[isalist] Re: Nothing is secure like PIX
- From: "Troy Radtke" <TRadtke@xxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Mon, 26 Jun 2006 10:41:49 -0500
http://www.ISAserver.org
-------------------------------------------------------
Layered security has the trade off of complexity to (being correctly
configured) increased security in most cases. It requires more
planning, testing and diligence. Those three things alone can make a
less than perfect solution much better than it is. A PIX has it's
place, a ISA box has it's place, and even a little D-Link router has its
place.
When all you have is a hammer, everything looks like a nail. When you
get a pneumatic hammer, everything is still a nail; it's just more fun
to use.....
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Egyptian Mind
Sent: Monday, June 26, 2006 10:28 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Nothing is secure like PIX
http://www.ISAserver.org
-------------------------------------------------------
Thanks for your suggestion , Steve
It's realy appreciated, but would you take a look to this results after
rearranging them by last modified,
http://search.securityfocus.com/swsearch?query=ISA+vulnerability&sbm=%2F
&submit=Search%21&metaname=alldoc&sort=swishlastmodified
and, this special link, is written by researcher called Steve too :)
http://www.securityfocus.com/archive/1/433075
and if we search more, we will find more; about both, ISA or PIX or even
watchgurad,
as there is no full protected firewall; hardware or software, but we are
just doing our best to protect our network from vulnerability by
increasing the numbers of cascading gates, with different classes,
but you know what ; I made something to my network....
My external router has no real IP...
it's just a local loop to the ISP , so that , I put the ISP security
door as the front one,
Increasing cascading different gates ,
What do you think about it?
Best Regards
Mohamed Saleh
Senior Network Administrator
College of Business Administration, CBA
Jeddah, Saudi Arabia
Tel: +966-02-6563199 ext 2521
Cell: - +966-50-2953591
!~` Yesterday is a History` ~!
!~` Tomorrow is a Mystery` ~!
!~` Today is a Gift` ~!
!~` So we call it ...............` ~!
!~` Present .......Simple` ~!
________________________________
From: "Steve Lunn" <Steve.Lunn@xxxxxxxxxxxxxxxx>
Reply-To: isalist@xxxxxxxxxxxxx
To: <isalist@xxxxxxxxxxxxx>
Subject: [isalist] Re: Nothing is secure like PIX
Date: Mon, 26 Jun 2006 14:42:28 +0100
Can I suggest that you actually read that list of
vulnerabilities that you just posted as they all relate to ISA 2000 and
not ISA 2004.
Regards,
Steve
Steve Lunn
Technical Support Analyst - Microsoft MCP
engage Mutual Assurance
DDI: 01423 855101 Fax: 01423 855181
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Egyptian Mind
Sent: 26 June 2006 13:40
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Nothing is secure like PIX
All right, Jim
I didn't expect this bad atitude from someone supposed to be
well educated and has a good technical knowledge as you have shown your
self,
and by the way, no body is perfect , I f you see that you know
everything, it's a bug mistake..
Knowing how the OS operating, and dealing with packets, throw
RAM and processor,.. etc. will be easy if you r spend your life in this
field, and your education is corosponding this issue.. ( Computing,
processing and telecommunications), won't be ??
And every one know that PIX is layer 4 device not like ISA Layer
7,
so Greg,,,,, what I was saying is that PIX is more secure than
ISA till layer 4 processing..
In addition, I said in my first mail that I'm using the two
boxes ( PIX and ISA ) for dublication the security, and using ISA
specially for controling application per user ( as also I said b4)
and two doors are very good defender than one door only
ofcourse,
***
about the site u send Jim, I think you should select a site that
revile PIX and give the glory to ISA , as I found the following link in
this site too, saying 47 result about vulnerability in ISA
http://search.securityfocus.com/swsearch?sbm=%2F&metaname=alldoc&query=I
SA+vulnerability
<http://search.securityfocus.com/swsearch?sbm=/&metaname=alldoc&query=IS
A+vulnerability>
Finaly, I will close this issue from my side as I'm feel very
sorry to this bad attitude reaction as the concept of this list is to
discuss everyone issue and thoughts with eachother...., isn't it??
Best Regards
Mohamed Saleh
Senior Network Administrator
College of Business Administration, CBA
Jeddah, Saudi Arabia
Tel: +966-02-6563199 ext 2521
Cell: - +966-50-2953591
!~` Yesterday is a History` ~!
!~` Tomorrow is a Mystery` ~!
!~` Today is a Gift` ~!
!~` So we call it ...............` ~!
!~` Present .......Simple` ~!
________________________________
From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
Reply-To: isalist@xxxxxxxxxxxxx
To: <isalist@xxxxxxxxxxxxx>
Subject: [isalist] Re: Nothing is secure like PIX
Date: Sun, 25 Jun 2006 09:35:29 -0700
>In response:
>#1 - "PIX is more secure than ISA because it's a
'hardware' firewall". This is pure, unadulterated BS, propagated by the
same 1d10t's that ignore the *FACT* that PIX is nothing more than a
custom OS (xNIX, usually). In fact, I've only heard of *one* "hardware"
firewall; that it is strictly a L3-only box (much like your PIX)
>
>#2 - Speed & security are orthogonal. Security is
demonstrated by resilience in teh face of unwanted traffic; speed is
merely doing it faster.
>
>#3 - You need to read up on how any OS (specifically
Windows) network functionality works. If you *ever* find packets being
stored to disk before being processed, throw that device out the door
>
>#4 - I posted this for Tony Su; maybe you'll get more
use ot of it:
http://technet2.microsoft.com/WindowsServer/en/Library/823ca085-8b46-487
0-a83e-8032637a87c81033.mspx After you've read up a bit, come back and
rescind this argument
>
>#5 - this means nothing of the sort; if you can
demonstrate this assertion with fact, then by all means do so. You
should also go read up on how processes communicate in Windows.
>
>#6 - Let's see; if I stop the PIX firewall services,
the machine is also open to attack <duh>.
>
>#7 - no machine of any sort has "unlimited"
capabilities. If you really believe that this is possible, you must not
occupy the same physical world as the rest of us.
>
>#8 - Based on this argument, ISA is also a "hardware"
firewall as *all* traffic inspection (not just L3 as in PIX) is
performed in RAM. Not one single packet ever leaves the motherboard
except to enter or leave the network itself.
>
>#9 - The "adaptive security mechanism" is L3-only. ISA
policy engine and packet filter driver operate all the way to L7. Thus,
when the PIX is allowing RPC traffic to teh internal host "because it
asked for it", ISA is blocking it as invalid traffic. Case in point;
Blaster passed through every PIX on the planet; ISA blocked it in every
single case.
>
>#10 - is unclear at best. What's your point other than
to show how you can spew brand names?
>
>#11 - I noticed that you can research ISA issues, but
you seem unable to find PIX vulns? I wonder how that can be? Go out to
www.securityfocus.com and search under "Cisco" for "PIX Firewall". I
see:
>Multiple Cisco Products WebSense Content Filtering
Bypass Vulnerability <http://www.securityfocus.com/bid/17883>
>2006-05-09
>http://www.securityfocus.com/bid/17883
>
>OpenSSL Denial of Service Vulnerabilities
<http://www.securityfocus.com/bid/9899>
>2006-05-05
>http://www.securityfocus.com/bid/9899
>
>Multiple Vendor TCP/IP Implementation ICMP Remote
Denial Of Service Vulnerabilities
<http://www.securityfocus.com/bid/13124>
>2006-03-22
>http://www.securityfocus.com/bid/13124
>
>Cisco PIX TCP SYN Packet Denial Of Service
Vulnerability <http://www.securityfocus.com/bid/15525>
>2006-03-10
>http://www.securityfocus.com/bid/15525
>
>Cisco Downloadable RADIUS Policies Information
Disclosure Vulnerability <http://www.securityfocus.com/bid/16025>
>2005-12-21
>http://www.securityfocus.com/bid/16025
>
>Cisco IPSec Unspecified IKE Traffic Denial Of Service
Vulnerabilities <http://www.securityfocus.com/bid/15401>
>2005-11-14
>http://www.securityfocus.com/bid/15401
>
>Multiple Vendor TCP Sequence Number Approximation
Vulnerability <http://www.securityfocus.com/bid/10183>
>2004-04-20
>http://www.securityfocus.com/bid/10183
>
>Multiple Cisco PIX Remote Denial Of Service
Vulnerabilities <http://www.securityfocus.com/bid/9221>
>2003-12-15
>http://www.securityfocus.com/bid/9221
>
>OpenSSL ASN.1 Large Recursion Remote Denial Of Service
Vulnerability <http://www.securityfocus.com/bid/8970>
>2003-11-04
>http://www.securityfocus.com/bid/8970
>
>Cisco PIX ICMP Echo Request Network Address Translation
Pool Exhaustion Vulnerability <http://www.securityfocus.com/bid/8754>
>2003-10-03
>http://www.securityfocus.com/bid/8754
>
>Multiple Vendor Session Initiation Protocol
Vulnerabilities <http://www.securityfocus.com/bid/6904>
>2003-02-21
>http://www.securityfocus.com/bid/6904
>
>Multiple Vendor SSH2 Implementation Buffer Overflow
Vulnerabilities <http://www.securityfocus.com/bid/6407>
>2002-12-16
>http://www.securityfocus.com/bid/6407
>
>Cisco PIX VPN Session Hijacking Vulnerability
<http://www.securityfocus.com/bid/6211>
>2002-11-20
>http://www.securityfocus.com/bid/6211
>
>Cisco PIX TACACS+/RADIUS HTTP Proxy Buffer Overrun
Vulnerability <http://www.securityfocus.com/bid/6212>
>2002-11-20
>http://www.securityfocus.com/bid/6212
>
>Cisco PIX Firewall Telnet/SSH Subnet Handling Denial Of
Service Vulnerability <http://www.securityfocus.com/bid/6110>
>2002-11-05
>http://www.securityfocus.com/bid/6110
>
>Cisco SSH Denial of Service Vulnerability
<http://www.securityfocus.com/bid/5114>
>2002-06-27
>http://www.securityfocus.com/bid/5114
>
>Cisco Malformed SNMP Message Denial of Service
Vulnerabilities <http://www.securityfocus.com/bid/4132>
>2002-02-12
>http://www.securityfocus.com/bid/4132
>
>Cisco PIX Firewall SMTP Content Filtering Evasion
Vulnerability Re-Introduction <http://www.securityfocus.com/bid/3365>
>2001-09-26
>http://www.securityfocus.com/bid/3365
>
>Cisco PIX TACACS+ Denial of Service Vulnerability
<http://www.securityfocus.com/bid/2551>
>2001-04-06
>http://www.securityfocus.com/bid/2551
>
>SSH CRC-32 Compensation Attack Detector Vulnerability
<http://www.securityfocus.com/bid/2347>
>2001-02-08
>http://www.securityfocus.com/bid/2347
>
>PKCS #1 Version 1.5 Session Key Retrieval Vulnerability
<http://www.securityfocus.com/bid/2344>
>2001-02-06
>http://www.securityfocus.com/bid/2344
>
>Cisco PIX PASV Mode FTP Internal Address Disclosure
Vulnerability <http://www.securityfocus.com/bid/1877>
>2000-10-03
>http://www.securityfocus.com/bid/1877
>
>Cisco PIX Firewall SMTP Content Filtering Evasion
Vulnerability <http://www.securityfocus.com/bid/1698>
>2000-09-19
>http://www.securityfocus.com/bid/1698
>
>Cisco Secure PIX Firewall Forged TCP RST Vulnerability
<http://www.securityfocus.com/bid/1454>
>2000-07-10
>http://www.securityfocus.com/bid/1454
>
>Multiple Firewall Vendor FTP "ALG" Client Vulnerability
<http://www.securityfocus.com/bid/1045>
>2000-03-10
>http://www.securityfocus.com/bid/1045
>
>Multiple Firewall Vendor FTP Server Vulnerability
<http://www.securityfocus.com/bid/979>
>2000-02-09
>http://www.securityfocus.com/bid/979
>
>Cisco PIX Firewall Manager File Exposure
<http://www.securityfocus.com/bid/691>
>1998-08-31
>http://www.securityfocus.com/bid/691
>
>Cisco PIX and CBAC Fragmentation Attack
<http://www.securityfocus.com/bid/690>
>1998-08-18
>http://www.securityfocus.com/bid/690
>
>Well, waddayano; seems like PIX takes this particular
prize.
>
>#12 - this is nothing more than another indication of
your vast Windows / ISA ignorance
>
>Please go educate yourself before making such claims,
or at least ask Tony Su for advice.
>
>________________________________
>
>From: isalist-bounce@xxxxxxxxxxxxx on behalf of
Egyptian Mind
>Sent: Sun 6/25/2006 2:32 AM
>To: isalist@xxxxxxxxxxxxx
>Subject: [isalist] Re: Nothing is secure like PIX
>
>
>http://www.ISAserver.org
-------------------------------------------------------
>
>Dears,
>
>
>
>I'm sorry for not continuing mailing about this issue,
but I was quit busy in upgrading in our network infrastructure, but I
should tell you that I was really surprised by the 160 mails they were
in my inbox about this issue..
>
>It means that this matter has gained a lot of
attentions to most of members here in ISA List... I've really get amused
by these mails which come from different members with different cultures
and experiences about using hardware or software as a firewall boundary,
although that some of you have taking this issue as some kind of joke,
or to get amused by mocking ... :-):-):-)
>
>Anyway, I've really get amused by your mail, TOM, It
was really funny and your way of talking and mocking the Idea is very
interesting... Honestly, I laughed for 15 minutes ; none-stop when I was
reading your blog :-):-):-):-):-) (( It does not mean ridiculing of you,
but it means that your way of present your Idea is really interesting
:-) :-):-)
>
>But let's start examine this issue in neutrality way...
"and let me borrow your link for ' ISA Server 2006 Firewall Core' which
u have send as you ask" :-)
>
>
>
>First: I didn't say that PIX is the most secure
firewall in the world, and ' Supernova; The greatest hacker' can grantee
this, I just said that PIX is more secure than ISA server, which is our
issue here...( I mean that PIX as a Hardware firewall, is more secure
than ISA as a software firewall)
>
>Second: you say that " Faster is not the better" and
you repeated it in a very interesting way, but I think you should look
at " ISA Server Firewall Core " in this paragraph:::::
>
>"""" Firewall Engine ( Firewall Packet Engine)
>
>Handling these operations in Kernal Mode, improves both
performance and security. """""
>
>This means that Microsoft tends to increase the
performance of firewall service and security service in ISA to make it
faster as possible :-).
>
>Third: ISA 2006 firewall core depends on Network Driver
Interface Specification ( NDIS) and Microsoft Networking Stack, that
means that packet should pass the network interface, the processor, RAM,
harddisk, till it reach the network driver in windows ( Kernal Layer)
which located over the hardware layer and assembly layer, in the other
hand, the packet is analyzed, interpreted and processed in hardware
layer in any hardware firewall.
>
>Fourth: The TCP/IP Stack in firewall core in Kernal
mode is controlled by windows , which refers to the previous point of
even the firewall engine is analyzing the packet in layer 3 and 4 before
beginning processing, it will of course reach layer 5 of windows which
send it to the firewall engine in kernel mode.... (( Does it make
sense??? )) or it's better to analyze the packet as soon as it reaches
the network interface card, Isn't it??
>
>Fifth: In the purposed document
>
>" Policy Engine
>
>The policy engine communicates with all components of
the ISA server firewall core, both with the Kernal-mode firewall engine
and the user-mode firewall service, in addition the Policy Engine
communicates with both layers of application and web filters""
>
>This means that there are a lot of channels opened
between Firewall core and other applications running in ISA, which means
" open ports", even this ports are opened in Kernal-mode, but it's still
opened port :-)
>
>Sixth: These are some comments gathering from viewing
just the first three papers of Microsoft Document, and I will not
telling the comments getting from the rest of this document, or the mail
will be too long :-) to read, but just I'd like to present this comment
written in the document as my last word about this document;
>
>" Note The firewall engine driver is the root of the
firewall dependency tree. Stopping the firewall engine driver ( by using
net stop fweng /y at the command prompt) also stops the other Firewall
components, which opens the computer to all network traffic """
>
>Open to all network traffic !!!!!!!!!!!!!!!!!!!!!, it
means fully penetrated... how could it be that one command can penetrate
my network to all attacks?????? ... it does not make sense at all, Does
it??
>
>Seventh: you compares the ISA server 2006 ( which is
last release) with PIX firewall, which is in market over than 20 years,
and you didn't specify which version,, Microsoft has ISA 2000, 2004,
2006... But CISCO has 501,501E,506E,515,525, and the greatest PIX 535,
which has unlimited number of users ad unlimited numbers of concurrent
VPN Connections ....
>
>Eighth : The OS of PIX is too small which can be loaded
in RAM and some portion of processor, It doesn't mean just that it will
be faster and faster than any software firewall, but I mean that the
packet inspector process will be done at the hardware level, and in fact
it happens in the assembly level... More than that, every interface in
PIX has it's own firewall policy, firewall engine, access control,,,
although you manage all interfaces by one screen, but in fact this
screen is collecting policies and access controls and firewall services
for all interfaces,,, as the OS of PIX divide itself to make each
interface has it's own control, so no need to contact with the core OS
or the kernel for any operations....
>
>Ninth: The adaptive security algorithm, included in
PIX, will never allow an incoming traffic to go inside, except if there
is a request for this traffic from inside, and it should match a random
signature it has been given to the requested traffic, or if u make a
policy on the outside interface to allow this traffic to come in, and is
called ADAPTIVE , it means that it will strengthen it self upon the
signature of the attack or the requested traffic and how it will be
filtered to insure that this " man in the middle" will not gain access
though the incoming traffic.
>
>Tenth: I was talking here about PIX 535 which support
all clustering features, as well as redundancy, as the corresponding
issue is between ISA and PIX, as a hardware and software firewall, but
If we go to market, we will find Watch Guard, Cyber Guard, Alphafilter,
CyberCom, D-Link,.....etc as well as we will see Symantec , Mcafee,
....etc,,, and for linux there are a lot of firewall software like
Netfilter
>
>Eleventh: you talked about ISA 2006, and you give me a
document coming from Microsoft itself, so what will mama said about her
child???????
>
>So if you want this, you can take a look of the
following links ::
>
> PIX 535
>
>http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_she
et09186a008007d05d.html
>
>http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_she
et09186a00801daa53.html
>
>ASA 5500
>
>http://www.cisco.com/en/US/products/ps6120/products_data_sheet0900aecd8
02930c5.html
>
>http://www.cisco.com/en/US/products/ps6120/products_data_sheet0900aecd8
0404916.html
>
>Note that ASA 5500 has been developed in order to
satisfy market need of application filtering and Active Directory
Integrated..
>
>But if we go to neutralized sites, we will find that
most of them are preferred PIX than ISA as a front door
>
>and I will not go far away,
>
>This link is in ISASERVER.org itself with your
handwriting about ISA 2000, which shown some issue
>
>http://www.isaserver.org/articles/Microsoft_Confirms_DoS_Vulnerability_
in_ISA_Server_2000.html
>
>right?
>
>And also :
>
>http://forums.isaserver.org/m_240057200/mpage_1/key_/tm.htm#240057210
>
>and please see this
>
>http://www.critical-error.com/Article724.phtml
>
>http://www.techspot.com/vb/archive/index/t-10247.html
>
>http://www.checkpoint.com/defense/advisories/public/2006/printer/cpai_p
rint-03-Jun.html
>
>http://www.networksecurityarchive.org/html/NTBugtraq/2004-11/msg00009.h
tml
>
>
>
> Which means that you should be standby for any
articles and newsgroup to find out if there any discover Vulnerability,
and not just using windows update"
>
>Twelfth: There is a fact that any GUI operating system
should open ports to hardware to operate well, and this is refer to fact
that the first 1024 ports in windows you can't change or reconfigure,
and the other act that the most secure operating system till now is UNIX
, as it is a command prompt operating system and have never been hacked
except when it become LINUX, with a GUI.
>
>And even if it has been hacked, it records the least
amount of hacking processes than windows ofcourse.
>
>Finally : No Doubt that Microsoft is the greatest
marketing company in the world, as it depends on user need, and nothing
is more important to user more than the fancy of GUI , Graphical User
Interface,
>
>I think most of you agree with me that this concept ; I
mean GUI, is the main reason for Bill Jates treasure which made up his
riches, isn't it???
>
>Now, can you tell me
>
>- Why the great companies and the effective and
sensitive corporations ( Like BMW, Aramco, Nokia ) prefer to put a
hardware firewall instead of ISA server?? ( This is a fact, I see it
myself )
>
>
>
>- Why most of multinational banks ( Like CIB, HSBC )
put more than three cascading hardware firewalls as it's front door to
internet??? ( This is a fact, I see it myself)
>
>
>
>- Why Microsoft itself didn't use any of it's products,
in it's server farms, instead they using UNIX for mail server as an
example??? ( you can check it your self by reading the arguments shown
to you in the address bar of internet explorer when you open your
hotmail inbox, and ask a good web programmer about it )
>
>
>
>- Why you don't recommend ISA server for DAN as the
cheapest way for a firewall system, as he can install it on a high
hardware qualified workstation, not should be a server, if you think
that ISA server can manage?????
>
>
>
>
> Best Regards
> Mohamed Saleh
>
> Senior Network Administrator
> College of Business Administration, CBA
> Jeddah, Saudi Arabia
> Tel: +966-02-6563199 ext 2521
> Cell: - +966-50-2953591
>
>
>!~` Yesterday is a History` ~!
>!~` Tomorrow is a Mystery` ~!
>!~` Today is a Gift` ~!
>!~` So we call it ...............` ~!
>!~` Present .......Simple` ~!
>
>
>
>
>________________________________
>
> From: "D PIETRUSZKA USWRN INTERLINK INFRA"
<DPietruszka@xxxxxx>
> Reply-To: isalist@xxxxxxxxxxxxx
> To: <isalist@xxxxxxxxxxxxx>
> Subject: [isalist] Re: Nothing is secure like PIX
> Date: Thu, 22 Jun 2006 07:16:07 -0400
> >http://www.ISAserver.org
>
>-------------------------------------------------------
> >
> >Probably you need to move your test to a more
realistic and complex
> >scenario.
> >
> >Regards
> >Diego R. Pietruszka
> >
> >
> >-----Original Message-----
> >From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx]
> >On Behalf Of Thomas W Shinder
> >Sent: Wednesday, June 21, 2006 6:28 PM
> >To: isalist@xxxxxxxxxxxxx
> >Subject: [isalist] Re: Nothing is secure like PIX
> >
> >http://www.ISAserver.org
>
>-------------------------------------------------------
> >
> >In my tests, I found them to be the same.
> >
> >I have one box running ISA 2000 that hasn't been
upgraded or service
> >packed for over two years, and it's been running
without stop for that
> >period of time. This is on a white box install.
> >
> >There really isn't any difference in stability from
my perspective. If
> >you don't treat it like a workstation, don't install
non-ISA firewall
> >related services on it, it will run as long as any
PIX. And the good
> >thing is, it updates itself. Unlike the PIX, which
does need to be
> >updated like any other device, it doesn't do it
itself and most
> >"hardware" firewall admins just ignore it. Not very
smart or secure, but
> >I see that all the time in the field. After all, it's
hardware, it must
> >be secure [sic].
> >
> >NOT.
> >
> >Tom
> >
> >Thomas W Shinder, M.D.
> >Site: www.isaserver.org
> >Blog: http://blogs.isaserver.org/shinder/
> >Book: http://tinyurl.com/3xqb7
> >MVP -- ISA Firewalls
> >
> >
> >
> > > -----Original Message-----
> > > From: isalist-bounce@xxxxxxxxxxxxx
> > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of
D
> > > PIETRUSZKA USWRN INTERLINK INFRA
> > > Sent: Wednesday, June 21, 2006 2:02 PM
> > > To: isalist@xxxxxxxxxxxxx
> > > Subject: [isalist] Re: Nothing is secure like PIX
> > >
> > > http://www.ISAserver.org
> > >
-------------------------------------------------------
> > >
> > > Do you know the difference between stability (what
I mentioned on my
> > > email) and vulnerability?
> > >
> > > Regards
> > > Diego R. Pietruszka
> > >
> > >
> > > -----Original Message-----
> > > From: isalist-bounce@xxxxxxxxxxxxx
> > > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > > On Behalf Of Jim Harrison
> > > Sent: Wednesday, June 21, 2006 1:51 PM
> > > To: isalist@xxxxxxxxxxxxx
> > > Subject: [isalist] Re: Nothing is secure like PIX
> > >
> > > http://www.ISAserver.org
> > >
-------------------------------------------------------
> > >
> > > This is a completely specious argument, with
absolutely no basis in
> > > historical fact.
> > > When you can demonstrate that a
properly-configured ISA server has
> > > *EVER* been compromised due to a Windows
vulnerability, this
> > > claim *may*
> > > warrant consideration.
> > >
> > > Until then, it's nothing more or less than simple
punditious
> > > regurgitation.
> > >
> > >
-------------------------------------------------------
> > > Jim Harrison
> > > MCP(NT4, W2K), A+, Network+, PCG
> > > http://isaserver.org/Jim_Harrison/
> > > http://isatools.org
> > > Read the help / books / articles!
> > >
-------------------------------------------------------
> > >
> > >
> > > -----Original Message-----
> > > From: isalist-bounce@xxxxxxxxxxxxx
> > > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > > On Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA
> > > Sent: Wednesday, June 21, 2006 08:53
> > > To: isalist@xxxxxxxxxxxxx
> > > Subject: [isalist] Re: Nothing is secure like PIX
> > >
> > > I completely agree that ISA is far more secure
than PIX, the
> > > only part I
> > > would concede to PIX (and that is why is still on
the market) is the
> > > stability and that is because don't run on windows
as ISA do.
> > >
> > >
> > >
> > > Regards
> > >
> > > Diego R. Pietruszka
> > >
> > >
> > >
> > > ________________________________
> > >
> > > From: isalist-bounce@xxxxxxxxxxxxx
> > > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > > On Behalf Of Thomas W Shinder
> > > Sent: Wednesday, June 21, 2006 11:05 AM
> > > To: isalist@xxxxxxxxxxxxx
> > > Cc: isapros-repost@xxxxxxxxxxxxx
> > > Subject: [isalist] Re: Nothing is secure like PIX
> > >
> > >
> > >
> > > Hi EM,
> > >
> > >
> > >
> > > You are right. PIX is not very secure. It's a
router with
> > > some advanced
> > > ACLs and does neat routing tricks. But when it
comes to
> > > security, you're
> > > very very wrong that it's more secure. Hardware
doesn't fall from
> > > heaven, and all "hardware" is controlled by
software, and
> > > Syphco's core
> > > compentancy is not application protection -- it's
routing and
> > > switching.
> > >
> > >
> > >
> > >
> > > I agree that there is no comparison between PIX
and ISA -- only a fool
> > > would be convinced that they get any real security
from a PIX, becuase
> > > they never took the time to learn about network
security and what the
> > > end game was. Check Point? That's another story.
Like the ISA
> > > firewall,
> > > Check Point is a so-called "software firewall"
(something to pothead
> > > "hardware" firewall guys often forget). Check
Point is better than ISA
> > > and you pay a LOT for that. However, a PIX is a
joke and I think the
> > > more thoughtful firewall admins out there realize
they've
> > > been hyMOtized
> > > by the Syphco sales reps.
> > >
> > >
> > >
> > > PIX is a puppy dog, a little terrier, a laptop or
a pretty little
> > > Persian kitty cat -- the ISA firewall is the
brobdingnagian that
> > > provides your real security. The PIX is an
emotional blanket,
> > > a network
> > > Prozac, an expensive and illusory work for
security fiction.
> > > The PIX is
> > > the emperor with no clothes and is front of my
hacked Web sites and
> > > networks than any other firewall.
> > >
> > >
> > >
> > > You mention that the PIX software is "advanced" --
I'll give you the
> > > opposite perspective and proffer that it's a
trisomy 13 baby
> > > compared to
> > > the robust and healthy child that is the ISA
firewall. No one has ever
> > > broken into an ISA firewall and I consider the ISA
firewall
> > > mandatory. A
> > > PIX is nothing more than a historical
superstition, a carry over from
> > > the dawn days of the Internet. I never never never
never never never
> > > NEVER recommend putting a PIX in front or behind
or anywhere near the
> > > ISA firewall (a Check Point? Sometimes that's
useful for defense in
> > > depth -- Check Point, unlike PIX, is a real
network security
> > > solution).
> > >
> > >
> > >
> > > The PIX with worthless and weak. Who is it? What
is it? What does it
> > > plan to do with it's life? (name that tune!) On
the other
> > > hand, the ISA
> > > firewall is built by people who understand
software, understand
> > > security, and is much more than a stupid router
with a
> > > "firewall" decal
> > > slapped on its bezel.
> > >
> > >
> > >
> > > The ISA firewall's VPN server is MUCH MORE SECURE
than the simple PIX
> > > VPN. I've always wondered about the IQ of folks
who have thought
> > > otherwise. It's probably not an intelligence
issue, but just an
> > > ignorance issue, since they probably don't
understand the
> > > weaknesses of
> > > the PIX VPN solution or the strengths of the ISA
firewall's VPN
> > > solutions -- but that's par for the course for
folks who've been
> > > hypmotized by the Syphco sales reps, and have had
the implanted
> > > suggestions reinforced by the ABMer idiot echo
chamber.
> > >
> > >
> > >
> > > Faster is not more secure.
> > >
> > > Repeat
> > >
> > > Faster is NOT more secure
> > >
> > > Repeat
> > >
> > > Faster is NOT more secure
> > >
> > > Repeat
> > >
> > > Faster is NOT NOT NOT more secure
> > >
> > >
> > >
> > > Hardware is NOT more secure
> > >
> > > Repeat
> > >
> > > Hardware is NOT more secure
> > >
> > > Repeat
> > >
> > > Hardware is NOT more secure
> > >
> > > Repeat
> > >
> > > Hardware is NOT more secure
> > >
> > > Repeat
> > >
> > > Hardware is NOT more secure
> > >
> > > Repeat
> > >
> > > Hardware is NOT more secure
> > >
> > > Repeat
> > >
> > > Hardware is NOT more secure
> > >
> > > Repeat
> > >
> > >
> > >
> > > Remember, PIX has many security vulnerabilies that
you can
> > > check out at
> > > Secunia. Strangely enough, the ISA firewall has
NONE. And
> > > don't feed me
> > > that tired old drivel about "but it runs on
Windows". If you
> > > can show me
> > > how this is an issue after reading this
> > >
http://www.microsoft.com/isaserver/2006/prodinfo/Firewall_Corewp.mspx
> > > (which you won't do if you depend on your Syphco
sales rep for tech
> > > info).
> > >
> > >
> > >
> > > Finally, be careful about throwing Syphco PIX FUD
around here. I've
> > > worked with the worthless PIX for a long time and
studied it
> > > in depth. I
> > > know it's cr*p on a cracker and it survives
because it's been
> > > grandfathered into the business. We're all now
suffering badly because
> > > the "network guys" who are clueless lusers when it
comes to understand
> > > application security, have hijacked network
security and companies get
> > > hacked far more often than they should because
these dolts are "port
> > > openers" and "port closers". The current situation
has the clowns
> > > running the circus.
> > >
> > >
> > >
> > > In conclusion, there are several neuroleptic
medications I
> > > can recommend
> > > to anyone who seriously believes the worthless PIX
is more secure than
> > > an ISA firewall.
> > >
> > >
> > >
> > > IMNHO,
> > >
> > > Tom
> > >
> > >
> > >
> > > P.S. You're welcome to borrow any of the creative
phases I've included
> > > in this email. I only ask that you give the props
:)
> > >
> > > Thomas W Shinder, M.D.
> > > Site: www.isaserver.org
<http://www.isaserver.org/>
> > > Blog: http://blogs.isaserver.org/shinder/
> > > Book: http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > >
> > >
> > >
> > >
> > >
> > >
> > > ________________________________
> > >
> > >
> > > From: isalist-bounce@xxxxxxxxxxxxx
> > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of
Egyptian Mind
> > > Sent: Wednesday, June 21, 2006 9:01 AM
> > > To: isalist@xxxxxxxxxxxxx
> > > Subject: [isalist] Nothing is secure like PIX
> > >
> > > http://www.ISAserver.org
> > >
-------------------------------------------------------
> > >
> > >
> > >
> > > Dears,
> > >
> > > No doubt that ISA 2000 or 2004 or even 2006, have
increased the
> > > possibility of controling user access,,, by
allowing or denying the
> > > browsing or a tiny issue like downloding gif and
not
> > > downloading jpg as
> > > an example..
> > >
> > > This shows how much we can control user action,,,
> > >
> > > Moreover, features like firewall services,
securing VPN
> > > connection, Nating, Publishing web sites, etc....
are very helpfull
> > > features to make or Network Control is much
easier...
> > >
> > > But Nothing is secure like PIX...
> > >
> > > I don't mean that PIX is more secure than ISA, or
more capable
> > > of handling requests... I'm talking about features
and design and even
> > > the hardware specification.... There is no
comparison between ISA and
> > > PIX
> > >
> > > I'm here, in my network ; using two failover PIX
and two
> > > clustering ISA servers as well.. every device has
it's
> > > responsiblities...
> > >
> > > ISA is responisble for handling he request from
users and
> > > filtering it depends on customized rules, and the
great thing that ISA
> > > server is a domain member, so I can customized the
rules directly to
> > > specific user ,,,
> > >
> > > PIX is my Huge Body Guard which stand infront of
my Out Door, to
> > > filter any request come in or out my door... YEs
..( in or out ) not
> > > just in .... and it is built on a very advanced
built-in
> > > program in the
> > > hardware it self, it is the adaptive security
algorithm,
> > > which has alot
> > > of tools to scan the coming packet,... like if we
said , the
> > > ultravoilet, infarraed, and eye scanner and
everything...
> > >
> > > It's a very adaptive algorithm and it's very hard
to
> > > penetrate,,, note that this alogorithm is working
on every packet goes
> > > or come , also depend on your own cutomized rule
you make on PIX,,,
> > >
> > > and instead that the windows how operates, the
adaptive security
> > > algorithm are running using the same processing
speed of it's
> > > processor,
> > > as it is already loaded in the PIX processor and
rams..
> > >
> > > How faster do you think it will be !!!!!!?????
> > >
> > > it also has a complete secure process for VPN
connection and
> > > PATING, NATING , ... etc
> > >
> > > But PIX is not function as layer 7 appliance, so
we use ISA for
> > > this purpose,,, to control the Application layer
and presentation
> > > layer... nothing more, nothing less,, and also
because PIX is not
> > > integrating with Active Directory..
> > >
> > > Finally, PIX is mandatory for security, and ISA is
mandatory for
> > > controling... but if we talked about the ability
to be hacked
> > > , I think
> > > you will agree with me that hacking a program
runing on
> > > Windows platform
> > > is much easier from penetrating program runing on
security dedicated
> > > appliance........ (( you can ask Bill Jates about
it ))
> > >
> > >
> > >
> > >
> > >
> > > Best Regards
> > >
> > > Mohamed Saleh
> > >
> > >
> > > Senior Network Administrator
> > > College of Business Administration, CBA
> > > Jeddah, Saudi Arabia
> > > Tel: +966-02-6563199 ext 2521
> > > Cell: - +966-50-2953591
> > >
> > >
> > >
> > >
> > > !~` Yesterday is a History` ~!
> > >
> > > !~` Tomorrow is a Mystery` ~!
> > >
> > > !~` Today is a Gift` ~!
> > >
> > > !~` So we call it ...............` ~!
> > >
> > > !~` Present .......Simple` ~!
> > >
> > >
> > >
> > >
> > >
> > >
> > > ________________________________
> > >
> > >
> > > From: "Shane Mullins" <tsmullins@xxxxxxxxxxxxxx>
> > > Reply-To: isalist@xxxxxxxxxxxxx
> > > To: <isalist@xxxxxxxxxxxxx>
> > > Subject: [isalist] Re: Hardware.... (cringe)
...firewall
> > > ?
> > > Date: Tue, 20 Jun 2006 13:12:08 -0400
> > > >http://www.ISAserver.org
> > >
>-------------------------------------------------------
> > > > Good Deal,
> > > >
> > > > We have used ISA since Proxy 2.0. I really liked
the
> > > upgrade
> > > >from 2.0 to ISA 2000. But, I really really like
ISA
> > > 2004. Some of
> > > >the new features are great, esp in the VPN areas,
> > > stateful packet
> > > >inspection. Also, I like the way ISA integrates
into
> > > AD, this is
> > > >huge if you are a Windows shop. Also, there are
some
> > > third party
> > > >snap ins that are very helpful.
> > > >
> > > >Shane
> > > >
> > > >PS I also really enjoyed reading your ISA 2004
book.
> > > >
> > > >
> > > >
> > > >----- Original Message ----- From: "Thomas W
Shinder"
> > > ><tshinder@xxxxxxxxxxx>
> > > >To: <isalist@xxxxxxxxxxxxx>
> > > >Sent: Tuesday, June 20, 2006 10:33 AM
> > > >Subject: [isalist] Re: Hardware.... (cringe)
> > > ...firewall ?
> > > >
> > > >
> > > >http://www.ISAserver.org
> > >
>-------------------------------------------------------
> > > >
> > > >Hi Shane,
> > > >
> > > >No problems, that's how I took it! :)
> > > >
> > > >The PIX tax reminds of when in the middle ages
you
> > > could pay the
> > > >church
> > > >to absolve you of your sins. The situation here
is that
> > > they're
> > > >paying
> > > >Cisco for their sin of slothfullness. Slothful in
that
> > > they haven't
> > > >spent the time and effort to understand real
network
> > > security and
> > > >blindly pay a router and switch company big money
to
> > > protect
> > > >comporate
> > > >data (does anyone see the paradox in this?)
> > > >
> > > >Thanks!
> > > >Tom
> > > >
> > > >Thomas W Shinder, M.D.
> > > >Site: www.isaserver.org
> > > >Blog: http://blogs.isaserver.org/shinder/
> > > >Book: http://tinyurl.com/3xqb7
> > > >MVP -- ISA Firewalls
> > > >
> > > >
> > > >
> > > >>-----Original Message-----
> > > >>From: isalist-bounce@xxxxxxxxxxxxx
> > > >>[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf
Of
> > > Shane Mullins
> > > >>Sent: Tuesday, June 20, 2006 7:56 AM
> > > >>To: isalist@xxxxxxxxxxxxx
> > > >>Subject: [isalist] Re: Hardware.... (cringe)
> > > ...firewall ?
> > > >>
> > > >>http://www.ISAserver.org
> > >
> > >
>>-------------------------------------------------------
> > > >>
> > > >>Hey Thomas,
> > > >>
> > > >> I meant that to be a plug for ISA 2004. I think
ISA
> > > 2004
> > > >>is great. We
> > > >>have two ISA 2004 boxes that firewall and
provide
> > > internet
> > > >>access for 3,500
> > > >>machines. ISA 2004 has been rock solid for us.
ISA
> > > 2004
> > > >>provides advanced
> > > >>logging and caching functions that a "hardware"
> > > firewall
> > > >>cannot provide. I
> > > >>have nothing against unix, but ISA 2004 is
great.
> > > >> We could have paid 50k for a single pix to
provide
> > > >>firewall services.
> > > >>Then signed up for a 5k a year maintenance
agreement
> > > (so we could
> > > >>rcv
> > > >>updates). And all machines need updates, even
> > > "hardware"
> > > >>firewalls have an
> > > >>OS. And ISA still does so much more.
> > > >>
> > > >>Shane
> > > >>
> > > >>
> > > >>
> > > >>
> > > >>
> > > >> > On 6/19/06, Thomas W Shinder
<tshinder@xxxxxxxxxxx>
> > > wrote:
> > > >> >> http://www.ISAserver.org
> > > >> >>
> > >
-------------------------------------------------------
> > > >> >>
> > > >> >> Yes, it's that good. Go Daddy and the ISP
are
> > > clueless.
> > > >>Have you ever
> > > >> >> talked to your ISP's "tech guys" who make
these
> > > >>recommendations? Let's
> > > >> >> just say that the typical interaction leaves
you
> > > with the
> > > >>feeling that
> > > >> >> they're not on the top of the firewall and
> > > networking food
> > > >>chains :)
> > > >> >>
> > > >> >> Thomas W Shinder, M.D.
> > > >> >> Site: www.isaserver.org
> > > >> >> Blog: http://blogs.isaserver.org/shinder/
> > > >> >> Book: http://tinyurl.com/3xqb7
> > > >> >> MVP -- ISA Firewalls
> > > >> >>
> > > >> >>
> > > >> >>
> > > >> >> > -----Original Message-----
> > > >> >> > From: isalist-bounce@xxxxxxxxxxxxx
> > > >> >> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf
> > > Of Shane
> > > >>Mullins
> > > >> >> > Sent: Monday, June 19, 2006 1:10 PM
> > > >> >> > To: isalist@xxxxxxxxxxxxx
> > > >> >> > Subject: [isalist] Re: Hardware....
(cringe)
> > > ...firewall ?
> > > >> >> >
> > > >> >> > http://www.ISAserver.org
> > > >> >> >
> > >
-------------------------------------------------------
> > > >> >> >
> > > >> >> > ISA 2K4 is really good? There is an eval
> > > version. Maybe he
> > > >> >> > would let you
> > > >> >> > try that.
> > > >> >> >
> > > >> >> >
> > > >> >> > Shane
> > > >> >> >
> > > >> >> > ----- Original Message -----
> > > >> >> > From: "G.Waleed Kavalec"
<kavalec@xxxxxxxxx>
> > > >> >> > To: <isalist@xxxxxxxxxxxxx>
> > > >> >> > Sent: Monday, June 19, 2006 1:08 PM
> > > >> >> > Subject: [isalist] Hardware.... (cringe)
> > > ...firewall ?
> > > >> >> >
> > > >> >> >
> > > >> >> > > http://www.ISAserver.org
> > > >> >> > >
> > >
-------------------------------------------------------
> > > >> >> > > My boss has been talking to our ISP and
also
> > > to some folks
> > > >> >> > at GoDaddy.
> > > >> >> > >
> > > >> >> > > Both use - and recommend - hardware
firewall
> > > solutions.
> > > >> >> > >
> > > >> >> > > What do I tell him? He is poised to make
one
> > > of those
> > > >>classic PHB
> > > >> >> > > decisions.
> > > >> >> > >
> > > >> >> > > (currently on ISA 2K)
> > > >> >> > >
> > > >> >> > > --
> > > >> >> > >
> > > >> >> > > G. Waleed Kavalec
> > > >> >> > > -------------------------
> > > >> >> > > Why are we all in this handbasket
> > > >> >> > > and where is it going so fast?
> > > >> >> > >
> > >
------------------------------------------------------
> > > >> >> > > List Archives:
> > > //www.freelists.org/archives/isalist/
> > > >> >> > ISA Server
> > > >> >> > > Newsletter:
> > > http://www.isaserver.org/pages/newsletter.asp
> > > >> >> > ISA Server
> > > >> >> > > Articles and Tutorials:
> > > >> >> >
http://www.isaserver.org/articles_tutorials/ ISA
> > > >> >> > > Server Blogs:
> > > >> >> > > http://blogs.isaserver.org/
> > > >> >> >
> > >
------------------------------------------------------
> > > >> >> > > Visit TechGenix.com for more information
about
> > > our other
> > > >>sites:
> > > >> >> > > http://www.techgenix.com
> > > >> >> >
> > >
------------------------------------------------------
> > > >> >> > > To unsubscribe visit
> > > >> >> > http://www.isaserver.org/pages/isalist.asp
> > > Report
> > > >> >> > > abuse to listadmin@xxxxxxxxxxxxx
> > > >> >> > >
> > > >> >> >
> > > >> >> >
> > >
------------------------------------------------------
> > > >> >> > List Archives:
> > > //www.freelists.org/archives/isalist/
> > > >> >> > ISA Server Newsletter:
> > > >>http://www.isaserver.org/pages/newsletter.asp
> > > >> >> > ISA Server Articles and Tutorials:
> > > >> >> >
http://www.isaserver.org/articles_tutorials/
> > > >> >> > ISA Server Blogs:
http://blogs.isaserver.org/
> > > >> >> >
> > >
------------------------------------------------------
> > > >> >> > Visit TechGenix.com for more information
about
> > > our other
> > > >>sites:
> > > >> >> > http://www.techgenix.com
> > > >> >> >
> > >
------------------------------------------------------
> > > >> >> > To unsubscribe visit
> > > >>http://www.isaserver.org/pages/isalist.asp
> > > >> >> > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >> >> >
> > > >> >> >
> > > >> >> >
> > > >> >>
> > >
------------------------------------------------------
> > > >> >> List Archives:
> > > //www.freelists.org/archives/isalist/
> > > >> >> ISA Server Newsletter:
> > > >>http://www.isaserver.org/pages/newsletter.asp
> > > >> >> ISA Server Articles and Tutorials:
> > > >> >> http://www.isaserver.org/articles_tutorials/
> > > >> >> ISA Server Blogs:
http://blogs.isaserver.org/
> > > >> >>
> > >
------------------------------------------------------
> > > >> >> Visit TechGenix.com for more information
about our
> > > other sites:
> > > >> >> http://www.techgenix.com
> > > >> >>
> > >
------------------------------------------------------
> > > >> >> To unsubscribe visit
> > > http://www.isaserver.org/pages/isalist.asp
> > > >> >> Report abuse to listadmin@xxxxxxxxxxxxx
> > > >> >>
> > > >> >>
> > > >> >
> > > >> >
> > > >> > -- >
> > > >> > G. Waleed Kavalec
> > > >> > -------------------------
> > > >> > Why are we all in this handbasket
> > > >> > and where is it going so fast?
> > > >> >
> > > >> > http://www.kavalec.com/thisisislam.swf
> > > >> >
> > >
------------------------------------------------------
> > > >> > List Archives:
> > > //www.freelists.org/archives/isalist/
> > > >>ISA Server
> > > >> > Newsletter:
> > > http://www.isaserver.org/pages/newsletter.asp
> > > >>ISA Server
> > > >> > Articles and Tutorials:
> > > >>http://www.isaserver.org/articles_tutorials/ ISA
> > > >> > Server Blogs:
> > > >> > http://blogs.isaserver.org/
> > >
>>------------------------------------------------------
> > > >> > Visit TechGenix.com for more information
about our
> > > other sites:
> > > >> > http://www.techgenix.com
> > >
>>------------------------------------------------------
> > > >> > To unsubscribe visit
> > > >>http://www.isaserver.org/pages/isalist.asp
Report
> > > >> > abuse to listadmin@xxxxxxxxxxxxx
> > > >>
> > >
>>------------------------------------------------------
> > > >>List Archives:
> > > //www.freelists.org/archives/isalist/
> > > >>ISA Server Newsletter:
> > > >>http://www.isaserver.org/pages/newsletter.asp
> > > >>ISA Server Articles and Tutorials:
> > > >>http://www.isaserver.org/articles_tutorials/
> > > >>ISA Server Blogs: http://blogs.isaserver.org/
> > >
>>------------------------------------------------------
> > > >>Visit TechGenix.com for more information about
our
> > > other sites:
> > > >>http://www.techgenix.com
> > >
>>------------------------------------------------------
> > > >>To unsubscribe visit
> > > http://www.isaserver.org/pages/isalist.asp
> > > >>Report abuse to listadmin@xxxxxxxxxxxxx
> > > >>
> > > >>
> > > >>
> > >
>------------------------------------------------------
> > > >List Archives:
> > > //www.freelists.org/archives/isalist/
> > > >ISA Server Newsletter:
> > > http://www.isaserver.org/pages/newsletter.asp
> > > >ISA Server Articles and Tutorials:
> > > >http://www.isaserver.org/articles_tutorials/
> > > >ISA Server Blogs: http://blogs.isaserver.org/
> > >
>------------------------------------------------------
> > > >Visit TechGenix.com for more information about
our
> > > other sites:
> > > >http://www.techgenix.com
> > >
>------------------------------------------------------
> > > >To unsubscribe visit
> > > http://www.isaserver.org/pages/isalist.asp
> > > >Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > >
>------------------------------------------------------
> > > >List Archives:
> > > //www.freelists.org/archives/isalist/ ISA
> > > >Server Newsletter:
> > > http://www.isaserver.org/pages/newsletter.asp ISA
> > > >Server Articles and Tutorials:
> > > >http://www.isaserver.org/articles_tutorials/ ISA
Server
> > > Blogs:
> > > >http://blogs.isaserver.org/
> > >
>------------------------------------------------------
> > > >Visit TechGenix.com for more information about
our
> > > other sites:
> > > >http://www.techgenix.com
> > >
>------------------------------------------------------
> > > >To unsubscribe visit
> > > http://www.isaserver.org/pages/isalist.asp
> > > >Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > >
> > >
------------------------------------------------------ List
> > > Archives:
//www.freelists.org/archives/isalist/ ISA Server
> > > Newsletter:
http://www.isaserver.org/pages/newsletter.asp ISA Server
> > > Articles and Tutorials:
> > > http://www.isaserver.org/articles_tutorials/ ISA
> > > Server Blogs: http://blogs.isaserver.org/
> > >
------------------------------------------------------ Visit
> > > TechGenix.com for more information about our other
sites:
> > > http://www.techgenix.com
> > >
------------------------------------------------------ To unsubscribe
> > > visit http://www.isaserver.org/pages/isalist.asp
Report abuse to
> > > listadmin@xxxxxxxxxxxxx
> > >
> > >
> > > All mail to and from this domain is GFI-scanned.
> > >
> > >
------------------------------------------------------
> > > List Archives:
//www.freelists.org/archives/isalist/
> > > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server Articles and Tutorials:
> > > http://www.isaserver.org/articles_tutorials/
> > > ISA Server Blogs: http://blogs.isaserver.org/
> > >
------------------------------------------------------
> > > Visit TechGenix.com for more information about our
other sites:
> > > http://www.techgenix.com
> > >
------------------------------------------------------
> > > To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
------------------------------------------------------
> > > List Archives:
//www.freelists.org/archives/isalist/
> > > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server Articles and Tutorials:
> > > http://www.isaserver.org/articles_tutorials/
> > > ISA Server Blogs: http://blogs.isaserver.org/
> > >
------------------------------------------------------
> > > Visit TechGenix.com for more information about our
other sites:
> > > http://www.techgenix.com
> > >
------------------------------------------------------
> > > To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> > >
>
>------------------------------------------------------
> >List Archives:
//www.freelists.org/archives/isalist/
> >ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> >ISA Server Articles and Tutorials:
> >http://www.isaserver.org/articles_tutorials/
> >ISA Server Blogs: http://blogs.isaserver.org/
>
>------------------------------------------------------
> >Visit TechGenix.com for more information about our
other sites:
> >http://www.techgenix.com
>
>------------------------------------------------------
> >To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
> >Report abuse to listadmin@xxxxxxxxxxxxx
> >
>
>------------------------------------------------------
> >List Archives:
//www.freelists.org/archives/isalist/
> >ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> >ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
> >ISA Server Blogs: http://blogs.isaserver.org/
>
>------------------------------------------------------
> >Visit TechGenix.com for more information about our
other sites:
> >http://www.techgenix.com
>
>------------------------------------------------------
> >To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
> >Report abuse to listadmin@xxxxxxxxxxxxx
> >
>
>
>------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/ ISA Server
Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server
Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA
Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------ Visit
TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------ To unsubscribe
visit http://www.isaserver.org/pages/isalist.asp Report abuse to
listadmin@xxxxxxxxxxxxx
>
>All mail to and from this domain is GFI-scanned.
>
><< winmail.dat >>
engage Mutual Assurance is a trading name of Homeowners Friendly
Society Limited (HFSL), Registered and Incorporated under the Friendly
Societies Act 1992, Reg. No. 964F, and its wholly owned subsidiary
engage Mutual Funds Limited (eMFL), Reg. No. 3224780, HFSL and eMFL are
both authorised and regulated by the Financial Services Authority (FSA).
HFSL's FSA Register no. is 110072, eMFL's FSA Register no. is 181487.
You can check this on the FSA's Register by visiting the FSA's website
http://www.fsa.gov.uk/register or by contacting the FSA on 0845 606 1234
engage Mutual Investment Funds ICVC is an investment company
with variable capital. Registered in England No. IC00044.
engage Mutual Administration Limited Reg. No. 4301736, engage
Mutual Services Limited Reg. No. 3088162 and Homeowners Membership
Services Limited Reg. No. 3091667 are non-regulated limited companies.
United Kingdom Civil Service Benefit Society (UKCSBS) and United
Kingdom Armed Forces Benefit Society (UKAFBS) are trading styles of
Homeowners Friendly Society Limited
All registered at Hornbeam Park Avenue, Harrogate. HG2 8XE. Tel:
01423 855000 Web: http://www.engagemutual.com
<http://www.engagemutual.com/> This e-mail is intended only for the
person named as recipient. The contents are confidential. If you are not
the intended recipient of this e-mail, please notify us as soon as
possible and delete it. If you are not the intended recipient of the
e-mail, any use by you is prohibited.
------------------------------------------------------ List Archives:
//www.freelists.org/archives/isalist/ ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and
Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server
Blogs: http://blogs.isaserver.org/
------------------------------------------------------ Visit
TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------ To unsubscribe
visit http://www.isaserver.org/pages/isalist.asp Report abuse to
listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives:
//www.freelists.org/archives/isalist/ ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and
Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server
Blogs: http://blogs.isaserver.org/
------------------------------------------------------ Visit
TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------ To unsubscribe
visit http://www.isaserver.org/pages/isalist.asp Report abuse to
listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
