you can ask Bill Jates about it ))
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Best Regards
>>>>
>>>> Mohamed Saleh
>>>>
>>>>
>>>> Senior Network Administrator
>>>> College of Business Administration, CBA
>>>> Jeddah, Saudi Arabia
>>>> Tel: +966-02-6563199 ext 2521
>>>> Cell: - +966-50-2953591
>>>>
>>>>
>>>>
>>>>
>>>> !~` Yesterday is a History` ~!
>>>>
>>>> !~` Tomorrow is a Mystery` ~!
>>>>
>>>> !~` Today is a Gift` ~!
>>>>
>>>> !~` So we call it ...............` ~!
>>>>
>>>>
>>>> !~` Present .......Simple` ~!
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>
>>>>>
>>>>>
>>>>> From: "Shane Mullins" <tsmullins@xxxxxxxxxxxxxx>
>>>>> Reply-To: isalist@xxxxxxxxxxxxx
>>>>> To: <isalist@xxxxxxxxxxxxx>
>>>>> Subject: [isalist] Re: Hardware.... (cringe) ...firewall ?
>>>>> Date: Tue, 20 Jun 2006 13:12:08 -0400
>>>>>> >http://www.ISAserver.org
>>>>>> >-------------------------------------------------------
>>>>>> > Good Deal,
>>>>>> >
>>>>>> > We have used ISA since Proxy 2.0. I really liked the upgrade
>>>>>> >from 2.0 to ISA 2000. But, I really really like ISA 2004. Some of
>>>>>> >the new features are great, esp in the VPN areas, stateful packet
>>>>>> >inspection. Also, I like the way ISA integrates into AD, this is
>>>>>> >huge if you are a Windows shop. Also, there are some third party
>>>>>> >snap ins that are very helpful.
>>>>>> >
>>>>>> >Shane
>>>>>> >
>>>>>> >PS I also really enjoyed reading your ISA 2004 book.
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> >----- Original Message ----- From: "Thomas W Shinder"
>>>>>> ><tshinder@xxxxxxxxxxx>
>>>>>> >To: <isalist@xxxxxxxxxxxxx>
>>>>>> >Sent: Tuesday, June 20, 2006 10:33 AM
>>>>>> >Subject: [isalist] Re: Hardware.... (cringe) ...firewall ?
>>>>>> >
>>>>>> >
>>>>>> >http://www.ISAserver.org
>>>>>> >-------------------------------------------------------
>>>>>> >
>>>>>> >Hi Shane,
>>>>>> >
>>>>>> >No problems, that's how I took it! :)
>>>>>> >
>>>>>> >The PIX tax reminds of when in the middle ages you could pay the
>>>>>> >church
>>>>>> >to absolve you of your sins. The situation here is that they're
>>>>>> >paying
>>>>>> >Cisco for their sin of slothfullness. Slothful in that they haven't
>>>>>> >spent the time and effort to understand real network security and
>>>>>> >blindly pay a router and switch company big money to protect
>>>>>> >comporate
>>>>>> >data (does anyone see the paradox in this?)
>>>>>> >
>>>>>> >Thanks!
>>>>>> >Tom
>>>>>> >
>>>>>> >Thomas W Shinder, M.D.
>>>>>> >Site: www.isaserver.org
>>>>>> >Blog: http://blogs.isaserver.org/shinder/
>>>>>> >Book: http://tinyurl.com/3xqb7
>>>>>> >MVP -- ISA Firewalls
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>>> >>-----Original Message-----
>>>>>>> >>From: isalist-bounce@xxxxxxxxxxxxx
>>>>>>> >>[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Shane Mullins
>>>>>>> >>Sent: Tuesday, June 20, 2006 7:56 AM
>>>>>>> >>To: isalist@xxxxxxxxxxxxx
>>>>>>> >>Subject: [isalist] Re: Hardware.... (cringe) ...firewall ?
>>>>>>> >>
>>>>>>> >>http://www.ISAserver.org
>>>>>>> >>-------------------------------------------------------
>>>>>>> >>
>>>>>>> >>Hey Thomas,
>>>>>>> >>
>>>>>>> >> I meant that to be a plug for ISA 2004. I think ISA 2004
>>>>>>> >>is great. We
>>>>>>> >>have two ISA 2004 boxes that firewall and provide internet
>>>>>>> >>access for 3,500
>>>>>>> >>machines. ISA 2004 has been rock solid for us. ISA 2004
>>>>>>> >>provides advanced
>>>>>>> >>logging and caching functions that a "hardware" firewall
>>>>>>> >>cannot provide. I
>>>>>>> >>have nothing against unix, but ISA 2004 is great.
>>>>>>> >> We could have paid 50k for a single pix to provide
>>>>>>> >>firewall services.
>>>>>>> >>Then signed up for a 5k a year maintenance agreement (so we could
>>>>>>> >>rcv
>>>>>>> >>updates). And all machines need updates, even "hardware"
>>>>>>> >>firewalls have an
>>>>>>> >>OS. And ISA still does so much more.
>>>>>>> >>
>>>>>>> >>Shane
>>>>>>> >>
>>>>>>> >>
>>>>>>> >>
>>>>>>> >>
>>>>>>> >>
>>>>>>>> >> > On 6/19/06, Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote:
>>>>>>>>> >> >> http://www.ISAserver.org
>>>>>>>>> >> >> -------------------------------------------------------
>>>>>>>>> >> >>
>>>>>>>>> >> >> Yes, it's that good. Go Daddy and the ISP are clueless.
>>>>>>> >>Have you ever
>>>>>>>>> >> >> talked to your ISP's "tech guys" who make these
>>>>>>> >>recommendations? Let's
>>>>>>>>> >> >> just say that the typical interaction leaves you with the
>>>>>>> >>feeling that
>>>>>>>>> >> >> they're not on the top of the firewall and networking food
>>>>>>> >>chains :)
>>>>>>>>> >> >>
>>>>>>>>> >> >> Thomas W Shinder, M.D.
>>>>>>>>> >> >> Site: www.isaserver.org
>>>>>>>>> >> >> Blog: http://blogs.isaserver.org/shinder/
>>>>>>>>> >> >> Book: http://tinyurl.com/3xqb7
>>>>>>>>> >> >> MVP -- ISA Firewalls
>>>>>>>>> >> >>
>>>>>>>>> >> >>
>>>>>>>>> >> >>
>>>>>>>>>> >> >> > -----Original Message-----
>>>>>>>>>> >> >> > From: isalist-bounce@xxxxxxxxxxxxx
>>>>>>>>>> >> >> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Shane
>>>>>>> >>Mullins
>>>>>>>>>> >> >> > Sent: Monday, June 19, 2006 1:10 PM
>>>>>>>>>> >> >> > To: isalist@xxxxxxxxxxxxx
>>>>>>>>>> >> >> > Subject: [isalist] Re: Hardware.... (cringe) ...firewall ?
>>>>>>>>>> >> >> >
>>>>>>>>>> >> >> > http://www.ISAserver.org
>>>>>>>>>> >> >> > -------------------------------------------------------
>>>>>>>>>> >> >> >
>>>>>>>>>> >> >> > ISA 2K4 is really good? There is an eval version. Maybe he
>>>>>>>>>> >> >> > would let you
>>>>>>>>>> >> >> > try that.
>>>>>>>>>> >> >> >
>>>>>>>>>> >> >> >
>>>>>>>>>> >> >> > Shane
>>>>>>>>>> >> >> >
>>>>>>>>>> >> >> > ----- Original Message -----
>>>>>>>>>> >> >> > From: "G.Waleed Kavalec" <kavalec@xxxxxxxxx>
>>>>>>>>>> >> >> > To: <isalist@xxxxxxxxxxxxx>
>>>>>>>>>> >> >> > Sent: Monday, June 19, 2006 1:08 PM
>>>>>>>>>> >> >> > Subject: [isalist] Hardware.... (cringe) ...firewall ?
>>>>>>>>>> >> >> >
>>>>>>>>>> >> >> >
>>>>>>>>>>> >> >> > > http://www.ISAserver.org
>>>>>>>>>>> >> >> > >
>>>>>>>>>>> -------------------------------------------------------
>>>>>>>>>>> >> >> > > My boss has been talking to our ISP and also to some
folks
>>>>>>>>>> >> >> > at GoDaddy.
>>>>>>>>>>> >> >> > >
>>>>>>>>>>> >> >> > > Both use - and recommend - hardware firewall solutions.
>>>>>>>>>>> >> >> > >
>>>>>>>>>>> >> >> > > What do I tell him? He is poised to make one of those
>>>>>>> >>classic PHB
>>>>>>>>>>> >> >> > > decisions.
>>>>>>>>>>> >> >> > >
>>>>>>>>>>> >> >> > > (currently on ISA 2K)
>>>>>>>>>>> >> >> > >
>>>>>>>>>>> >> >> > > --
>>>>>>>>>>> >> >> > >
>>>>>>>>>>> >> >> > > G. Waleed Kavalec
>>>>>>>>>>> >> >> > > -------------------------
>>>>>>>>>>> >> >> > > Why are we all in this handbasket
>>>>>>>>>>> >> >> > > and where is it going so fast?
>>>>>>>>>>> >> >> > > ------------------------------------------------------
>>>>>>>>>>> >> >> > > List Archives:
>>>>>>>>>>> //www.freelists.org/archives/isalist/
>>>>>>>>>> >> >> > ISA Server
>>>>>>>>>>> >> >> > > Newsletter:
>>>>>>>>>>> http://www.isaserver.org/pages/newsletter.asp
>>>>>>>>>> >> >> > ISA Server
>>>>>>>>>>> >> >> > > Articles and Tutorials:
>>>>>>>>>> >> >> > http://www.isaserver.org/articles_tutorials/ ISA
>>>>>>>>>>> >> >> > > Server Blogs:
>>>>>>>>>>> >> >> > > http://blogs.isaserver.org/
>>>>>>>>>> >> >> > ------------------------------------------------------
>>>>>>>>>>> >> >> > > Visit TechGenix.com for more information about our
other
>>>>>>> >>sites:
>>>>>>>>>>> >> >> > > http://www.techgenix.com
>>>>>>>>>> >> >> > ------------------------------------------------------
>>>>>>>>>>> >> >> > > To unsubscribe visit
>>>>>>>>>> >> >> > http://www.isaserver.org/pages/isalist.asp Report
>>>>>>>>>>> >> >> > > abuse to listadmin@xxxxxxxxxxxxx
>>>>>>>>>>> >> >> > >
>>>>>>>>>> >> >> >
>>>>>>>>>> >> >> > ------------------------------------------------------
>>>>>>>>>> >> >> > List Archives: //www.freelists.org/archives/isalist/
>>>>>>>>>> >> >> > ISA Server Newsletter:
>>>>>>> >>http://www.isaserver.org/pages/newsletter.asp
>>>>>>>>>> >> >> > ISA Server Articles and Tutorials:
>>>>>>>>>> >> >> > http://www.isaserver.org/articles_tutorials/
>>>>>>>>>> >> >> > ISA Server Blogs: http://blogs.isaserver.org/
>>>>>>>>>> >> >> > ------------------------------------------------------
>>>>>>>>>> >> >> > Visit TechGenix.com for more information about our other
>>>>>>> >>sites:
>>>>>>>>>> >> >> > http://www.techgenix.com
>>>>>>>>>> >> >> > ------------------------------------------------------
>>>>>>>>>> >> >> > To unsubscribe visit
>>>>>>> >>http://www.isaserver.org/pages/isalist.asp
>>>>>>>>>> >> >> > Report abuse to listadmin@xxxxxxxxxxxxx
>>>>>>>>>> >> >> >
>>>>>>>>>> >> >> >
>>>>>>>>>> >> >> >
>>>>>>>>> >> >> ------------------------------------------------------
>>>>>>>>> >> >> List Archives: //www.freelists.org/archives/isalist/
>>>>>>>>> >> >> ISA Server Newsletter:
>>>>>>> >>http://www.isaserver.org/pages/newsletter.asp
>>>>>>>>> >> >> ISA Server Articles and Tutorials:
>>>>>>>>> >> >> http://www.isaserver.org/articles_tutorials/
>>>>>>>>> >> >> ISA Server Blogs: http://blogs.isaserver.org/
>>>>>>>>> >> >> ------------------------------------------------------
>>>>>>>>> >> >> Visit TechGenix.com for more information about our other
sites:
>>>>>>>>> >> >> http://www.techgenix.com
>>>>>>>>> >> >> ------------------------------------------------------
>>>>>>>>> >> >> To unsubscribe visit
>>>>>>>>> http://www.isaserver.org/pages/isalist.asp
>>>>>>>>> >> >> Report abuse to listadmin@xxxxxxxxxxxxx
>>>>>>>>> >> >>
>>>>>>>>> >> >>
>>>>>>>> >> >
>>>>>>>> >> >
>>>>>>>> >> > -- >
>>>>>>>> >> > G. Waleed Kavalec
>>>>>>>> >> > -------------------------
>>>>>>>> >> > Why are we all in this handbasket
>>>>>>>> >> > and where is it going so fast?
>>>>>>>> >> >
>>>>>>>> >> > http://www.kavalec.com/thisisislam.swf
>>>>>>>> >> > ------------------------------------------------------
>>>>>>>> >> > List Archives: //www.freelists.org/archives/isalist/
>>>>>>> >>ISA Server
>>>>>>>> >> > Newsletter: http://www.isaserver.org/pages/newsletter.asp
>>>>>>> >>ISA Server
>>>>>>>> >> > Articles and Tutorials:
>>>>>>> >>http://www.isaserver.org/articles_tutorials/ ISA
>>>>>>>> >> > Server Blogs:
>>>>>>>> >> > http://blogs.isaserver.org/
>>>>>>> >>------------------------------------------------------
>>>>>>>> >> > Visit TechGenix.com for more information about our other
sites:
>>>>>>>> >> > http://www.techgenix.com
>>>>>>> >>------------------------------------------------------
>>>>>>>> >> > To unsubscribe visit
>>>>>>> >>http://www.isaserver.org/pages/isalist.asp Report
>>>>>>>> >> > abuse to listadmin@xxxxxxxxxxxxx
>>>>>>> >>
>>>>>>> >>------------------------------------------------------
>>>>>>> >>List Archives: //www.freelists.org/archives/isalist/
>>>>>>> >>ISA Server Newsletter:
>>>>>>> >>http://www.isaserver.org/pages/newsletter.asp
>>>>>>> >>ISA Server Articles and Tutorials:
>>>>>>> >>http://www.isaserver.org/articles_tutorials/
>>>>>>> >>ISA Server Blogs: http://blogs.isaserver.org/
>>>>>>> >>------------------------------------------------------
>>>>>>> >>Visit TechGenix.com for more information about our other sites:
>>>>>>> >>http://www.techgenix.com
>>>>>>> >>------------------------------------------------------
>>>>>>> >>To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>>>>>>> >>Report abuse to listadmin@xxxxxxxxxxxxx
>>>>>>> >>
>>>>>>> >>
>>>>>>> >>
>>>>>> >------------------------------------------------------
>>>>>> >List Archives: //www.freelists.org/archives/isalist/
>>>>>> >ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>>>>>> >ISA Server Articles and Tutorials:
>>>>>> >http://www.isaserver.org/articles_tutorials/
>>>>>> >ISA Server Blogs: http://blogs.isaserver.org/
>>>>>> >------------------------------------------------------
>>>>>> >Visit TechGenix.com for more information about our other sites:
>>>>>> >http://www.techgenix.com
>>>>>> >------------------------------------------------------
>>>>>> >To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>>>>>> >Report abuse to listadmin@xxxxxxxxxxxxx
>>>>>> >
>>>>>> >------------------------------------------------------
>>>>>> >List Archives: //www.freelists.org/archives/isalist/ ISA
>>>>>> >Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA
>>>>>> >Server Articles and Tutorials:
>>>>>> >http://www.isaserver.org/articles_tutorials/ ISA Server Blogs:
>>>>>> >http://blogs.isaserver.org/
>>>>>> >------------------------------------------------------
>>>>>> >Visit TechGenix.com for more information about our other sites:
>>>>>> >http://www.techgenix.com
>>>>>> >------------------------------------------------------
>>>>>> >To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>>>>>> >Report abuse to listadmin@xxxxxxxxxxxxx
>>>>>> >
>>> ------------------------------------------------------ List Archives:
>>> //www.freelists.org/archives/isalist/ ISA Server Newsletter:
>>> http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and
>>> Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs:
>>> http://blogs.isaserver.org/
>>> ------------------------------------------------------ Visit TechGenix.com
>>> for more information about our other sites: http://www.techgenix.com
>>> ------------------------------------------------------ To unsubscribe visit
>>> http://www.isaserver.org/pages/isalist.asp Report abuse to
>>> listadmin@xxxxxxxxxxxxx
>>>
>>
>
Other related posts:
