[isalist] Re: Nothing is secure like PIX

  • From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 26 Jun 2006 08:41:30 -0700

http://www.ISAserver.org
-------------------------------------------------------

This:
"..as there is no full protected firewall; hardware or software, but we are 
just doing our best to protect our network from vulnerability.."

..is the best thing you've said in this thread. 
PIX makes a decent L3 firewall and it's place is well defined as the "outer 
gate".  This deployment allows FirewallAdminBob to place the OSI-smarter ISA 
between the DMZ and the internal network.

..of course, this assumes that Bob is willing to spend the exorbitant fees 
required to:
- purchase
- maintain
- update
..PIX firewalls

ISA Server can be deployed, maintained and updated for far less than the PIX 
and provides deeper network security.
Since it's OSI-smarter, cheaper, easier and better supported, ISA is thus "more 
secure".

-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Egyptian Mind
Sent: Monday, June 26, 2006 08:28
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Nothing is secure like PIX

http://www.ISAserver.org 
------------------------------------------------------- 

Thanks for your suggestion , Steve 

It's realy appreciated, but would you take a look to this results after 
rearranging them by last modified, 

http://search.securityfocus.com/swsearch?query=ISA+vulnerability&sbm=%2F&submit=Search%21&metaname=alldoc&sort=swishlastmodified

and, this special link, is written by researcher called Steve too :)

http://www.securityfocus.com/archive/1/433075


and if we search more, we will find more; about both, ISA or PIX or even 
watchgurad,

as there is no full protected firewall; hardware or software, but we are just 
doing our best to protect our network from vulnerability by increasing the 
numbers of cascading gates, with different classes, 

but you know what ; I made something to my network.... 

My external router has no real IP...

it's just a local loop to the ISP , so that , I put the ISP security door as 
the front one,

Increasing cascading different gates ,

What do you think about it?



    Best Regards
   Mohamed Saleh
    
    Senior Network Administrator 
    College of Business Administration, CBA
    Jeddah, Saudi Arabia
    Tel: +966-02-6563199 ext 2521
    Cell: - +966-50-2953591
 
 
!~` Yesterday is a History` ~!
!~` Tomorrow is a Mystery` ~!
!~` Today is a Gift` ~!
!~` So we call it ...............` ~!
!~` Present .......Simple` ~!
 
 

        
________________________________

        From: "Steve Lunn" <Steve.Lunn@xxxxxxxxxxxxxxxx>
        Reply-To: isalist@xxxxxxxxxxxxx
        To: <isalist@xxxxxxxxxxxxx>
        Subject: [isalist] Re: Nothing is secure like PIX
        Date: Mon, 26 Jun 2006 14:42:28 +0100
        
        

        Can I suggest that you actually read that list of vulnerabilities that 
you just posted as they all relate to ISA 2000 and not ISA 2004.

         

        Regards, 
          
        Steve 
         
        Steve Lunn 
        Technical Support Analyst - Microsoft MCP

         

        engage Mutual Assurance
        DDI: 01423 855101  Fax: 01423 855181

        
________________________________


        From: isalist-bounce@xxxxxxxxxxxxx 
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Egyptian Mind
        Sent: 26 June 2006 13:40
        To: isalist@xxxxxxxxxxxxx
        Subject: [isalist] Re: Nothing is secure like PIX

         

        
        All right, Jim

        I didn't expect this bad atitude from someone supposed to be well 
educated and has a good technical knowledge as you have shown your self, 

        and by the way, no body is perfect , I f you see that you know 
everything, it's a bug mistake..

        Knowing how the OS operating, and dealing with packets, throw RAM and 
processor,.. etc. will be easy if you r spend your life in this field, and your 
education is corosponding this issue.. ( Computing, processing and 
telecommunications), won't be ??

        And every one know that PIX is layer 4 device not like ISA Layer 7, 

        so Greg,,,,, what I was saying is that PIX is more secure than ISA till 
layer 4 processing..

        In addition, I said in my first mail that I'm using the two boxes ( PIX 
and ISA ) for dublication the security, and using ISA specially for controling 
application per user ( as also I said b4)

        and two doors are very good defender than one door only ofcourse,

        *** 

        about the site u send Jim, I think you should select a site that revile 
PIX and give the glory to ISA , as I found the following link in this site too, 
saying 47 result about vulnerability in ISA

        
http://search.securityfocus.com/swsearch?sbm=%2F&metaname=alldoc&query=ISA+vulnerability
 
<http://search.securityfocus.com/swsearch?sbm=/&metaname=alldoc&query=ISA+vulnerability>
 

         

        Finaly, I will close this issue from my side as I'm feel very sorry to 
this bad attitude reaction as the concept of this list is to discuss everyone 
issue and thoughts with eachother...., isn't it??

         

            Best Regards

           Mohamed Saleh
            

            Senior Network Administrator 
            College of Business Administration, CBA
            Jeddah, Saudi Arabia
            Tel: +966-02-6563199 ext 2521
            Cell: - +966-50-2953591
         

         

        !~` Yesterday is a History` ~!

        !~` Tomorrow is a Mystery` ~!

        !~` Today is a Gift` ~!

        !~` So we call it ...............` ~!

        !~` Present .......Simple` ~!

         

         

                
________________________________


                From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
                Reply-To: isalist@xxxxxxxxxxxxx
                To: <isalist@xxxxxxxxxxxxx>
                Subject: [isalist] Re: Nothing is secure like PIX
                Date: Sun, 25 Jun 2006 09:35:29 -0700
                >In response:
                >#1 - "PIX is more secure than ISA because it's a 'hardware' 
firewall". This is pure, unadulterated BS, propagated by the same 1d10t's that 
ignore the *FACT* that PIX is nothing more than a custom OS (xNIX, usually). In 
fact, I've only heard of *one* "hardware" firewall; that it is strictly a 
L3-only box (much like your PIX)
                >
                >#2 - Speed & security are orthogonal. Security is demonstrated 
by resilience in teh face of unwanted traffic; speed is merely doing it faster.
                >
                >#3 - You need to read up on how any OS (specifically Windows) 
network functionality works. If you *ever* find packets being stored to disk 
before being processed, throw that device out the door
                >
                >#4 - I posted this for Tony Su; maybe you'll get more use ot 
of it: 
http://technet2.microsoft.com/WindowsServer/en/Library/823ca085-8b46-4870-a83e-8032637a87c81033.mspx
 After you've read up a bit, come back and rescind this argument
                >
                >#5 - this means nothing of the sort; if you can demonstrate 
this assertion with fact, then by all means do so. You should also go read up 
on how processes communicate in Windows.
                >
                >#6 - Let's see; if I stop the PIX firewall services, the 
machine is also open to attack <duh>.
                >
                >#7 - no machine of any sort has "unlimited" capabilities. If 
you really believe that this is possible, you must not occupy the same physical 
world as the rest of us.
                >
                >#8 - Based on this argument, ISA is also a "hardware" firewall 
as *all* traffic inspection (not just L3 as in PIX) is performed in RAM. Not 
one single packet ever leaves the motherboard except to enter or leave the 
network itself.
                >
                >#9 - The "adaptive security mechanism" is L3-only. ISA policy 
engine and packet filter driver operate all the way to L7. Thus, when the PIX 
is allowing RPC traffic to teh internal host "because it asked for it", ISA is 
blocking it as invalid traffic. Case in point; Blaster passed through every PIX 
on the planet; ISA blocked it in every single case.
                >
                >#10 - is unclear at best. What's your point other than to show 
how you can spew brand names?
                >
                >#11 - I noticed that you can research ISA issues, but you seem 
unable to find PIX vulns? I wonder how that can be? Go out to 
www.securityfocus.com and search under "Cisco" for "PIX Firewall". I see:
                >Multiple Cisco Products WebSense Content Filtering Bypass 
Vulnerability <http://www.securityfocus.com/bid/17883>
                >2006-05-09
                >http://www.securityfocus.com/bid/17883
                >
                >OpenSSL Denial of Service Vulnerabilities 
<http://www.securityfocus.com/bid/9899>
                >2006-05-05
                >http://www.securityfocus.com/bid/9899
                >
                >Multiple Vendor TCP/IP Implementation ICMP Remote Denial Of 
Service Vulnerabilities <http://www.securityfocus.com/bid/13124>
                >2006-03-22
                >http://www.securityfocus.com/bid/13124
                >
                >Cisco PIX TCP SYN Packet Denial Of Service Vulnerability 
<http://www.securityfocus.com/bid/15525>
                >2006-03-10
                >http://www.securityfocus.com/bid/15525
                >
                >Cisco Downloadable RADIUS Policies Information Disclosure 
Vulnerability <http://www.securityfocus.com/bid/16025>
                >2005-12-21
                >http://www.securityfocus.com/bid/16025
                >
                >Cisco IPSec Unspecified IKE Traffic Denial Of Service 
Vulnerabilities <http://www.securityfocus.com/bid/15401>
                >2005-11-14
                >http://www.securityfocus.com/bid/15401
                >
                >Multiple Vendor TCP Sequence Number Approximation 
Vulnerability <http://www.securityfocus.com/bid/10183>
                >2004-04-20
                >http://www.securityfocus.com/bid/10183
                >
                >Multiple Cisco PIX Remote Denial Of Service Vulnerabilities 
<http://www.securityfocus.com/bid/9221>
                >2003-12-15
                >http://www.securityfocus.com/bid/9221
                >
                >OpenSSL ASN.1 Large Recursion Remote Denial Of Service 
Vulnerability <http://www.securityfocus.com/bid/8970>
                >2003-11-04
                >http://www.securityfocus.com/bid/8970
                >
                >Cisco PIX ICMP Echo Request Network Address Translation Pool 
Exhaustion Vulnerability <http://www.securityfocus.com/bid/8754>
                >2003-10-03
                >http://www.securityfocus.com/bid/8754
                >
                >Multiple Vendor Session Initiation Protocol Vulnerabilities 
<http://www.securityfocus.com/bid/6904>
                >2003-02-21
                >http://www.securityfocus.com/bid/6904
                >
                >Multiple Vendor SSH2 Implementation Buffer Overflow 
Vulnerabilities <http://www.securityfocus.com/bid/6407>
                >2002-12-16
                >http://www.securityfocus.com/bid/6407
                >
                >Cisco PIX VPN Session Hijacking Vulnerability 
<http://www.securityfocus.com/bid/6211>
                >2002-11-20
                >http://www.securityfocus.com/bid/6211
                >
                >Cisco PIX TACACS+/RADIUS HTTP Proxy Buffer Overrun 
Vulnerability <http://www.securityfocus.com/bid/6212>
                >2002-11-20
                >http://www.securityfocus.com/bid/6212
                >
                >Cisco PIX Firewall Telnet/SSH Subnet Handling Denial Of 
Service Vulnerability <http://www.securityfocus.com/bid/6110>
                >2002-11-05
                >http://www.securityfocus.com/bid/6110
                >
                >Cisco SSH Denial of Service Vulnerability 
<http://www.securityfocus.com/bid/5114>
                >2002-06-27
                >http://www.securityfocus.com/bid/5114
                >
                >Cisco Malformed SNMP Message Denial of Service Vulnerabilities 
<http://www.securityfocus.com/bid/4132>
                >2002-02-12
                >http://www.securityfocus.com/bid/4132
                >
                >Cisco PIX Firewall SMTP Content Filtering Evasion 
Vulnerability Re-Introduction <http://www.securityfocus.com/bid/3365>
                >2001-09-26
                >http://www.securityfocus.com/bid/3365
                >
                >Cisco PIX TACACS+ Denial of Service Vulnerability 
<http://www.securityfocus.com/bid/2551>
                >2001-04-06
                >http://www.securityfocus.com/bid/2551
                >
                >SSH CRC-32 Compensation Attack Detector Vulnerability 
<http://www.securityfocus.com/bid/2347>
                >2001-02-08
                >http://www.securityfocus.com/bid/2347
                >
                >PKCS #1 Version 1.5 Session Key Retrieval Vulnerability 
<http://www.securityfocus.com/bid/2344>
                >2001-02-06
                >http://www.securityfocus.com/bid/2344
                >
                >Cisco PIX PASV Mode FTP Internal Address Disclosure 
Vulnerability <http://www.securityfocus.com/bid/1877>
                >2000-10-03
                >http://www.securityfocus.com/bid/1877
                >
                >Cisco PIX Firewall SMTP Content Filtering Evasion 
Vulnerability <http://www.securityfocus.com/bid/1698>
                >2000-09-19
                >http://www.securityfocus.com/bid/1698
                >
                >Cisco Secure PIX Firewall Forged TCP RST Vulnerability 
<http://www.securityfocus.com/bid/1454>
                >2000-07-10
                >http://www.securityfocus.com/bid/1454
                >
                >Multiple Firewall Vendor FTP "ALG" Client Vulnerability 
<http://www.securityfocus.com/bid/1045>
                >2000-03-10
                >http://www.securityfocus.com/bid/1045
                >
                >Multiple Firewall Vendor FTP Server Vulnerability 
<http://www.securityfocus.com/bid/979>
                >2000-02-09
                >http://www.securityfocus.com/bid/979
                >
                >Cisco PIX Firewall Manager File Exposure 
<http://www.securityfocus.com/bid/691>
                >1998-08-31
                >http://www.securityfocus.com/bid/691
                >
                >Cisco PIX and CBAC Fragmentation Attack 
<http://www.securityfocus.com/bid/690>
                >1998-08-18
                >http://www.securityfocus.com/bid/690
                >
                >Well, waddayano; seems like PIX takes this particular prize.
                >
                >#12 - this is nothing more than another indication of your 
vast Windows / ISA ignorance
                >
                >Please go educate yourself before making such claims, or at 
least ask Tony Su for advice.
                >
                >________________________________
                >
                >From: isalist-bounce@xxxxxxxxxxxxx on behalf of Egyptian Mind
                >Sent: Sun 6/25/2006 2:32 AM
                >To: isalist@xxxxxxxxxxxxx
                >Subject: [isalist] Re: Nothing is secure like PIX
                >
                >
                >http://www.ISAserver.org 
-------------------------------------------------------
                >
                >Dears,
                >
                >
                >
                >I'm sorry for not continuing mailing about this issue, but I 
was quit busy in upgrading in our network infrastructure, but I should tell you 
that I was really surprised by the 160 mails they were in my inbox about this 
issue..
                >
                >It means that this matter has gained a lot of attentions to 
most of members here in ISA List... I've really get amused by these mails which 
come from different members with different cultures and experiences about using 
hardware or software as a firewall boundary, although that some of you have 
taking this issue as some kind of joke, or to get amused by mocking ... 
:-):-):-)
                >
                >Anyway, I've really get amused by your mail, TOM, It was 
really funny and your way of talking and mocking the Idea is very 
interesting... Honestly, I laughed for 15 minutes ; none-stop when I was 
reading your blog :-):-):-):-):-) (( It does not mean ridiculing of you, but it 
means that your way of present your Idea is really interesting :-) :-):-)
                >
                >But let's start examine this issue in neutrality way... "and 
let me borrow your link for ' ISA Server 2006 Firewall Core' which u have send 
as you ask" :-)
                >
                >
                >
                >First: I didn't say that PIX is the most secure firewall in 
the world, and ' Supernova; The greatest hacker' can grantee this, I just said 
that PIX is more secure than ISA server, which is our issue here...( I mean 
that PIX as a Hardware firewall, is more secure than ISA as a software firewall)
                >
                >Second: you say that " Faster is not the better" and you 
repeated it in a very interesting way, but I think you should look at " ISA 
Server Firewall Core " in this paragraph:::::
                >
                >"""" Firewall Engine ( Firewall Packet Engine)
                >
                >Handling these operations in Kernal Mode, improves both 
performance and security. """""
                >
                >This means that Microsoft tends to increase the performance of 
firewall service and security service in ISA to make it faster as possible :-).
                >
                >Third: ISA 2006 firewall core depends on Network Driver 
Interface Specification ( NDIS) and Microsoft Networking Stack, that means that 
packet should pass the network interface, the processor, RAM, harddisk, till it 
reach the network driver in windows ( Kernal Layer) which located over the 
hardware layer and assembly layer, in the other hand, the packet is analyzed, 
interpreted and processed in hardware layer in any hardware firewall.
                >
                >Fourth: The TCP/IP Stack in firewall core in Kernal mode is 
controlled by windows , which refers to the previous point of even the firewall 
engine is analyzing the packet in layer 3 and 4 before beginning processing, it 
will of course reach layer 5 of windows which send it to the firewall engine in 
kernel mode.... (( Does it make sense??? )) or it's better to analyze the 
packet as soon as it reaches the network interface card, Isn't it??
                >
                >Fifth: In the purposed document
                >
                >" Policy Engine
                >
                >The policy engine communicates with all components of the ISA 
server firewall core, both with the Kernal-mode firewall engine and the 
user-mode firewall service, in addition the Policy Engine communicates with 
both layers of application and web filters""
                >
                >This means that there are a lot of channels opened between 
Firewall core and other applications running in ISA, which means " open ports", 
even this ports are opened in Kernal-mode, but it's still opened port :-)
                >
                >Sixth: These are some comments gathering from viewing just the 
first three papers of Microsoft Document, and I will not telling the comments 
getting from the rest of this document, or the mail will be too long :-) to 
read, but just I'd like to present this comment written in the document as my 
last word about this document;
                >
                >" Note The firewall engine driver is the root of the firewall 
dependency tree. Stopping the firewall engine driver ( by using net stop fweng 
/y at the command prompt) also stops the other Firewall components, which opens 
the computer to all network traffic """
                >
                >Open to all network traffic !!!!!!!!!!!!!!!!!!!!!, it means 
fully penetrated... how could it be that one command can penetrate my network 
to all attacks?????? ... it does not make sense at all, Does it??
                >
                >Seventh: you compares the ISA server 2006 ( which is last 
release) with PIX firewall, which is in market over than 20 years, and you 
didn't specify which version,, Microsoft has ISA 2000, 2004, 2006... But CISCO 
has 501,501E,506E,515,525, and the greatest PIX 535, which has unlimited number 
of users ad unlimited numbers of concurrent VPN Connections ....
                >
                >Eighth : The OS of PIX is too small which can be loaded in RAM 
and some portion of processor, It doesn't mean just that it will be faster and 
faster than any software firewall, but I mean that the packet inspector process 
will be done at the hardware level, and in fact it happens in the assembly 
level... More than that, every interface in PIX has it's own firewall policy, 
firewall engine, access control,,, although you manage all interfaces by one 
screen, but in fact this screen is collecting policies and access controls and 
firewall services for all interfaces,,, as the OS of PIX divide itself to make 
each interface has it's own control, so no need to contact with the core OS or 
the kernel for any operations....
                >
                >Ninth: The adaptive security algorithm, included in PIX, will 
never allow an incoming traffic to go inside, except if there is a request for 
this traffic from inside, and it should match a random signature it has been 
given to the requested traffic, or if u make a policy on the outside interface 
to allow this traffic to come in, and is called ADAPTIVE , it means that it 
will strengthen it self upon the signature of the attack or the requested 
traffic and how it will be filtered to insure that this " man in the middle" 
will not gain access though the incoming traffic.
                >
                >Tenth: I was talking here about PIX 535 which support all 
clustering features, as well as redundancy, as the corresponding issue is 
between ISA and PIX, as a hardware and software firewall, but If we go to 
market, we will find Watch Guard, Cyber Guard, Alphafilter, CyberCom, 
D-Link,.....etc as well as we will see Symantec , Mcafee, ....etc,,, and for 
linux there are a lot of firewall software like Netfilter
                >
                >Eleventh: you talked about ISA 2006, and you give me a 
document coming from Microsoft itself, so what will mama said about her 
child???????
                >
                >So if you want this, you can take a look of the following 
links ::
                >
                > PIX 535
                >
                
>http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a008007d05d.html
                >
                
>http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a00801daa53.html
                >
                >ASA 5500
                >
                
>http://www.cisco.com/en/US/products/ps6120/products_data_sheet0900aecd802930c5.html
                >
                
>http://www.cisco.com/en/US/products/ps6120/products_data_sheet0900aecd80404916.html
                >
                >Note that ASA 5500 has been developed in order to satisfy 
market need of application filtering and Active Directory Integrated..
                >
                >But if we go to neutralized sites, we will find that most of 
them are preferred PIX than ISA as a front door
                >
                >and I will not go far away,
                >
                >This link is in ISASERVER.org itself with your handwriting 
about ISA 2000, which shown some issue
                >
                
>http://www.isaserver.org/articles/Microsoft_Confirms_DoS_Vulnerability_in_ISA_Server_2000.html
                >
                >right?
                >
                >And also :
                >
                
>http://forums.isaserver.org/m_240057200/mpage_1/key_/tm.htm#240057210
                >
                >and please see this
                >
                >http://www.critical-error.com/Article724.phtml
                >
                >http://www.techspot.com/vb/archive/index/t-10247.html
                >
                
>http://www.checkpoint.com/defense/advisories/public/2006/printer/cpai_print-03-Jun.html
                >
                
>http://www.networksecurityarchive.org/html/NTBugtraq/2004-11/msg00009.html
                >
                >
                >
                > Which means that you should be standby for any articles and 
newsgroup to find out if there any discover Vulnerability, and not just using 
windows update"
                >
                >Twelfth: There is a fact that any GUI operating system should 
open ports to hardware to operate well, and this is refer to fact that the 
first 1024 ports in windows you can't change or reconfigure, and the other act 
that the most secure operating system till now is UNIX , as it is a command 
prompt operating system and have never been hacked except when it become LINUX, 
with a GUI.
                >
                >And even if it has been hacked, it records the least amount of 
hacking processes than windows ofcourse.
                >
                >Finally : No Doubt that Microsoft is the greatest marketing 
company in the world, as it depends on user need, and nothing is more important 
to user more than the fancy of GUI , Graphical User Interface,
                >
                >I think most of you agree with me that this concept ; I mean 
GUI, is the main reason for Bill Jates treasure which made up his riches, isn't 
it???
                >
                >Now, can you tell me
                >
                >- Why the great companies and the effective and sensitive 
corporations ( Like BMW, Aramco, Nokia ) prefer to put a hardware firewall 
instead of ISA server?? ( This is a fact, I see it myself )
                >
                >
                >
                >- Why most of multinational banks ( Like CIB, HSBC ) put more 
than three cascading hardware firewalls as it's front door to internet??? ( 
This is a fact, I see it myself)
                >
                >
                >
                >- Why Microsoft itself didn't use any of it's products, in 
it's server farms, instead they using UNIX for mail server as an example??? ( 
you can check it your self by reading the arguments shown to you in the address 
bar of internet explorer when you open your hotmail inbox, and ask a good web 
programmer about it )
                >
                >
                >
                >- Why you don't recommend ISA server for DAN as the cheapest 
way for a firewall system, as he can install it on a high hardware qualified 
workstation, not should be a server, if you think that ISA server can 
manage?????
                >
                >
                >
                >
                > Best Regards
                > Mohamed Saleh
                >
                > Senior Network Administrator
                > College of Business Administration, CBA
                > Jeddah, Saudi Arabia
                > Tel: +966-02-6563199 ext 2521
                > Cell: - +966-50-2953591
                >
                >
                >!~` Yesterday is a History` ~!
                >!~` Tomorrow is a Mystery` ~!
                >!~` Today is a Gift` ~!
                >!~` So we call it ...............` ~!
                >!~` Present .......Simple` ~!
                >
                >
                >
                >
                >________________________________
                >
                > From: "D PIETRUSZKA USWRN INTERLINK INFRA" 
<DPietruszka@xxxxxx>
                > Reply-To: isalist@xxxxxxxxxxxxx
                > To: <isalist@xxxxxxxxxxxxx>
                > Subject: [isalist] Re: Nothing is secure like PIX
                > Date: Thu, 22 Jun 2006 07:16:07 -0400
                > >http://www.ISAserver.org
                > >-------------------------------------------------------
                > >
                > >Probably you need to move your test to a more realistic and 
complex
                > >scenario.
                > >
                > >Regards
                > >Diego R. Pietruszka
                > >
                > >
                > >-----Original Message-----
                > >From: isalist-bounce@xxxxxxxxxxxxx 
[mailto:isalist-bounce@xxxxxxxxxxxxx]
                > >On Behalf Of Thomas W Shinder
                > >Sent: Wednesday, June 21, 2006 6:28 PM
                > >To: isalist@xxxxxxxxxxxxx
                > >Subject: [isalist] Re: Nothing is secure like PIX
                > >
                > >http://www.ISAserver.org
                > >-------------------------------------------------------
                > >
                > >In my tests, I found them to be the same.
                > >
                > >I have one box running ISA 2000 that hasn't been upgraded or 
service
                > >packed for over two years, and it's been running without 
stop for that
                > >period of time. This is on a white box install.
                > >
                > >There really isn't any difference in stability from my 
perspective. If
                > >you don't treat it like a workstation, don't install non-ISA 
firewall
                > >related services on it, it will run as long as any PIX. And 
the good
                > >thing is, it updates itself. Unlike the PIX, which does need 
to be
                > >updated like any other device, it doesn't do it itself and 
most
                > >"hardware" firewall admins just ignore it. Not very smart or 
secure, but
                > >I see that all the time in the field. After all, it's 
hardware, it must
                > >be secure [sic].
                > >
                > >NOT.
                > >
                > >Tom
                > >
                > >Thomas W Shinder, M.D.
                > >Site: www.isaserver.org
                > >Blog: http://blogs.isaserver.org/shinder/
                > >Book: http://tinyurl.com/3xqb7
                > >MVP -- ISA Firewalls
                > >
                > >
                > >
                > > > -----Original Message-----
                > > > From: isalist-bounce@xxxxxxxxxxxxx
                > > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of D
                > > > PIETRUSZKA USWRN INTERLINK INFRA
                > > > Sent: Wednesday, June 21, 2006 2:02 PM
                > > > To: isalist@xxxxxxxxxxxxx
                > > > Subject: [isalist] Re: Nothing is secure like PIX
                > > >
                > > > http://www.ISAserver.org
                > > > -------------------------------------------------------
                > > >
                > > > Do you know the difference between stability (what I 
mentioned on my
                > > > email) and vulnerability?
                > > >
                > > > Regards
                > > > Diego R. Pietruszka
                > > >
                > > >
                > > > -----Original Message-----
                > > > From: isalist-bounce@xxxxxxxxxxxxx
                > > > [mailto:isalist-bounce@xxxxxxxxxxxxx]
                > > > On Behalf Of Jim Harrison
                > > > Sent: Wednesday, June 21, 2006 1:51 PM
                > > > To: isalist@xxxxxxxxxxxxx
                > > > Subject: [isalist] Re: Nothing is secure like PIX
                > > >
                > > > http://www.ISAserver.org
                > > > -------------------------------------------------------
                > > >
                > > > This is a completely specious argument, with absolutely 
no basis in
                > > > historical fact.
                > > > When you can demonstrate that a properly-configured ISA 
server has
                > > > *EVER* been compromised due to a Windows vulnerability, 
this
                > > > claim *may*
                > > > warrant consideration.
                > > >
                > > > Until then, it's nothing more or less than simple 
punditious
                > > > regurgitation.
                > > >
                > > > -------------------------------------------------------
                > > > Jim Harrison
                > > > MCP(NT4, W2K), A+, Network+, PCG
                > > > http://isaserver.org/Jim_Harrison/
                > > > http://isatools.org
                > > > Read the help / books / articles!
                > > > -------------------------------------------------------
                > > >
                > > >
                > > > -----Original Message-----
                > > > From: isalist-bounce@xxxxxxxxxxxxx
                > > > [mailto:isalist-bounce@xxxxxxxxxxxxx]
                > > > On Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA
                > > > Sent: Wednesday, June 21, 2006 08:53
                > > > To: isalist@xxxxxxxxxxxxx
                > > > Subject: [isalist] Re: Nothing is secure like PIX
                > > >
                > > > I completely agree that ISA is far more secure than PIX, 
the
                > > > only part I
                > > > would concede to PIX (and that is why is still on the 
market) is the
                > > > stability and that is because don't run on windows as ISA 
do.
                > > >
                > > >
                > > >
                > > > Regards
                > > >
                > > > Diego R. Pietruszka
                > > >
                > > >
                > > >
                > > > ________________________________
                > > >
                > > > From: isalist-bounce@xxxxxxxxxxxxx
                > > > [mailto:isalist-bounce@xxxxxxxxxxxxx]
                > > > On Behalf Of Thomas W Shinder
                > > > Sent: Wednesday, June 21, 2006 11:05 AM
                > > > To: isalist@xxxxxxxxxxxxx
                > > > Cc: isapros-repost@xxxxxxxxxxxxx
                > > > Subject: [isalist] Re: Nothing is secure like PIX
                > > >
                > > >
                > > >
                > > > Hi EM,
                > > >
                > > >
                > > >
                > > > You are right. PIX is not very secure. It's a router with
                > > > some advanced
                > > > ACLs and does neat routing tricks. But when it comes to
                > > > security, you're
                > > > very very wrong that it's more secure. Hardware doesn't 
fall from
                > > > heaven, and all "hardware" is controlled by software, and
                > > > Syphco's core
                > > > compentancy is not application protection -- it's routing 
and
                > > > switching.
                > > >
                > > >
                > > >
                > > >
                > > > I agree that there is no comparison between PIX and ISA 
-- only a fool
                > > > would be convinced that they get any real security from a 
PIX, becuase
                > > > they never took the time to learn about network security 
and what the
                > > > end game was. Check Point? That's another story. Like the 
ISA
                > > > firewall,
                > > > Check Point is a so-called "software firewall" (something 
to pothead
                > > > "hardware" firewall guys often forget). Check Point is 
better than ISA
                > > > and you pay a LOT for that. However, a PIX is a joke and 
I think the
                > > > more thoughtful firewall admins out there realize they've
                > > > been hyMOtized
                > > > by the Syphco sales reps.
                > > >
                > > >
                > > >
                > > > PIX is a puppy dog, a little terrier, a laptop or a 
pretty little
                > > > Persian kitty cat -- the ISA firewall is the 
brobdingnagian that
                > > > provides your real security. The PIX is an emotional 
blanket,
                > > > a network
                > > > Prozac, an expensive and illusory work for security 
fiction.
                > > > The PIX is
                > > > the emperor with no clothes and is front of my hacked Web 
sites and
                > > > networks than any other firewall.
                > > >
                > > >
                > > >
                > > > You mention that the PIX software is "advanced" -- I'll 
give you the
                > > > opposite perspective and proffer that it's a trisomy 13 
baby
                > > > compared to
                > > > the robust and healthy child that is the ISA firewall. No 
one has ever
                > > > broken into an ISA firewall and I consider the ISA 
firewall
                > > > mandatory. A
                > > > PIX is nothing more than a historical superstition, a 
carry over from
                > > > the dawn days of the Internet. I never never never never 
never never
                > > > NEVER recommend putting a PIX in front or behind or 
anywhere near the
                > > > ISA firewall (a Check Point? Sometimes that's useful for 
defense in
                > > > depth -- Check Point, unlike PIX, is a real network 
security
                > > > solution).
                > > >
                > > >
                > > >
                > > > The PIX with worthless and weak. Who is it? What is it? 
What does it
                > > > plan to do with it's life? (name that tune!) On the other
                > > > hand, the ISA
                > > > firewall is built by people who understand software, 
understand
                > > > security, and is much more than a stupid router with a
                > > > "firewall" decal
                > > > slapped on its bezel.
                > > >
                > > >
                > > >
                > > > The ISA firewall's VPN server is MUCH MORE SECURE than 
the simple PIX
                > > > VPN. I've always wondered about the IQ of folks who have 
thought
                > > > otherwise. It's probably not an intelligence issue, but 
just an
                > > > ignorance issue, since they probably don't understand the
                > > > weaknesses of
                > > > the PIX VPN solution or the strengths of the ISA 
firewall's VPN
                > > > solutions -- but that's par for the course for folks 
who've been
                > > > hypmotized by the Syphco sales reps, and have had the 
implanted
                > > > suggestions reinforced by the ABMer idiot echo chamber.
                > > >
                > > >
                > > >
                > > > Faster is not more secure.
                > > >
                > > > Repeat
                > > >
                > > > Faster is NOT more secure
                > > >
                > > > Repeat
                > > >
                > > > Faster is NOT more secure
                > > >
                > > > Repeat
                > > >
                > > > Faster is NOT NOT NOT more secure
                > > >
                > > >
                > > >
                > > > Hardware is NOT more secure
                > > >
                > > > Repeat
                > > >
                > > > Hardware is NOT more secure
                > > >
                > > > Repeat
                > > >
                > > > Hardware is NOT more secure
                > > >
                > > > Repeat
                > > >
                > > > Hardware is NOT more secure
                > > >
                > > > Repeat
                > > >
                > > > Hardware is NOT more secure
                > > >
                > > > Repeat
                > > >
                > > > Hardware is NOT more secure
                > > >
                > > > Repeat
                > > >
                > > > Hardware is NOT more secure
                > > >
                > > > Repeat
                > > >
                > > >
                > > >
                > > > Remember, PIX has many security vulnerabilies that you can
                > > > check out at
                > > > Secunia. Strangely enough, the ISA firewall has NONE. And
                > > > don't feed me
                > > > that tired old drivel about "but it runs on Windows". If 
you
                > > > can show me
                > > > how this is an issue after reading this
                > > > 
http://www.microsoft.com/isaserver/2006/prodinfo/Firewall_Corewp.mspx
                > > > (which you won't do if you depend on your Syphco sales 
rep for tech
                > > > info).
                > > >
                > > >
                > > >
                > > > Finally, be careful about throwing Syphco PIX FUD around 
here. I've
                > > > worked with the worthless PIX for a long time and studied 
it
                > > > in depth. I
                > > > know it's cr*p on a cracker and it survives because it's 
been
                > > > grandfathered into the business. We're all now suffering 
badly because
                > > > the "network guys" who are clueless lusers when it comes 
to understand
                > > > application security, have hijacked network security and 
companies get
                > > > hacked far more often than they should because these 
dolts are "port
                > > > openers" and "port closers". The current situation has 
the clowns
                > > > running the circus.
                > > >
                > > >
                > > >
                > > > In conclusion, there are several neuroleptic medications I
                > > > can recommend
                > > > to anyone who seriously believes the worthless PIX is 
more secure than
                > > > an ISA firewall.
                > > >
                > > >
                > > >
                > > > IMNHO,
                > > >
                > > > Tom
                > > >
                > > >
                > > >
                > > > P.S. You're welcome to borrow any of the creative phases 
I've included
                > > > in this email. I only ask that you give the props :)
                > > >
                > > > Thomas W Shinder, M.D.
                > > > Site: www.isaserver.org <http://www.isaserver.org/>
                > > > Blog: http://blogs.isaserver.org/shinder/
                > > > Book: http://tinyurl.com/3xqb7
                > > > MVP -- ISA Firewalls
                > > >
                > > >
                > > >
                > > >
                > > >
                > > >
                > > > ________________________________
                > > >
                > > >
                > > > From: isalist-bounce@xxxxxxxxxxxxx
                > > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of 
Egyptian Mind
                > > > Sent: Wednesday, June 21, 2006 9:01 AM
                > > > To: isalist@xxxxxxxxxxxxx
                > > > Subject: [isalist] Nothing is secure like PIX
                > > >
                > > > http://www.ISAserver.org
                > > > -------------------------------------------------------
                > > >
                > > >
                > > >
                > > > Dears,
                > > >
                > > > No doubt that ISA 2000 or 2004 or even 2006, have 
increased the
                > > > possibility of controling user access,,, by allowing or 
denying the
                > > > browsing or a tiny issue like downloding gif and not
                > > > downloading jpg as
                > > > an example..
                > > >
                > > > This shows how much we can control user action,,,
                > > >
                > > > Moreover, features like firewall services, securing VPN
                > > > connection, Nating, Publishing web sites, etc.... are 
very helpfull
                > > > features to make or Network Control is much easier...
                > > >
                > > > But Nothing is secure like PIX...
                > > >
                > > > I don't mean that PIX is more secure than ISA, or more 
capable
                > > > of handling requests... I'm talking about features and 
design and even
                > > > the hardware specification.... There is no comparison 
between ISA and
                > > > PIX
                > > >
                > > > I'm here, in my network ; using two failover PIX and two
                > > > clustering ISA servers as well.. every device has it's
                > > > responsiblities...
                > > >
                > > > ISA is responisble for handling he request from users and
                > > > filtering it depends on customized rules, and the great 
thing that ISA
                > > > server is a domain member, so I can customized the rules 
directly to
                > > > specific user ,,,
                > > >
                > > > PIX is my Huge Body Guard which stand infront of my Out 
Door, to
                > > > filter any request come in or out my door... YEs ..( in 
or out ) not
                > > > just in .... and it is built on a very advanced built-in
                > > > program in the
                > > > hardware it self, it is the adaptive security algorithm,
                > > > which has alot
                > > > of tools to scan the coming packet,... like if we said , 
the
                > > > ultravoilet, infarraed, and eye scanner and everything...
                > > >
                > > > It's a very adaptive algorithm and it's very hard to
                > > > penetrate,,, note that this alogorithm is working on 
every packet goes
                > > > or come , also depend on your own cutomized rule you make 
on PIX,,,
                > > >
                > > > and instead that the windows how operates, the adaptive 
security
                > > > algorithm are running using the same processing speed of 
it's
                > > > processor,
                > > > as it is already loaded in the PIX processor and rams..
                > > >
                > > > How faster do you think it will be !!!!!!?????
                > > >
                > > > it also has a complete secure process for VPN connection 
and
                > > > PATING, NATING , ... etc
                > > >
                > > > But PIX is not function as layer 7 appliance, so we use 
ISA for
                > > > this purpose,,, to control the Application layer and 
presentation
                > > > layer... nothing more, nothing less,, and also because 
PIX is not
                > > > integrating with Active Directory..
                > > >
                > > > Finally, PIX is mandatory for security, and ISA is 
mandatory for
                > > > controling... but if we talked about the ability to be 
hacked
                > > > , I think
                > > > you will agree with me that hacking a program runing on
                > > > Windows platform
                > > > is much easier from penetrating program runing on 
security dedicated
                > > > appliance........ (( you can ask Bill Jates about it ))
                > > >
                > > >
                > > >
                > > >
                > > >
                > > > Best Regards
                > > >
                > > > Mohamed Saleh
                > > >
                > > >
                > > > Senior Network Administrator
                > > > College of Business Administration, CBA
                > > > Jeddah, Saudi Arabia
                > > > Tel: +966-02-6563199 ext 2521
                > > > Cell: - +966-50-2953591
                > > >
                > > >
                > > >
                > > >
                > > > !~` Yesterday is a History` ~!
                > > >
                > > > !~` Tomorrow is a Mystery` ~!
                > > >
                > > > !~` Today is a Gift` ~!
                > > >
                > > > !~` So we call it ...............` ~!
                > > >
                > > > !~` Present .......Simple` ~!
                > > >
                > > >
                > > >
                > > >
                > > >
                > > >
                > > > ________________________________
                > > >
                > > >
                > > > From: "Shane Mullins" <tsmullins@xxxxxxxxxxxxxx>
                > > > Reply-To: isalist@xxxxxxxxxxxxx
                > > > To: <isalist@xxxxxxxxxxxxx>
                > > > Subject: [isalist] Re: Hardware.... (cringe) ...firewall
                > > > ?
                > > > Date: Tue, 20 Jun 2006 13:12:08 -0400
                > > > >http://www.ISAserver.org
                > > > >-------------------------------------------------------
                > > > > Good Deal,
                > > > >
                > > > > We have used ISA since Proxy 2.0. I really liked the
                > > > upgrade
                > > > >from 2.0 to ISA 2000. But, I really really like ISA
                > > > 2004. Some of
                > > > >the new features are great, esp in the VPN areas,
                > > > stateful packet
                > > > >inspection. Also, I like the way ISA integrates into
                > > > AD, this is
                > > > >huge if you are a Windows shop. Also, there are some
                > > > third party
                > > > >snap ins that are very helpful.
                > > > >
                > > > >Shane
                > > > >
                > > > >PS I also really enjoyed reading your ISA 2004 book.
                > > > >
                > > > >
                > > > >
                > > > >----- Original Message ----- From: "Thomas W Shinder"
                > > > ><tshinder@xxxxxxxxxxx>
                > > > >To: <isalist@xxxxxxxxxxxxx>
                > > > >Sent: Tuesday, June 20, 2006 10:33 AM
                > > > >Subject: [isalist] Re: Hardware.... (cringe)
                > > > ...firewall ?
                > > > >
                > > > >
                > > > >http://www.ISAserver.org
                > > > >-------------------------------------------------------
                > > > >
                > > > >Hi Shane,
                > > > >
                > > > >No problems, that's how I took it! :)
                > > > >
                > > > >The PIX tax reminds of when in the middle ages you
                > > > could pay the
                > > > >church
                > > > >to absolve you of your sins. The situation here is that
                > > > they're
                > > > >paying
                > > > >Cisco for their sin of slothfullness. Slothful in that
                > > > they haven't
                > > > >spent the time and effort to understand real network
                > > > security and
                > > > >blindly pay a router and switch company big money to
                > > > protect
                > > > >comporate
                > > > >data (does anyone see the paradox in this?)
                > > > >
                > > > >Thanks!
                > > > >Tom
                > > > >
                > > > >Thomas W Shinder, M.D.
                > > > >Site: www.isaserver.org
                > > > >Blog: http://blogs.isaserver.org/shinder/
                > > > >Book: http://tinyurl.com/3xqb7
                > > > >MVP -- ISA Firewalls
                > > > >
                > > > >
                > > > >
                > > > >>-----Original Message-----
                > > > >>From: isalist-bounce@xxxxxxxxxxxxx
                > > > >>[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of
                > > > Shane Mullins
                > > > >>Sent: Tuesday, June 20, 2006 7:56 AM
                > > > >>To: isalist@xxxxxxxxxxxxx
                > > > >>Subject: [isalist] Re: Hardware.... (cringe)
                > > > ...firewall ?
                > > > >>
                > > > >>http://www.ISAserver.org
                > > >
                > > > >>-------------------------------------------------------
                > > > >>
                > > > >>Hey Thomas,
                > > > >>
                > > > >> I meant that to be a plug for ISA 2004. I think ISA
                > > > 2004
                > > > >>is great. We
                > > > >>have two ISA 2004 boxes that firewall and provide
                > > > internet
                > > > >>access for 3,500
                > > > >>machines. ISA 2004 has been rock solid for us. ISA
                > > > 2004
                > > > >>provides advanced
                > > > >>logging and caching functions that a "hardware"
                > > > firewall
                > > > >>cannot provide. I
                > > > >>have nothing against unix, but ISA 2004 is great.
                > > > >> We could have paid 50k for a single pix to provide
                > > > >>firewall services.
                > > > >>Then signed up for a 5k a year maintenance agreement
                > > > (so we could
                > > > >>rcv
                > > > >>updates). And all machines need updates, even
                > > > "hardware"
                > > > >>firewalls have an
                > > > >>OS. And ISA still does so much more.
                > > > >>
                > > > >>Shane
                > > > >>
                > > > >>
                > > > >>
                > > > >>
                > > > >>
                > > > >> > On 6/19/06, Thomas W Shinder <tshinder@xxxxxxxxxxx>
                > > > wrote:
                > > > >> >> http://www.ISAserver.org
                > > > >> >>
                > > > -------------------------------------------------------
                > > > >> >>
                > > > >> >> Yes, it's that good. Go Daddy and the ISP are
                > > > clueless.
                > > > >>Have you ever
                > > > >> >> talked to your ISP's "tech guys" who make these
                > > > >>recommendations? Let's
                > > > >> >> just say that the typical interaction leaves you
                > > > with the
                > > > >>feeling that
                > > > >> >> they're not on the top of the firewall and
                > > > networking food
                > > > >>chains :)
                > > > >> >>
                > > > >> >> Thomas W Shinder, M.D.
                > > > >> >> Site: www.isaserver.org
                > > > >> >> Blog: http://blogs.isaserver.org/shinder/
                > > > >> >> Book: http://tinyurl.com/3xqb7
                > > > >> >> MVP -- ISA Firewalls
                > > > >> >>
                > > > >> >>
                > > > >> >>
                > > > >> >> > -----Original Message-----
                > > > >> >> > From: isalist-bounce@xxxxxxxxxxxxx
                > > > >> >> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf
                > > > Of Shane
                > > > >>Mullins
                > > > >> >> > Sent: Monday, June 19, 2006 1:10 PM
                > > > >> >> > To: isalist@xxxxxxxxxxxxx
                > > > >> >> > Subject: [isalist] Re: Hardware.... (cringe)
                > > > ...firewall ?
                > > > >> >> >
                > > > >> >> > http://www.ISAserver.org
                > > > >> >> >
                > > > -------------------------------------------------------
                > > > >> >> >
                > > > >> >> > ISA 2K4 is really good? There is an eval
                > > > version. Maybe he
                > > > >> >> > would let you
                > > > >> >> > try that.
                > > > >> >> >
                > > > >> >> >
                > > > >> >> > Shane
                > > > >> >> >
                > > > >> >> > ----- Original Message -----
                > > > >> >> > From: "G.Waleed Kavalec" <kavalec@xxxxxxxxx>
                > > > >> >> > To: <isalist@xxxxxxxxxxxxx>
                > > > >> >> > Sent: Monday, June 19, 2006 1:08 PM
                > > > >> >> > Subject: [isalist] Hardware.... (cringe)
                > > > ...firewall ?
                > > > >> >> >
                > > > >> >> >
                > > > >> >> > > http://www.ISAserver.org
                > > > >> >> > >
                > > > -------------------------------------------------------
                > > > >> >> > > My boss has been talking to our ISP and also
                > > > to some folks
                > > > >> >> > at GoDaddy.
                > > > >> >> > >
                > > > >> >> > > Both use - and recommend - hardware firewall
                > > > solutions.
                > > > >> >> > >
                > > > >> >> > > What do I tell him? He is poised to make one
                > > > of those
                > > > >>classic PHB
                > > > >> >> > > decisions.
                > > > >> >> > >
                > > > >> >> > > (currently on ISA 2K)
                > > > >> >> > >
                > > > >> >> > > --
                > > > >> >> > >
                > > > >> >> > > G. Waleed Kavalec
                > > > >> >> > > -------------------------
                > > > >> >> > > Why are we all in this handbasket
                > > > >> >> > > and where is it going so fast?
                > > > >> >> > >
                > > > ------------------------------------------------------
                > > > >> >> > > List Archives:
                > > > //www.freelists.org/archives/isalist/
                > > > >> >> > ISA Server
                > > > >> >> > > Newsletter:
                > > > http://www.isaserver.org/pages/newsletter.asp
                > > > >> >> > ISA Server
                > > > >> >> > > Articles and Tutorials:
                > > > >> >> > http://www.isaserver.org/articles_tutorials/ ISA
                > > > >> >> > > Server Blogs:
                > > > >> >> > > http://blogs.isaserver.org/
                > > > >> >> >
                > > > ------------------------------------------------------
                > > > >> >> > > Visit TechGenix.com for more information about
                > > > our other
                > > > >>sites:
                > > > >> >> > > http://www.techgenix.com
                > > > >> >> >
                > > > ------------------------------------------------------
                > > > >> >> > > To unsubscribe visit
                > > > >> >> > http://www.isaserver.org/pages/isalist.asp
                > > > Report
                > > > >> >> > > abuse to listadmin@xxxxxxxxxxxxx
                > > > >> >> > >
                > > > >> >> >
                > > > >> >> >
                > > > ------------------------------------------------------
                > > > >> >> > List Archives:
                > > > //www.freelists.org/archives/isalist/
                > > > >> >> > ISA Server Newsletter:
                > > > >>http://www.isaserver.org/pages/newsletter.asp
                > > > >> >> > ISA Server Articles and Tutorials:
                > > > >> >> > http://www.isaserver.org/articles_tutorials/
                > > > >> >> > ISA Server Blogs: http://blogs.isaserver.org/
                > > > >> >> >
                > > > ------------------------------------------------------
                > > > >> >> > Visit TechGenix.com for more information about
                > > > our other
                > > > >>sites:
                > > > >> >> > http://www.techgenix.com
                > > > >> >> >
                > > > ------------------------------------------------------
                > > > >> >> > To unsubscribe visit
                > > > >>http://www.isaserver.org/pages/isalist.asp
                > > > >> >> > Report abuse to listadmin@xxxxxxxxxxxxx
                > > > >> >> >
                > > > >> >> >
                > > > >> >> >
                > > > >> >>
                > > > ------------------------------------------------------
                > > > >> >> List Archives:
                > > > //www.freelists.org/archives/isalist/
                > > > >> >> ISA Server Newsletter:
                > > > >>http://www.isaserver.org/pages/newsletter.asp
                > > > >> >> ISA Server Articles and Tutorials:
                > > > >> >> http://www.isaserver.org/articles_tutorials/
                > > > >> >> ISA Server Blogs: http://blogs.isaserver.org/
                > > > >> >>
                > > > ------------------------------------------------------
                > > > >> >> Visit TechGenix.com for more information about our
                > > > other sites:
                > > > >> >> http://www.techgenix.com
                > > > >> >>
                > > > ------------------------------------------------------
                > > > >> >> To unsubscribe visit
                > > > http://www.isaserver.org/pages/isalist.asp
                > > > >> >> Report abuse to listadmin@xxxxxxxxxxxxx
                > > > >> >>
                > > > >> >>
                > > > >> >
                > > > >> >
                > > > >> > -- >
                > > > >> > G. Waleed Kavalec
                > > > >> > -------------------------
                > > > >> > Why are we all in this handbasket
                > > > >> > and where is it going so fast?
                > > > >> >
                > > > >> > http://www.kavalec.com/thisisislam.swf
                > > > >> >
                > > > ------------------------------------------------------
                > > > >> > List Archives:
                > > > //www.freelists.org/archives/isalist/
                > > > >>ISA Server
                > > > >> > Newsletter:
                > > > http://www.isaserver.org/pages/newsletter.asp
                > > > >>ISA Server
                > > > >> > Articles and Tutorials:
                > > > >>http://www.isaserver.org/articles_tutorials/ ISA
                > > > >> > Server Blogs:
                > > > >> > http://blogs.isaserver.org/
                > > > >>------------------------------------------------------
                > > > >> > Visit TechGenix.com for more information about our
                > > > other sites:
                > > > >> > http://www.techgenix.com
                > > > >>------------------------------------------------------
                > > > >> > To unsubscribe visit
                > > > >>http://www.isaserver.org/pages/isalist.asp Report
                > > > >> > abuse to listadmin@xxxxxxxxxxxxx
                > > > >>
                > > > >>------------------------------------------------------
                > > > >>List Archives:
                > > > //www.freelists.org/archives/isalist/
                > > > >>ISA Server Newsletter:
                > > > >>http://www.isaserver.org/pages/newsletter.asp
                > > > >>ISA Server Articles and Tutorials:
                > > > >>http://www.isaserver.org/articles_tutorials/
                > > > >>ISA Server Blogs: http://blogs.isaserver.org/
                > > > >>------------------------------------------------------
                > > > >>Visit TechGenix.com for more information about our
                > > > other sites:
                > > > >>http://www.techgenix.com
                > > > >>------------------------------------------------------
                > > > >>To unsubscribe visit
                > > > http://www.isaserver.org/pages/isalist.asp
                > > > >>Report abuse to listadmin@xxxxxxxxxxxxx
                > > > >>
                > > > >>
                > > > >>
                > > > >------------------------------------------------------
                > > > >List Archives:
                > > > //www.freelists.org/archives/isalist/
                > > > >ISA Server Newsletter:
                > > > http://www.isaserver.org/pages/newsletter.asp
                > > > >ISA Server Articles and Tutorials:
                > > > >http://www.isaserver.org/articles_tutorials/
                > > > >ISA Server Blogs: http://blogs.isaserver.org/
                > > > >------------------------------------------------------
                > > > >Visit TechGenix.com for more information about our
                > > > other sites:
                > > > >http://www.techgenix.com
                > > > >------------------------------------------------------
                > > > >To unsubscribe visit
                > > > http://www.isaserver.org/pages/isalist.asp
                > > > >Report abuse to listadmin@xxxxxxxxxxxxx
                > > > >
                > > > >------------------------------------------------------
                > > > >List Archives:
                > > > //www.freelists.org/archives/isalist/ ISA
                > > > >Server Newsletter:
                > > > http://www.isaserver.org/pages/newsletter.asp ISA
                > > > >Server Articles and Tutorials:
                > > > >http://www.isaserver.org/articles_tutorials/ ISA Server
                > > > Blogs:
                > > > >http://blogs.isaserver.org/
                > > > >------------------------------------------------------
                > > > >Visit TechGenix.com for more information about our
                > > > other sites:
                > > > >http://www.techgenix.com
                > > > >------------------------------------------------------
                > > > >To unsubscribe visit
                > > > http://www.isaserver.org/pages/isalist.asp
                > > > >Report abuse to listadmin@xxxxxxxxxxxxx
                > > > >
                > > >
                > > > ------------------------------------------------------ 
List
                > > > Archives: //www.freelists.org/archives/isalist/ ISA 
Server
                > > > Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server
                > > > Articles and Tutorials:
                > > > http://www.isaserver.org/articles_tutorials/ ISA
                > > > Server Blogs: http://blogs.isaserver.org/
                > > > ------------------------------------------------------ 
Visit
                > > > TechGenix.com for more information about our other sites:
                > > > http://www.techgenix.com
                > > > ------------------------------------------------------ To 
unsubscribe
                > > > visit http://www.isaserver.org/pages/isalist.asp Report 
abuse to
                > > > listadmin@xxxxxxxxxxxxx
                > > >
                > > >
                > > > All mail to and from this domain is GFI-scanned.
                > > >
                > > > ------------------------------------------------------
                > > > List Archives: //www.freelists.org/archives/isalist/
                > > > ISA Server Newsletter: 
http://www.isaserver.org/pages/newsletter.asp
                > > > ISA Server Articles and Tutorials:
                > > > http://www.isaserver.org/articles_tutorials/
                > > > ISA Server Blogs: http://blogs.isaserver.org/
                > > > ------------------------------------------------------
                > > > Visit TechGenix.com for more information about our other 
sites:
                > > > http://www.techgenix.com
                > > > ------------------------------------------------------
                > > > To unsubscribe visit 
http://www.isaserver.org/pages/isalist.asp
                > > > Report abuse to listadmin@xxxxxxxxxxxxx
                > > >
                > > > ------------------------------------------------------
                > > > List Archives: //www.freelists.org/archives/isalist/
                > > > ISA Server Newsletter: 
http://www.isaserver.org/pages/newsletter.asp
                > > > ISA Server Articles and Tutorials:
                > > > http://www.isaserver.org/articles_tutorials/
                > > > ISA Server Blogs: http://blogs.isaserver.org/
                > > > ------------------------------------------------------
                > > > Visit TechGenix.com for more information about our other 
sites:
                > > > http://www.techgenix.com
                > > > ------------------------------------------------------
                > > > To unsubscribe visit 
http://www.isaserver.org/pages/isalist.asp
                > > > Report abuse to listadmin@xxxxxxxxxxxxx
                > > >
                > > >
                > > >
                > >------------------------------------------------------
                > >List Archives: //www.freelists.org/archives/isalist/
                > >ISA Server Newsletter: 
http://www.isaserver.org/pages/newsletter.asp
                > >ISA Server Articles and Tutorials:
                > >http://www.isaserver.org/articles_tutorials/
                > >ISA Server Blogs: http://blogs.isaserver.org/
                > >------------------------------------------------------
                > >Visit TechGenix.com for more information about our other 
sites:
                > >http://www.techgenix.com
                > >------------------------------------------------------
                > >To unsubscribe visit 
http://www.isaserver.org/pages/isalist.asp
                > >Report abuse to listadmin@xxxxxxxxxxxxx
                > >
                > >------------------------------------------------------
                > >List Archives: //www.freelists.org/archives/isalist/
                > >ISA Server Newsletter: 
http://www.isaserver.org/pages/newsletter.asp
                > >ISA Server Articles and Tutorials: 
http://www.isaserver.org/articles_tutorials/
                > >ISA Server Blogs: http://blogs.isaserver.org/
                > >------------------------------------------------------
                > >Visit TechGenix.com for more information about our other 
sites:
                > >http://www.techgenix.com
                > >------------------------------------------------------
                > >To unsubscribe visit 
http://www.isaserver.org/pages/isalist.asp
                > >Report abuse to listadmin@xxxxxxxxxxxxx
                > >
                >
                >
                >------------------------------------------------------ List 
Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: 
http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and 
Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: 
http://blogs.isaserver.org/ 
------------------------------------------------------ Visit TechGenix.com for 
more information about our other sites: http://www.techgenix.com 
------------------------------------------------------ To unsubscribe visit 
http://www.isaserver.org/pages/isalist.asp Report abuse to 
listadmin@xxxxxxxxxxxxx
                >
                >All mail to and from this domain is GFI-scanned.
                >

                ><< winmail.dat >> 

        engage Mutual Assurance is a trading name of Homeowners Friendly 
Society Limited (HFSL), Registered and Incorporated under the Friendly 
Societies Act 1992, Reg. No. 964F, and its wholly owned subsidiary engage 
Mutual Funds Limited (eMFL), Reg. No. 3224780, HFSL and eMFL are both 
authorised and regulated by the Financial Services Authority (FSA). HFSL's FSA 
Register no. is 110072, eMFL's FSA Register no. is 181487. You can check this 
on the FSA's Register by visiting the FSA's website 
http://www.fsa.gov.uk/register or by contacting the FSA on 0845 606 1234
        
        engage Mutual Investment Funds ICVC is an investment company with 
variable capital. Registered in England No. IC00044.
        
        engage Mutual Administration Limited Reg. No. 4301736, engage Mutual 
Services Limited Reg. No. 3088162 and Homeowners Membership Services Limited 
Reg. No. 3091667 are non-regulated limited companies.
        
        United Kingdom Civil Service Benefit Society (UKCSBS) and United 
Kingdom Armed Forces Benefit Society (UKAFBS) are trading styles of Homeowners 
Friendly Society Limited
        
        All registered at Hornbeam Park Avenue, Harrogate. HG2 8XE. Tel: 01423 
855000 Web: http://www.engagemutual.com <http://www.engagemutual.com/>  This 
e-mail is intended only for the person named as recipient. The contents are 
confidential. If you are not the intended recipient of this e-mail, please 
notify us as soon as possible and delete it. If you are not the intended 
recipient of the e-mail, any use by you is prohibited. 
------------------------------------------------------ List Archives: 
//www.freelists.org/archives/isalist/ ISA Server Newsletter: 
http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and 
Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: 
http://blogs.isaserver.org/ 
------------------------------------------------------ Visit TechGenix.com for 
more information about our other sites: http://www.techgenix.com 
------------------------------------------------------ To unsubscribe visit 
http://www.isaserver.org/pages/isalist.asp Report abuse to 
listadmin@xxxxxxxxxxxxx 
        

------------------------------------------------------ List Archives: 
//www.freelists.org/archives/isalist/ ISA Server Newsletter: 
http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and 
Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: 
http://blogs.isaserver.org/ 
------------------------------------------------------ Visit TechGenix.com for 
more information about our other sites: http://www.techgenix.com 
------------------------------------------------------ To unsubscribe visit 
http://www.isaserver.org/pages/isalist.asp Report abuse to 
listadmin@xxxxxxxxxxxxx 

All mail to and from this domain is GFI-scanned.

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts: