http://www.ISAserver.org -------------------------------------------------------
It's really a wise point :)
From: "Troy Radtke" <TRadtke@xxxxxxxxxxxx>
Reply-To: isalist@xxxxxxxxxxxxx
To: <isalist@xxxxxxxxxxxxx>
Subject: [isalist] Re: Nothing is secure like PIX
Date: Mon, 26 Jun 2006 10:41:49 -0500
>http://www.ISAserver.org
>-------------------------------------------------------
>
>Layered security has the trade off of complexity to (being correctly
>configured) increased security in most cases. It requires more
>planning, testing and diligence. Those three things alone can make a
>less than perfect solution much better than it is. A PIX has it's
>place, a ISA box has it's place, and even a little D-Link router has its
>place.
>
>When all you have is a hammer, everything looks like a nail. When you
>get a pneumatic hammer, everything is still a nail; it's just more fun
>to use.....
>
>
>
>________________________________
>
>From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
>On Behalf Of Egyptian Mind
>Sent: Monday, June 26, 2006 10:28 AM
>To: isalist@xxxxxxxxxxxxx
>Subject: [isalist] Re: Nothing is secure like PIX
>
>
>http://www.ISAserver.org
>-------------------------------------------------------
>
>Thanks for your suggestion , Steve
>
>It's realy appreciated, but would you take a look to this results after
>rearranging them by last modified,
>
>http://search.securityfocus.com/swsearch?query=ISA+vulnerability&sbm=%2F
>&submit=Search%21&metaname=alldoc&sort=swishlastmodified
>
>and, this special link, is written by researcher called Steve too :)
>
>http://www.securityfocus.com/archive/1/433075
>
>
>and if we search more, we will find more; about both, ISA or PIX or even
>watchgurad,
>
>as there is no full protected firewall; hardware or software, but we are
>just doing our best to protect our network from vulnerability by
>increasing the numbers of cascading gates, with different classes,
>
>but you know what ; I made something to my network....
>
>My external router has no real IP...
>
>it's just a local loop to the ISP , so that , I put the ISP security
>door as the front one,
>
>Increasing cascading different gates ,
>
>What do you think about it?
>
>
>
> Best Regards
> Mohamed Saleh
>
> Senior Network Administrator
> College of Business Administration, CBA
> Jeddah, Saudi Arabia
> Tel: +966-02-6563199 ext 2521
> Cell: - +966-50-2953591
>
>
>!~` Yesterday is a History` ~!
>!~` Tomorrow is a Mystery` ~!
>!~` Today is a Gift` ~!
>!~` So we call it ...............` ~!
>!~` Present .......Simple` ~!
>
>
>
> ________________________________
>
> From: "Steve Lunn" <Steve.Lunn@xxxxxxxxxxxxxxxx>
> Reply-To: isalist@xxxxxxxxxxxxx
> To: <isalist@xxxxxxxxxxxxx>
> Subject: [isalist] Re: Nothing is secure like PIX
> Date: Mon, 26 Jun 2006 14:42:28 +0100
>
>
>
> Can I suggest that you actually read that list of
>vulnerabilities that you just posted as they all relate to ISA 2000 and
>not ISA 2004.
>
>
>
> Regards,
>
> Steve
>
> Steve Lunn
> Technical Support Analyst - Microsoft MCP
>
>
>
> engage Mutual Assurance
> DDI: 01423 855101 Fax: 01423 855181
>
> ________________________________
>
> From: isalist-bounce@xxxxxxxxxxxxx
>[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Egyptian Mind
> Sent: 26 June 2006 13:40
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Nothing is secure like PIX
>
>
>
>
> All right, Jim
>
> I didn't expect this bad atitude from someone supposed to be
>well educated and has a good technical knowledge as you have shown your
>self,
>
> and by the way, no body is perfect , I f you see that you know
>everything, it's a bug mistake..
>
> Knowing how the OS operating, and dealing with packets, throw
>RAM and processor,.. etc. will be easy if you r spend your life in this
>field, and your education is corosponding this issue.. ( Computing,
>processing and telecommunications), won't be ??
>
> And every one know that PIX is layer 4 device not like ISA Layer
>7,
>
> so Greg,,,,, what I was saying is that PIX is more secure than
>ISA till layer 4 processing..
>
> In addition, I said in my first mail that I'm using the two
>boxes ( PIX and ISA ) for dublication the security, and using ISA
>specially for controling application per user ( as also I said b4)
>
> and two doors are very good defender than one door only
>ofcourse,
>
> ***
>
> about the site u send Jim, I think you should select a site that
>revile PIX and give the glory to ISA , as I found the following link in
>this site too, saying 47 result about vulnerability in ISA
>
>
>http://search.securityfocus.com/swsearch?sbm=%2F&metaname=alldoc&query=I
>SA+vulnerability
><http://search.securityfocus.com/swsearch?sbm=/&metaname=alldoc&query=IS
>A+vulnerability>
>
>
>
> Finaly, I will close this issue from my side as I'm feel very
>sorry to this bad attitude reaction as the concept of this list is to
>discuss everyone issue and thoughts with eachother...., isn't it??
>
>
>
> Best Regards
>
> Mohamed Saleh
>
>
> Senior Network Administrator
> College of Business Administration, CBA
> Jeddah, Saudi Arabia
> Tel: +966-02-6563199 ext 2521
> Cell: - +966-50-2953591
>
>
>
>
> !~` Yesterday is a History` ~!
>
> !~` Tomorrow is a Mystery` ~!
>
> !~` Today is a Gift` ~!
>
> !~` So we call it ...............` ~!
>
> !~` Present .......Simple` ~!
>
>
>
>
>
> ________________________________
>
> From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
> Reply-To: isalist@xxxxxxxxxxxxx
> To: <isalist@xxxxxxxxxxxxx>
> Subject: [isalist] Re: Nothing is secure like PIX
> Date: Sun, 25 Jun 2006 09:35:29 -0700
> >In response:
> >#1 - "PIX is more secure than ISA because it's a
>'hardware' firewall". This is pure, unadulterated BS, propagated by the
>same 1d10t's that ignore the *FACT* that PIX is nothing more than a
>custom OS (xNIX, usually). In fact, I've only heard of *one* "hardware"
>firewall; that it is strictly a L3-only box (much like your PIX)
> >
> >#2 - Speed & security are orthogonal. Security is
>demonstrated by resilience in teh face of unwanted traffic; speed is
>merely doing it faster.
> >
> >#3 - You need to read up on how any OS (specifically
>Windows) network functionality works. If you *ever* find packets being
>stored to disk before being processed, throw that device out the door
> >
> >#4 - I posted this for Tony Su; maybe you'll get more
>use ot of it:
>http://technet2.microsoft.com/WindowsServer/en/Library/823ca085-8b46-487
>0-a83e-8032637a87c81033.mspx After you've read up a bit, come back and
>rescind this argument
> >
> >#5 - this means nothing of the sort; if you can
>demonstrate this assertion with fact, then by all means do so. You
>should also go read up on how processes communicate in Windows.
> >
> >#6 - Let's see; if I stop the PIX firewall services,
>the machine is also open to attack <duh>.
> >
> >#7 - no machine of any sort has "unlimited"
>capabilities. If you really believe that this is possible, you must not
>occupy the same physical world as the rest of us.
> >
> >#8 - Based on this argument, ISA is also a "hardware"
>firewall as *all* traffic inspection (not just L3 as in PIX) is
>performed in RAM. Not one single packet ever leaves the motherboard
>except to enter or leave the network itself.
> >
> >#9 - The "adaptive security mechanism" is L3-only. ISA
>policy engine and packet filter driver operate all the way to L7. Thus,
>when the PIX is allowing RPC traffic to teh internal host "because it
>asked for it", ISA is blocking it as invalid traffic. Case in point;
>Blaster passed through every PIX on the planet; ISA blocked it in every
>single case.
> >
> >#10 - is unclear at best. What's your point other than
>to show how you can spew brand names?
> >
> >#11 - I noticed that you can research ISA issues, but
>you seem unable to find PIX vulns? I wonder how that can be? Go out to
>www.securityfocus.com and search under "Cisco" for "PIX Firewall". I
>see:
> >Multiple Cisco Products WebSense Content Filtering
>Bypass Vulnerability <http://www.securityfocus.com/bid/17883>
> >2006-05-09
> >http://www.securityfocus.com/bid/17883
> >
> >OpenSSL Denial of Service Vulnerabilities
><http://www.securityfocus.com/bid/9899>
> >2006-05-05
> >http://www.securityfocus.com/bid/9899
> >
> >Multiple Vendor TCP/IP Implementation ICMP Remote
>Denial Of Service Vulnerabilities
><http://www.securityfocus.com/bid/13124>
> >2006-03-22
> >http://www.securityfocus.com/bid/13124
> >
> >Cisco PIX TCP SYN Packet Denial Of Service
>Vulnerability <http://www.securityfocus.com/bid/15525>
> >2006-03-10
> >http://www.securityfocus.com/bid/15525
> >
> >Cisco Downloadable RADIUS Policies Information
>Disclosure Vulnerability <http://www.securityfocus.com/bid/16025>
> >2005-12-21
> >http://www.securityfocus.com/bid/16025
> >
> >Cisco IPSec Unspecified IKE Traffic Denial Of Service
>Vulnerabilities <http://www.securityfocus.com/bid/15401>
> >2005-11-14
> >http://www.securityfocus.com/bid/15401
> >
> >Multiple Vendor TCP Sequence Number Approximation
>Vulnerability <http://www.securityfocus.com/bid/10183>
> >2004-04-20
> >http://www.securityfocus.com/bid/10183
> >
> >Multiple Cisco PIX Remote Denial Of Service
>Vulnerabilities <http://www.securityfocus.com/bid/9221>
> >2003-12-15
> >http://www.securityfocus.com/bid/9221
> >
> >OpenSSL ASN.1 Large Recursion Remote Denial Of Service
>Vulnerability <http://www.securityfocus.com/bid/8970>
> >2003-11-04
> >http://www.securityfocus.com/bid/8970
> >
> >Cisco PIX ICMP Echo Request Network Address Translation
>Pool Exhaustion Vulnerability <http://www.securityfocus.com/bid/8754>
> >2003-10-03
> >http://www.securityfocus.com/bid/8754
> >
> >Multiple Vendor Session Initiation Protocol
>Vulnerabilities <http://www.securityfocus.com/bid/6904>
> >2003-02-21
> >http://www.securityfocus.com/bid/6904
> >
> >Multiple Vendor SSH2 Implementation Buffer Overflow
>Vulnerabilities <http://www.securityfocus.com/bid/6407>
> >2002-12-16
> >http://www.securityfocus.com/bid/6407
> >
> >Cisco PIX VPN Session Hijacking Vulnerability
><http://www.securityfocus.com/bid/6211>
> >2002-11-20
> >http://www.securityfocus.com/bid/6211
> >
> >Cisco PIX TACACS+/RADIUS HTTP Proxy Buffer Overrun
>Vulnerability <http://www.securityfocus.com/bid/6212>
> >2002-11-20
> >http://www.securityfocus.com/bid/6212
> >
> >Cisco PIX Firewall Telnet/SSH Subnet Handling Denial Of
>Service Vulnerability <http://www.securityfocus.com/bid/6110>
> >2002-11-05
> >http://www.securityfocus.com/bid/6110
> >
> >Cisco SSH Denial of Service Vulnerability
><http://www.securityfocus.com/bid/5114>
> >2002-06-27
> >http://www.securityfocus.com/bid/5114
> >
> >Cisco Malformed SNMP Message Denial of Service
>Vulnerabilities <http://www.securityfocus.com/bid/4132>
> >2002-02-12
> >http://www.securityfocus.com/bid/4132
> >
> >Cisco PIX Firewall SMTP Content Filtering Evasion
>Vulnerability Re-Introduction <http://www.securityfocus.com/bid/3365>
> >2001-09-26
> >http://www.securityfocus.com/bid/3365
> >
> >Cisco PIX TACACS+ Denial of Service Vulnerability
><http://www.securityfocus.com/bid/2551>
> >2001-04-06
> >http://www.securityfocus.com/bid/2551
> >
> >SSH CRC-32 Compensation Attack Detector Vulnerability
><http://www.securityfocus.com/bid/2347>
> >2001-02-08
> >http://www.securityfocus.com/bid/2347
> >
> >PKCS #1 Version 1.5 Session Key Retrieval Vulnerability
><http://www.securityfocus.com/bid/2344>
> >2001-02-06
> >http://www.securityfocus.com/bid/2344
> >
> >Cisco PIX PASV Mode FTP Internal Address Disclosure
>Vulnerability <http://www.securityfocus.com/bid/1877>
> >2000-10-03
> >http://www.securityfocus.com/bid/1877
> >
> >Cisco PIX Firewall SMTP Content Filtering Evasion
>Vulnerability <http://www.securityfocus.com/bid/1698>
> >2000-09-19
> >http://www.securityfocus.com/bid/1698
> >
> >Cisco Secure PIX Firewall Forged TCP RST Vulnerability
><http://www.securityfocus.com/bid/1454>
> >2000-07-10
> >http://www.securityfocus.com/bid/1454
> >
> >Multiple Firewall Vendor FTP "ALG" Client Vulnerability
><http://www.securityfocus.com/bid/1045>
> >2000-03-10
> >http://www.securityfocus.com/bid/1045
> >
> >Multiple Firewall Vendor FTP Server Vulnerability
><http://www.securityfocus.com/bid/979>
> >2000-02-09
> >http://www.securityfocus.com/bid/979
> >
> >Cisco PIX Firewall Manager File Exposure
><http://www.securityfocus.com/bid/691>
> >1998-08-31
> >http://www.securityfocus.com/bid/691
> >
> >Cisco PIX and CBAC Fragmentation Attack
><http://www.securityfocus.com/bid/690>
> >1998-08-18
> >http://www.securityfocus.com/bid/690
> >
> >Well, waddayano; seems like PIX takes this particular
>prize.
> >
> >#12 - this is nothing more than another indication of
>your vast Windows / ISA ignorance
> >
> >Please go educate yourself before making such claims,
>or at least ask Tony Su for advice.
> >
> >________________________________
> >
> >From: isalist-bounce@xxxxxxxxxxxxx on behalf of
>Egyptian Mind
> >Sent: Sun 6/25/2006 2:32 AM
> >To: isalist@xxxxxxxxxxxxx
> >Subject: [isalist] Re: Nothing is secure like PIX
> >
> >
> >http://www.ISAserver.org
>-------------------------------------------------------
> >
> >Dears,
> >
> >
> >
> >I'm sorry for not continuing mailing about this issue,
>but I was quit busy in upgrading in our network infrastructure, but I
>should tell you that I was really surprised by the 160 mails they were
>in my inbox about this issue..
> >
> >It means that this matter has gained a lot of
>attentions to most of members here in ISA List... I've really get amused
>by these mails which come from different members with different cultures
>and experiences about using hardware or software as a firewall boundary,
>although that some of you have taking this issue as some kind of joke,
>or to get amused by mocking ... :-):-):-)
> >
> >Anyway, I've really get amused by your mail, TOM, It
>was really funny and your way of talking and mocking the Idea is very
>interesting... Honestly, I laughed for 15 minutes ; none-stop when I was
>reading your blog :-):-):-):-):-) (( It does not mean ridiculing of you,
>but it means that your way of present your Idea is really interesting
>:-) :-):-)
> >
> >But let's start examine this issue in neutrality way...
>"and let me borrow your link for ' ISA Server 2006 Firewall Core' which
>u have send as you ask" :-)
> >
> >
> >
> >First: I didn't say that PIX is the most secure
>firewall in the world, and ' Supernova; The greatest hacker' can grantee
>this, I just said that PIX is more secure than ISA server, which is our
>issue here...( I mean that PIX as a Hardware firewall, is more secure
>than ISA as a software firewall)
> >
> >Second: you say that " Faster is not the better" and
>you repeated it in a very interesting way, but I think you should look
>at " ISA Server Firewall Core " in this paragraph:::::
> >
> >"""" Firewall Engine ( Firewall Packet Engine)
> >
> >Handling these operations in Kernal Mode, improves both
>performance and security. """""
> >
> >This means that Microsoft tends to increase the
>performance of firewall service and security service in ISA to make it
>faster as possible :-).
> >
> >Third: ISA 2006 firewall core depends on Network Driver
>Interface Specification ( NDIS) and Microsoft Networking Stack, that
>means that packet should pass the network interface, the processor, RAM,
>harddisk, till it reach the network driver in windows ( Kernal Layer)
>which located over the hardware layer and assembly layer, in the other
>hand, the packet is analyzed, interpreted and processed in hardware
>layer in any hardware firewall.
> >
> >Fourth: The TCP/IP Stack in firewall core in Kernal
>mode is controlled by windows , which refers to the previous point of
>even the firewall engine is analyzing the packet in layer 3 and 4 before
>beginning processing, it will of course reach layer 5 of windows which
>send it to the firewall engine in kernel mode.... (( Does it make
>sense??? )) or it's better to analyze the packet as soon as it reaches
>the network interface card, Isn't it??
> >
> >Fifth: In the purposed document
> >
> >" Policy Engine
> >
> >The policy engine communicates with all components of
>the ISA server firewall core, both with the Kernal-mode firewall engine
>and the user-mode firewall service, in addition the Policy Engine
>communicates with both layers of application and web filters""
> >
> >This means that there are a lot of channels opened
>between Firewall core and other applications running in ISA, which means
>" open ports", even this ports are opened in Kernal-mode, but it's still
>opened port :-)
> >
> >Sixth: These are some comments gathering from viewing
>just the first three papers of Microsoft Document, and I will not
>telling the comments getting from the rest of this document, or the mail
>will be too long :-) to read, but just I'd like to present this comment
>written in the document as my last word about this document;
> >
> >" Note The firewall engine driver is the root of the
>firewall dependency tree. Stopping the firewall engine driver ( by using
>net stop fweng /y at the command prompt) also stops the other Firewall
>components, which opens the computer to all network traffic """
> >
> >Open to all network traffic !!!!!!!!!!!!!!!!!!!!!, it
>means fully penetrated... how could it be that one command can penetrate
>my network to all attacks?????? ... it does not make sense at all, Does
>it??
> >
> >Seventh: you compares the ISA server 2006 ( which is
>last release) with PIX firewall, which is in market over than 20 years,
>and you didn't specify which version,, Microsoft has ISA 2000, 2004,
>2006... But CISCO has 501,501E,506E,515,525, and the greatest PIX 535,
>which has unlimited number of users ad unlimited numbers of concurrent
>VPN Connections ....
> >
> >Eighth : The OS of PIX is too small which can be loaded
>in RAM and some portion of processor, It doesn't mean just that it will
>be faster and faster than any software firewall, but I mean that the
>packet inspector process will be done at the hardware level, and in fact
>it happens in the assembly level... More than that, every interface in
>PIX has it's own firewall policy, firewall engine, access control,,,
>although you manage all interfaces by one screen, but in fact this
>screen is collecting policies and access controls and firewall services
>for all interfaces,,, as the OS of PIX divide itself to make each
>interface has it's own control, so no need to contact with the core OS
>or the kernel for any operations....
> >
> >Ninth: The adaptive security algorithm, included in
>PIX, will never allow an incoming traffic to go inside, except if there
>is a request for this traffic from inside, and it should match a random
>signature it has been given to the requested traffic, or if u make a
>policy on the outside interface to allow this traffic to come in, and is
>called ADAPTIVE , it means that it will strengthen it self upon the
>signature of the attack or the requested traffic and how it will be
>filtered to insure that this " man in the middle" will not gain access
>though the incoming traffic.
> >
> >Tenth: I was talking here about PIX 535 which support
>all clustering features, as well as redundancy, as the corresponding
>issue is between ISA and PIX, as a hardware and software firewall, but
>If we go to market, we will find Watch Guard, Cyber Guard, Alphafilter,
>CyberCom, D-Link,.....etc as well as we will see Symantec , Mcafee,
>....etc,,, and for linux there are a lot of firewall software like
>Netfilter
> >
> >Eleventh: you talked about ISA 2006, and you give me a
>document coming from Microsoft itself, so what will mama said about her
>child???????
> >
> >So if you want this, you can take a look of the
>following links ::
> >
> > PIX 535
> >
>
> >http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_she
>et09186a008007d05d.html
> >
>
> >http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_she
>et09186a00801daa53.html
> >
> >ASA 5500
> >
>
> >http://www.cisco.com/en/US/products/ps6120/products_data_sheet0900aecd8
>02930c5.html
> >
>
> >http://www.cisco.com/en/US/products/ps6120/products_data_sheet0900aecd8
>0404916.html
> >
> >Note that ASA 5500 has been developed in order to
>satisfy market need of application filtering and Active Directory
>Integrated..
> >
> >But if we go to neutralized sites, we will find that
>most of them are preferred PIX than ISA as a front door
> >
> >and I will not go far away,
> >
> >This link is in ISASERVER.org itself with your
>handwriting about ISA 2000, which shown some issue
> >
>
> >http://www.isaserver.org/articles/Microsoft_Confirms_DoS_Vulnerability_
>in_ISA_Server_2000.html
> >
> >right?
> >
> >And also :
> >
>
> >http://forums.isaserver.org/m_240057200/mpage_1/key_/tm.htm#240057210
> >
> >and please see this
> >
> >http://www.critical-error.com/Article724.phtml
> >
> >http://www.techspot.com/vb/archive/index/t-10247.html
> >
>
> >http://www.checkpoint.com/defense/advisories/public/2006/printer/cpai_p
>rint-03-Jun.html
> >
>
> >http://www.networksecurityarchive.org/html/NTBugtraq/2004-11/msg00009.h
>tml
> >
> >
> >
> > Which means that you should be standby for any
>articles and newsgroup to find out if there any discover Vulnerability,
>and not just using windows update"
> >
> >Twelfth: There is a fact that any GUI operating system
>should open ports to hardware to operate well, and this is refer to fact
>that the first 1024 ports in windows you can't change or reconfigure,
>and the other act that the most secure operating system till now is UNIX
>, as it is a command prompt operating system and have never been hacked
>except when it become LINUX, with a GUI.
> >
> >And even if it has been hacked, it records the least
>amount of hacking processes than windows ofcourse.
> >
> >Finally : No Doubt that Microsoft is the greatest
>marketing company in the world, as it depends on user need, and nothing
>is more important to user more than the fancy of GUI , Graphical User
>Interface,
> >
> >I think most of you agree with me that this concept ; I
>mean GUI, is the main reason for Bill Jates treasure which made up his
>riches, isn't it???
> >
> >Now, can you tell me
> >
> >- Why the great companies and the effective and
>sensitive corporations ( Like BMW, Aramco, Nokia ) prefer to put a
>hardware firewall instead of ISA server?? ( This is a fact, I see it
>myself )
> >
> >
> >
> >- Why most of multinational banks ( Like CIB, HSBC )
>put more than three cascading hardware firewalls as it's front door to
>internet??? ( This is a fact, I see it myself)
> >
> >
> >
> >- Why Microsoft itself didn't use any of it's products,
>in it's server farms, instead they using UNIX for mail server as an
>example??? ( you can check it your self by reading the arguments shown
>to you in the address bar of internet explorer when you open your
>hotmail inbox, and ask a good web programmer about it )
> >
> >
> >
> >- Why you don't recommend ISA server for DAN as the
>cheapest way for a firewall system, as he can install it on a high
>hardware qualified workstation, not should be a server, if you think
>that ISA server can manage?????
> >
> >
> >
> >
> > Best Regards
> > Mohamed Saleh
> >
> > Senior Network Administrator
> > College of Business Administration, CBA
> > Jeddah, Saudi Arabia
> > Tel: +966-02-6563199 ext 2521
> > Cell: - +966-50-2953591
> >
> >
> >!~` Yesterday is a History` ~!
> >!~` Tomorrow is a Mystery` ~!
> >!~` Today is a Gift` ~!
> >!~` So we call it ...............` ~!
> >!~` Present .......Simple` ~!
> >
> >
> >
> >
> >________________________________
> >
> > From: "D PIETRUSZKA USWRN INTERLINK INFRA"
><DPietruszka@xxxxxx>
> > Reply-To: isalist@xxxxxxxxxxxxx
> > To: <isalist@xxxxxxxxxxxxx>
> > Subject: [isalist] Re: Nothing is secure like PIX
> > Date: Thu, 22 Jun 2006 07:16:07 -0400
> > >http://www.ISAserver.org
> >
> >-------------------------------------------------------
> > >
> > >Probably you need to move your test to a more
>realistic and complex
> > >scenario.
> > >
> > >Regards
> > >Diego R. Pietruszka
> > >
> > >
> > >-----Original Message-----
> > >From: isalist-bounce@xxxxxxxxxxxxx
>[mailto:isalist-bounce@xxxxxxxxxxxxx]
> > >On Behalf Of Thomas W Shinder
> > >Sent: Wednesday, June 21, 2006 6:28 PM
> > >To: isalist@xxxxxxxxxxxxx
> > >Subject: [isalist] Re: Nothing is secure like PIX
> > >
> > >http://www.ISAserver.org
> >
> >-------------------------------------------------------
> > >
> > >In my tests, I found them to be the same.
> > >
> > >I have one box running ISA 2000 that hasn't been
>upgraded or service
> > >packed for over two years, and it's been running
>without stop for that
> > >period of time. This is on a white box install.
> > >
> > >There really isn't any difference in stability from
>my perspective. If
> > >you don't treat it like a workstation, don't install
>non-ISA firewall
> > >related services on it, it will run as long as any
>PIX. And the good
> > >thing is, it updates itself. Unlike the PIX, which
>does need to be
> > >updated like any other device, it doesn't do it
>itself and most
> > >"hardware" firewall admins just ignore it. Not very
>smart or secure, but
> > >I see that all the time in the field. After all, it's
>hardware, it must
> > >be secure [sic].
> > >
> > >NOT.
> > >
> > >Tom
> > >
> > >Thomas W Shinder, M.D.
> > >Site: www.isaserver.org
> > >Blog: http://blogs.isaserver.org/shinder/
> > >Book: http://tinyurl.com/3xqb7
> > >MVP -- ISA Firewalls
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: isalist-bounce@xxxxxxxxxxxxx
> > > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of
>D
> > > > PIETRUSZKA USWRN INTERLINK INFRA
> > > > Sent: Wednesday, June 21, 2006 2:02 PM
> > > > To: isalist@xxxxxxxxxxxxx
> > > > Subject: [isalist] Re: Nothing is secure like PIX
> > > >
> > > > http://www.ISAserver.org
> > > >
>-------------------------------------------------------
> > > >
> > > > Do you know the difference between stability (what
>I mentioned on my
> > > > email) and vulnerability?
> > > >
> > > > Regards
> > > > Diego R. Pietruszka
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: isalist-bounce@xxxxxxxxxxxxx
> > > > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > > > On Behalf Of Jim Harrison
> > > > Sent: Wednesday, June 21, 2006 1:51 PM
> > > > To: isalist@xxxxxxxxxxxxx
> > > > Subject: [isalist] Re: Nothing is secure like PIX
> > > >
> > > > http://www.ISAserver.org
> > > >
>-------------------------------------------------------
> > > >
> > > > This is a completely specious argument, with
>absolutely no basis in
> > > > historical fact.
> > > > When you can demonstrate that a
>properly-configured ISA server has
> > > > *EVER* been compromised due to a Windows
>vulnerability, this
> > > > claim *may*
> > > > warrant consideration.
> > > >
> > > > Until then, it's nothing more or less than simple
>punditious
> > > > regurgitation.
> > > >
> > > >
>-------------------------------------------------------
> > > > Jim Harrison
> > > > MCP(NT4, W2K), A+, Network+, PCG
> > > > http://isaserver.org/Jim_Harrison/
> > > > http://isatools.org
> > > > Read the help / books / articles!
> > > >
>-------------------------------------------------------
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: isalist-bounce@xxxxxxxxxxxxx
> > > > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > > > On Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA
> > > > Sent: Wednesday, June 21, 2006 08:53
> > > > To: isalist@xxxxxxxxxxxxx
> > > > Subject: [isalist] Re: Nothing is secure like PIX
> > > >
> > > > I completely agree that ISA is far more secure
>than PIX, the
> > > > only part I
> > > > would concede to PIX (and that is why is still on
>the market) is the
> > > > stability and that is because don't run on windows
>as ISA do.
> > > >
> > > >
> > > >
> > > > Regards
> > > >
> > > > Diego R. Pietruszka
> > > >
> > > >
> > > >
> > > > ________________________________
> > > >
> > > > From: isalist-bounce@xxxxxxxxxxxxx
> > > > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > > > On Behalf Of Thomas W Shinder
> > > > Sent: Wednesday, June 21, 2006 11:05 AM
> > > > To: isalist@xxxxxxxxxxxxx
> > > > Cc: isapros-repost@xxxxxxxxxxxxx
> > > > Subject: [isalist] Re: Nothing is secure like PIX
> > > >
> > > >
> > > >
> > > > Hi EM,
> > > >
> > > >
> > > >
> > > > You are right. PIX is not very secure. It's a
>router with
> > > > some advanced
> > > > ACLs and does neat routing tricks. But when it
>comes to
> > > > security, you're
> > > > very very wrong that it's more secure. Hardware
>doesn't fall from
> > > > heaven, and all "hardware" is controlled by
>software, and
> > > > Syphco's core
> > > > compentancy is not application protection -- it's
>routing and
> > > > switching.
> > > >
> > > >
> > > >
> > > >
> > > > I agree that there is no comparison between PIX
>and ISA -- only a fool
> > > > would be convinced that they get any real security
>from a PIX, becuase
> > > > they never took the time to learn about network
>security and what the
> > > > end game was. Check Point? That's another story.
>Like the ISA
> > > > firewall,
> > > > Check Point is a so-called "software firewall"
>(something to pothead
> > > > "hardware" firewall guys often forget). Check
>Point is better than ISA
> > > > and you pay a LOT for that. However, a PIX is a
>joke and I think the
> > > > more thoughtful firewall admins out there realize
>they've
> > > > been hyMOtized
> > > > by the Syphco sales reps.
> > > >
> > > >
> > > >
> > > > PIX is a puppy dog, a little terrier, a laptop or
>a pretty little
> > > > Persian kitty cat -- the ISA firewall is the
>brobdingnagian that
> > > > provides your real security. The PIX is an
>emotional blanket,
> > > > a network
> > > > Prozac, an expensive and illusory work for
>security fiction.
> > > > The PIX is
> > > > the emperor with no clothes and is front of my
>hacked Web sites and
> > > > networks than any other firewall.
> > > >
> > > >
> > > >
> > > > You mention that the PIX software is "advanced" --
>I'll give you the
> > > > opposite perspective and proffer that it's a
>trisomy 13 baby
> > > > compared to
> > > > the robust and healthy child that is the ISA
>firewall. No one has ever
> > > > broken into an ISA firewall and I consider the ISA
>firewall
> > > > mandatory. A
> > > > PIX is nothing more than a historical
>superstition, a carry over from
> > > > the dawn days of the Internet. I never never never
>never never never
> > > > NEVER recommend putting a PIX in front or behind
>or anywhere near the
> > > > ISA firewall (a Check Point? Sometimes that's
>useful for defense in
> > > > depth -- Check Point, unlike PIX, is a real
>network security
> > > > solution).
> > > >
> > > >
> > > >
> > > > The PIX with worthless and weak. Who is it? What
>is it? What does it
> > > > plan to do with it's life? (name that tune!) On
>the other
> > > > hand, the ISA
> > > > firewall is built by people who understand
>software, understand
> > > > security, and is much more than a stupid router
>with a
> > > > "firewall" decal
> > > > slapped on its bezel.
> > > >
> > > >
> > > >
> > > > The ISA firewall's VPN server is MUCH MORE SECURE
>than the simple PIX
> > > > VPN. I've always wondered about the IQ of folks
>who have thought
> > > > otherwise. It's probably not an intelligence
>issue, but just an
> > > > ignorance issue, since they probably don't
>understand the
> > > > weaknesses of
> > > > the PIX VPN solution or the strengths of the ISA
>firewall's VPN
> > > > solutions -- but that's par for the course for
>folks who've been
> > > > hypmotized by the Syphco sales reps, and have had
>the implanted
> > > > suggestions reinforced by the ABMer idiot echo
>chamber.
> > > >
> > > >
> > > >
> > > > Faster is not more secure.
> > > >
> > > > Repeat
> > > >
> > > > Faster is NOT more secure
> > > >
> > > > Repeat
> > > >
> > > > Faster is NOT more secure
> > > >
> > > > Repeat
> > > >
> > > > Faster is NOT NOT NOT more secure
> > > >
> > > >
> > > >
> > > > Hardware is NOT more secure
> > > >
> > > > Repeat
> > > >
> > > > Hardware is NOT more secure
> > > >
> > > > Repeat
> > > >
> > > > Hardware is NOT more secure
> > > >
> > > > Repeat
> > > >
> > > > Hardware is NOT more secure
> > > >
> > > > Repeat
> > > >
> > > > Hardware is NOT more secure
> > > >
> > > > Repeat
> > > >
> > > > Hardware is NOT more secure
> > > >
> > > > Repeat
> > > >
> > > > Hardware is NOT more secure
> > > >
> > > > Repeat
> > > >
> > > >
> > > >
> > > > Remember, PIX has many security vulnerabilies that
>you can
> > > > check out at
> > > > Secunia. Strangely enough, the ISA firewall has
>NONE. And
> > > > don't feed me
> > > > that tired old drivel about "but it runs on
>Windows". If you
> > > > can show me
> > > > how this is an issue after reading this
> > > >
>http://www.microsoft.com/isaserver/2006/prodinfo/Firewall_Corewp.mspx
> > > > (which you won't do if you depend on your Syphco
>sales rep for tech
> > > > info).
> > > >
> > > >
> > > >
> > > > Finally, be careful about throwing Syphco PIX FUD
>around here. I've
> > > > worked with the worthless PIX for a long time and
>studied it
> > > > in depth. I
> > > > know it's cr*p on a cracker and it survives
>because it's been
> > > > grandfathered into the business. We're all now
>suffering badly because
> > > > the "network guys" who are clueless lusers when it
>comes to understand
> > > > application security, have hijacked network
>security and companies get
> > > > hacked far more often than they should because
>these dolts are "port
> > > > openers" and "port closers". The current situation
>has the clowns
> > > > running the circus.
> > > >
> > > >
> > > >
> > > > In conclusion, there are several neuroleptic
>medications I
> > > > can recommend
> > > > to anyone who seriously believes the worthless PIX
>is more secure than
> > > > an ISA firewall.
> > > >
> > > >
> > > >
> > > > IMNHO,
> > > >
> > > > Tom
> > > >
> > > >
> > > >
> > > > P.S. You're welcome to borrow any of the creative
>phases I've included
> > > > in this email. I only ask that you give the props
>:)
> > > >
> > > > Thomas W Shinder, M.D.
> > > > Site: www.isaserver.org
><http://www.isaserver.org/>
> > > > Blog: http://blogs.isaserver.org/shinder/
> > > > Book: http://tinyurl.com/3xqb7
> > > > MVP -- ISA Firewalls
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > ________________________________
> > > >
> > > >
> > > > From: isalist-bounce@xxxxxxxxxxxxx
> > > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of
>Egyptian Mind
> > > > Sent: Wednesday, June 21, 2006 9:01 AM
> > > > To: isalist@xxxxxxxxxxxxx
> > > > Subject: [isalist] Nothing is secure like PIX
> > > >
> > > > http://www.ISAserver.org
> > > >
>-------------------------------------------------------
> > > >
> > > >
> > > >
> > > > Dears,
> > > >
> > > > No doubt that ISA 2000 or 2004 or even 2006, have
>increased the
> > > > possibility of controling user access,,, by
>allowing or denying the
> > > > browsing or a tiny issue like downloding gif and
>not
> > > > downloading jpg as
> > > > an example..
> > > >
> > > > This shows how much we can control user action,,,
> > > >
> > > > Moreover, features like firewall services,
>securing VPN
> > > > connection, Nating, Publishing web sites, etc....
>are very helpfull
> > > > features to make or Network Control is much
>easier...
> > > >
> > > > But Nothing is secure like PIX...
> > > >
> > > > I don't mean that PIX is more secure than ISA, or
>more capable
> > > > of handling requests... I'm talking about features
>and design and even
> > > > the hardware specification.... There is no
>comparison between ISA and
> > > > PIX
> > > >
> > > > I'm here, in my network ; using two failover PIX
>and two
> > > > clustering ISA servers as well.. every device has
>it's
> > > > responsiblities...
> > > >
> > > > ISA is responisble for handling he request from
>users and
> > > > filtering it depends on customized rules, and the
>great thing that ISA
> > > > server is a domain member, so I can customized the
>rules directly to
> > > > specific user ,,,
> > > >
> > > > PIX is my Huge Body Guard which stand infront of
>my Out Door, to
> > > > filter any request come in or out my door... YEs
>..( in or out ) not
> > > > just in .... and it is built on a very advanced
>built-in
> > > > program in the
> > > > hardware it self, it is the adaptive security
>algorithm,
> > > > which has alot
> > > > of tools to scan the coming packet,... like if we
>said , the
> > > > ultravoilet, infarraed, and eye scanner and
>everything...
> > > >
> > > > It's a very adaptive algorithm and it's very hard
>to
> > > > penetrate,,, note that this alogorithm is working
>on every packet goes
> > > > or come , also depend on your own cutomized rule
>you make on PIX,,,
> > > >
> > > > and instead that the windows how operates, the
>adaptive security
> > > > algorithm are running using the same processing
>speed of it's
> > > > processor,
> > > > as it is already loaded in the PIX processor and
>rams..
> > > >
> > > > How faster do you think it will be !!!!!!?????
> > > >
> > > > it also has a complete secure process for VPN
>connection and
> > > > PATING, NATING , ... etc
> > > >
> > > > But PIX is not function as layer 7 appliance, so
>we use ISA for
> > > > this purpose,,, to control the Application layer
>and presentation
> > > > layer... nothing more, nothing less,, and also
>because PIX is not
> > > > integrating with Active Directory..
> > > >
> > > > Finally, PIX is mandatory for security, and ISA is
>mandatory for
> > > > controling... but if we talked about the ability
>to be hacked
> > > > , I think
> > > > you will agree with me that hacking a program
>runing on
> > > > Windows platform
> > > > is much easier from penetrating program runing on
>security dedicated
> > > > appliance........ (( you can ask Bill Jates about
>it ))
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Best Regards
> > > >
> > > > Mohamed Saleh
> > > >
> > > >
> > > > Senior Network Administrator
> > > > College of Business Administration, CBA
> > > > Jeddah, Saudi Arabia
> > > > Tel: +966-02-6563199 ext 2521
> > > > Cell: - +966-50-2953591
> > > >
> > > >
> > > >
> > > >
> > > > !~` Yesterday is a History` ~!
> > > >
> > > > !~` Tomorrow is a Mystery` ~!
> > > >
> > > > !~` Today is a Gift` ~!
> > > >
> > > > !~` So we call it ...............` ~!
> > > >
> > > > !~` Present .......Simple` ~!
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > ________________________________
> > > >
> > > >
> > > > From: "Shane Mullins" <tsmullins@xxxxxxxxxxxxxx>
> > > > Reply-To: isalist@xxxxxxxxxxxxx
> > > > To: <isalist@xxxxxxxxxxxxx>
> > > > Subject: [isalist] Re: Hardware.... (cringe)
>...firewall
> > > > ?
> > > > Date: Tue, 20 Jun 2006 13:12:08 -0400
> > > > >http://www.ISAserver.org
> > > >
> >-------------------------------------------------------
> > > > > Good Deal,
> > > > >
> > > > > We have used ISA since Proxy 2.0. I really liked
>the
> > > > upgrade
> > > > >from 2.0 to ISA 2000. But, I really really like
>ISA
> > > > 2004. Some of
> > > > >the new features are great, esp in the VPN areas,
> > > > stateful packet
> > > > >inspection. Also, I like the way ISA integrates
>into
> > > > AD, this is
> > > > >huge if you are a Windows shop. Also, there are
>some
> > > > third party
> > > > >snap ins that are very helpful.
> > > > >
> > > > >Shane
> > > > >
> > > > >PS I also really enjoyed reading your ISA 2004
>book.
> > > > >
> > > > >
> > > > >
> > > > >----- Original Message ----- From: "Thomas W
>Shinder"
> > > > ><tshinder@xxxxxxxxxxx>
> > > > >To: <isalist@xxxxxxxxxxxxx>
> > > > >Sent: Tuesday, June 20, 2006 10:33 AM
> > > > >Subject: [isalist] Re: Hardware.... (cringe)
> > > > ...firewall ?
> > > > >
> > > > >
> > > > >http://www.ISAserver.org
> > > >
> >-------------------------------------------------------
> > > > >
> > > > >Hi Shane,
> > > > >
> > > > >No problems, that's how I took it! :)
> > > > >
> > > > >The PIX tax reminds of when in the middle ages
>you
> > > > could pay the
> > > > >church
> > > > >to absolve you of your sins. The situation here
>is that
> > > > they're
> > > > >paying
> > > > >Cisco for their sin of slothfullness. Slothful in
>that
> > > > they haven't
> > > > >spent the time and effort to understand real
>network
> > > > security and
> > > > >blindly pay a router and switch company big money
>to
> > > > protect
> > > > >comporate
> > > > >data (does anyone see the paradox in this?)
> > > > >
> > > > >Thanks!
> > > > >Tom
> > > > >
> > > > >Thomas W Shinder, M.D.
> > > > >Site: www.isaserver.org
> > > > >Blog: http://blogs.isaserver.org/shinder/
> > > > >Book: http://tinyurl.com/3xqb7
> > > > >MVP -- ISA Firewalls
> > > > >
> > > > >
> > > > >
> > > > >>-----Original Message-----
> > > > >>From: isalist-bounce@xxxxxxxxxxxxx
> > > > >>[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf
>Of
> > > > Shane Mullins
> > > > >>Sent: Tuesday, June 20, 2006 7:56 AM
> > > > >>To: isalist@xxxxxxxxxxxxx
> > > > >>Subject: [isalist] Re: Hardware.... (cringe)
> > > > ...firewall ?
> > > > >>
> > > > >>http://www.ISAserver.org
> > > >
> > > >
> >>-------------------------------------------------------
> > > > >>
> > > > >>Hey Thomas,
> > > > >>
> > > > >> I meant that to be a plug for ISA 2004. I think
>ISA
> > > > 2004
> > > > >>is great. We
> > > > >>have two ISA 2004 boxes that firewall and
>provide
> > > > internet
> > > > >>access for 3,500
> > > > >>machines. ISA 2004 has been rock solid for us.
>ISA
> > > > 2004
> > > > >>provides advanced
> > > > >>logging and caching functions that a "hardware"
> > > > firewall
> > > > >>cannot provide. I
> > > > >>have nothing against unix, but ISA 2004 is
>great.
> > > > >> We could have paid 50k for a single pix to
>provide
> > > > >>firewall services.
> > > > >>Then signed up for a 5k a year maintenance
>agreement
> > > > (so we could
> > > > >>rcv
> > > > >>updates). And all machines need updates, even
> > > > "hardware"
> > > > >>firewalls have an
> > > > >>OS. And ISA still does so much more.
> > > > >>
> > > > >>Shane
> > > > >>
> > > > >>
> > > > >>
> > > > >>
> > > > >>
> > > > >> > On 6/19/06, Thomas W Shinder
><tshinder@xxxxxxxxxxx>
> > > > wrote:
> > > > >> >> http://www.ISAserver.org
> > > > >> >>
> > > >
>-------------------------------------------------------
> > > > >> >>
> > > > >> >> Yes, it's that good. Go Daddy and the ISP
>are
> > > > clueless.
> > > > >>Have you ever
> > > > >> >> talked to your ISP's "tech guys" who make
>these
> > > > >>recommendations? Let's
> > > > >> >> just say that the typical interaction leaves
>you
> > > > with the
> > > > >>feeling that
> > > > >> >> they're not on the top of the firewall and
> > > > networking food
> > > > >>chains :)
> > > > >> >>
> > > > >> >> Thomas W Shinder, M.D.
> > > > >> >> Site: www.isaserver.org
> > > > >> >> Blog: http://blogs.isaserver.org/shinder/
> > > > >> >> Book: http://tinyurl.com/3xqb7
> > > > >> >> MVP -- ISA Firewalls
> > > > >> >>
> > > > >> >>
> > > > >> >>
> > > > >> >> > -----Original Message-----
> > > > >> >> > From: isalist-bounce@xxxxxxxxxxxxx
> > > > >> >> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On
>Behalf
> > > > Of Shane
> > > > >>Mullins
> > > > >> >> > Sent: Monday, June 19, 2006 1:10 PM
> > > > >> >> > To: isalist@xxxxxxxxxxxxx
> > > > >> >> > Subject: [isalist] Re: Hardware....
>(cringe)
> > > > ...firewall ?
> > > > >> >> >
> > > > >> >> > http://www.ISAserver.org
> > > > >> >> >
> > > >
>-------------------------------------------------------
> > > > >> >> >
> > > > >> >> > ISA 2K4 is really good? There is an eval
> > > > version. Maybe he
> > > > >> >> > would let you
> > > > >> >> > try that.
> > > > >> >> >
> > > > >> >> >
> > > > >> >> > Shane
> > > > >> >> >
> > > > >> >> > ----- Original Message -----
> > > > >> >> > From: "G.Waleed Kavalec"
><kavalec@xxxxxxxxx>
> > > > >> >> > To: <isalist@xxxxxxxxxxxxx>
> > > > >> >> > Sent: Monday, June 19, 2006 1:08 PM
> > > > >> >> > Subject: [isalist] Hardware.... (cringe)
> > > > ...firewall ?
> > > > >> >> >
> > > > >> >> >
> > > > >> >> > > http://www.ISAserver.org
> > > > >> >> > >
> > > >
>-------------------------------------------------------
> > > > >> >> > > My boss has been talking to our ISP and
>also
> > > > to some folks
> > > > >> >> > at GoDaddy.
> > > > >> >> > >
> > > > >> >> > > Both use - and recommend - hardware
>firewall
> > > > solutions.
> > > > >> >> > >
> > > > >> >> > > What do I tell him? He is poised to make
>one
> > > > of those
> > > > >>classic PHB
> > > > >> >> > > decisions.
> > > > >> >> > >
> > > > >> >> > > (currently on ISA 2K)
> > > > >> >> > >
> > > > >> >> > > --
> > > > >> >> > >
> > > > >> >> > > G. Waleed Kavalec
> > > > >> >> > > -------------------------
> > > > >> >> > > Why are we all in this handbasket
> > > > >> >> > > and where is it going so fast?
> > > > >> >> > >
> > > >
>------------------------------------------------------
> > > > >> >> > > List Archives:
> > > > //www.freelists.org/archives/isalist/
> > > > >> >> > ISA Server
> > > > >> >> > > Newsletter:
> > > > http://www.isaserver.org/pages/newsletter.asp
> > > > >> >> > ISA Server
> > > > >> >> > > Articles and Tutorials:
> > > > >> >> >
>http://www.isaserver.org/articles_tutorials/ ISA
> > > > >> >> > > Server Blogs:
> > > > >> >> > > http://blogs.isaserver.org/
> > > > >> >> >
> > > >
>------------------------------------------------------
> > > > >> >> > > Visit TechGenix.com for more information
>about
> > > > our other
> > > > >>sites:
> > > > >> >> > > http://www.techgenix.com
> > > > >> >> >
> > > >
>------------------------------------------------------
> > > > >> >> > > To unsubscribe visit
> > > > >> >> > http://www.isaserver.org/pages/isalist.asp
> > > > Report
> > > > >> >> > > abuse to listadmin@xxxxxxxxxxxxx
> > > > >> >> > >
> > > > >> >> >
> > > > >> >> >
> > > >
>------------------------------------------------------
> > > > >> >> > List Archives:
> > > > //www.freelists.org/archives/isalist/
> > > > >> >> > ISA Server Newsletter:
> > > > >>http://www.isaserver.org/pages/newsletter.asp
> > > > >> >> > ISA Server Articles and Tutorials:
> > > > >> >> >
>http://www.isaserver.org/articles_tutorials/
> > > > >> >> > ISA Server Blogs:
>http://blogs.isaserver.org/
> > > > >> >> >
> > > >
>------------------------------------------------------
> > > > >> >> > Visit TechGenix.com for more information
>about
> > > > our other
> > > > >>sites:
> > > > >> >> > http://www.techgenix.com
> > > > >> >> >
> > > >
>------------------------------------------------------
> > > > >> >> > To unsubscribe visit
> > > > >>http://www.isaserver.org/pages/isalist.asp
> > > > >> >> > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > >> >> >
> > > > >> >> >
> > > > >> >> >
> > > > >> >>
> > > >
>------------------------------------------------------
> > > > >> >> List Archives:
> > > > //www.freelists.org/archives/isalist/
> > > > >> >> ISA Server Newsletter:
> > > > >>http://www.isaserver.org/pages/newsletter.asp
> > > > >> >> ISA Server Articles and Tutorials:
> > > > >> >> http://www.isaserver.org/articles_tutorials/
> > > > >> >> ISA Server Blogs:
>http://blogs.isaserver.org/
> > > > >> >>
> > > >
>------------------------------------------------------
> > > > >> >> Visit TechGenix.com for more information
>about our
> > > > other sites:
> > > > >> >> http://www.techgenix.com
> > > > >> >>
> > > >
>------------------------------------------------------
> > > > >> >> To unsubscribe visit
> > > > http://www.isaserver.org/pages/isalist.asp
> > > > >> >> Report abuse to listadmin@xxxxxxxxxxxxx
> > > > >> >>
> > > > >> >>
> > > > >> >
> > > > >> >
> > > > >> > -- >
> > > > >> > G. Waleed Kavalec
> > > > >> > -------------------------
> > > > >> > Why are we all in this handbasket
> > > > >> > and where is it going so fast?
> > > > >> >
> > > > >> > http://www.kavalec.com/thisisislam.swf
> > > > >> >
> > > >
>------------------------------------------------------
> > > > >> > List Archives:
> > > > //www.freelists.org/archives/isalist/
> > > > >>ISA Server
> > > > >> > Newsletter:
> > > > http://www.isaserver.org/pages/newsletter.asp
> > > > >>ISA Server
> > > > >> > Articles and Tutorials:
> > > > >>http://www.isaserver.org/articles_tutorials/ ISA
> > > > >> > Server Blogs:
> > > > >> > http://blogs.isaserver.org/
> > > >
> >>------------------------------------------------------
> > > > >> > Visit TechGenix.com for more information
>about our
> > > > other sites:
> > > > >> > http://www.techgenix.com
> > > >
> >>------------------------------------------------------
> > > > >> > To unsubscribe visit
> > > > >>http://www.isaserver.org/pages/isalist.asp
>Report
> > > > >> > abuse to listadmin@xxxxxxxxxxxxx
> > > > >>
> > > >
> >>------------------------------------------------------
> > > > >>List Archives:
> > > > //www.freelists.org/archives/isalist/
> > > > >>ISA Server Newsletter:
> > > > >>http://www.isaserver.org/pages/newsletter.asp
> > > > >>ISA Server Articles and Tutorials:
> > > > >>http://www.isaserver.org/articles_tutorials/
> > > > >>ISA Server Blogs: http://blogs.isaserver.org/
> > > >
> >>------------------------------------------------------
> > > > >>Visit TechGenix.com for more information about
>our
> > > > other sites:
> > > > >>http://www.techgenix.com
> > > >
> >>------------------------------------------------------
> > > > >>To unsubscribe visit
> > > > http://www.isaserver.org/pages/isalist.asp
> > > > >>Report abuse to listadmin@xxxxxxxxxxxxx
> > > > >>
> > > > >>
> > > > >>
> > > >
> >------------------------------------------------------
> > > > >List Archives:
> > > > //www.freelists.org/archives/isalist/
> > > > >ISA Server Newsletter:
> > > > http://www.isaserver.org/pages/newsletter.asp
> > > > >ISA Server Articles and Tutorials:
> > > > >http://www.isaserver.org/articles_tutorials/
> > > > >ISA Server Blogs: http://blogs.isaserver.org/
> > > >
> >------------------------------------------------------
> > > > >Visit TechGenix.com for more information about
>our
> > > > other sites:
> > > > >http://www.techgenix.com
> > > >
> >------------------------------------------------------
> > > > >To unsubscribe visit
> > > > http://www.isaserver.org/pages/isalist.asp
> > > > >Report abuse to listadmin@xxxxxxxxxxxxx
> > > > >
> > > >
> >------------------------------------------------------
> > > > >List Archives:
> > > > //www.freelists.org/archives/isalist/ ISA
> > > > >Server Newsletter:
> > > > http://www.isaserver.org/pages/newsletter.asp ISA
> > > > >Server Articles and Tutorials:
> > > > >http://www.isaserver.org/articles_tutorials/ ISA
>Server
> > > > Blogs:
> > > > >http://blogs.isaserver.org/
> > > >
> >------------------------------------------------------
> > > > >Visit TechGenix.com for more information about
>our
> > > > other sites:
> > > > >http://www.techgenix.com
> > > >
> >------------------------------------------------------
> > > > >To unsubscribe visit
> > > > http://www.isaserver.org/pages/isalist.asp
> > > > >Report abuse to listadmin@xxxxxxxxxxxxx
> > > > >
> > > >
> > > >
>------------------------------------------------------ List
> > > > Archives:
>//www.freelists.org/archives/isalist/ ISA Server
> > > > Newsletter:
>http://www.isaserver.org/pages/newsletter.asp ISA Server
> > > > Articles and Tutorials:
> > > > http://www.isaserver.org/articles_tutorials/ ISA
> > > > Server Blogs: http://blogs.isaserver.org/
> > > >
>------------------------------------------------------ Visit
> > > > TechGenix.com for more information about our other
>sites:
> > > > http://www.techgenix.com
> > > >
>------------------------------------------------------ To unsubscribe
> > > > visit http://www.isaserver.org/pages/isalist.asp
>Report abuse to
> > > > listadmin@xxxxxxxxxxxxx
> > > >
> > > >
> > > > All mail to and from this domain is GFI-scanned.
> > > >
> > > >
>------------------------------------------------------
> > > > List Archives:
>//www.freelists.org/archives/isalist/
> > > > ISA Server Newsletter:
>http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server Articles and Tutorials:
> > > > http://www.isaserver.org/articles_tutorials/
> > > > ISA Server Blogs: http://blogs.isaserver.org/
> > > >
>------------------------------------------------------
> > > > Visit TechGenix.com for more information about our
>other sites:
> > > > http://www.techgenix.com
> > > >
>------------------------------------------------------
> > > > To unsubscribe visit
>http://www.isaserver.org/pages/isalist.asp
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > >
>------------------------------------------------------
> > > > List Archives:
>//www.freelists.org/archives/isalist/
> > > > ISA Server Newsletter:
>http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server Articles and Tutorials:
> > > > http://www.isaserver.org/articles_tutorials/
> > > > ISA Server Blogs: http://blogs.isaserver.org/
> > > >
>------------------------------------------------------
> > > > Visit TechGenix.com for more information about our
>other sites:
> > > > http://www.techgenix.com
> > > >
>------------------------------------------------------
> > > > To unsubscribe visit
>http://www.isaserver.org/pages/isalist.asp
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > >
> > > >
> >
> >------------------------------------------------------
> > >List Archives:
>//www.freelists.org/archives/isalist/
> > >ISA Server Newsletter:
>http://www.isaserver.org/pages/newsletter.asp
> > >ISA Server Articles and Tutorials:
> > >http://www.isaserver.org/articles_tutorials/
> > >ISA Server Blogs: http://blogs.isaserver.org/
> >
> >------------------------------------------------------
> > >Visit TechGenix.com for more information about our
>other sites:
> > >http://www.techgenix.com
> >
> >------------------------------------------------------
> > >To unsubscribe visit
>http://www.isaserver.org/pages/isalist.asp
> > >Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> >
> >------------------------------------------------------
> > >List Archives:
>//www.freelists.org/archives/isalist/
> > >ISA Server Newsletter:
>http://www.isaserver.org/pages/newsletter.asp
> > >ISA Server Articles and Tutorials:
>http://www.isaserver.org/articles_tutorials/
> > >ISA Server Blogs: http://blogs.isaserver.org/
> >
> >------------------------------------------------------
> > >Visit TechGenix.com for more information about our
>other sites:
> > >http://www.techgenix.com
> >
> >------------------------------------------------------
> > >To unsubscribe visit
>http://www.isaserver.org/pages/isalist.asp
> > >Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> >
> >
> >------------------------------------------------------
>List Archives: //www.freelists.org/archives/isalist/ ISA Server
>Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server
>Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA
>Server Blogs: http://blogs.isaserver.org/
>------------------------------------------------------ Visit
>TechGenix.com for more information about our other sites:
>http://www.techgenix.com
>------------------------------------------------------ To unsubscribe
>visit http://www.isaserver.org/pages/isalist.asp Report abuse to
>listadmin@xxxxxxxxxxxxx
> >
> >All mail to and from this domain is GFI-scanned.
> >
>
> ><< winmail.dat >>
>
> engage Mutual Assurance is a trading name of Homeowners Friendly
>Society Limited (HFSL), Registered and Incorporated under the Friendly
>Societies Act 1992, Reg. No. 964F, and its wholly owned subsidiary
>engage Mutual Funds Limited (eMFL), Reg. No. 3224780, HFSL and eMFL are
>both authorised and regulated by the Financial Services Authority (FSA).
>HFSL's FSA Register no. is 110072, eMFL's FSA Register no. is 181487.
>You can check this on the FSA's Register by visiting the FSA's website
>http://www.fsa.gov.uk/register or by contacting the FSA on 0845 606 1234
>
> engage Mutual Investment Funds ICVC is an investment company
>with variable capital. Registered in England No. IC00044.
>
> engage Mutual Administration Limited Reg. No. 4301736, engage
>Mutual Services Limited Reg. No. 3088162 and Homeowners Membership
>Services Limited Reg. No. 3091667 are non-regulated limited companies.
>
> United Kingdom Civil Service Benefit Society (UKCSBS) and United
>Kingdom Armed Forces Benefit Society (UKAFBS) are trading styles of
>Homeowners Friendly Society Limited
>
> All registered at Hornbeam Park Avenue, Harrogate. HG2 8XE. Tel:
>01423 855000 Web: http://www.engagemutual.com
><http://www.engagemutual.com/> This e-mail is intended only for the
>person named as recipient. The contents are confidential. If you are not
>the intended recipient of this e-mail, please notify us as soon as
>possible and delete it. If you are not the intended recipient of the
>e-mail, any use by you is prohibited.
>------------------------------------------------------ List Archives:
>//www.freelists.org/archives/isalist/ ISA Server Newsletter:
>http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and
>Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server
>Blogs: http://blogs.isaserver.org/
>------------------------------------------------------ Visit
>TechGenix.com for more information about our other sites:
>http://www.techgenix.com
>------------------------------------------------------ To unsubscribe
>visit http://www.isaserver.org/pages/isalist.asp Report abuse to
>listadmin@xxxxxxxxxxxxx
>
>
>------------------------------------------------------ List Archives:
>//www.freelists.org/archives/isalist/ ISA Server Newsletter:
>http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and
>Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server
>Blogs: http://blogs.isaserver.org/
>------------------------------------------------------ Visit
>TechGenix.com for more information about our other sites:
>http://www.techgenix.com
>------------------------------------------------------ To unsubscribe
>visit http://www.isaserver.org/pages/isalist.asp Report abuse to
>listadmin@xxxxxxxxxxxxx
>------------------------------------------------------
>List Archives: //www.freelists.org/archives/isalist/
>ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
>ISA Server Blogs: http://blogs.isaserver.org/
>------------------------------------------------------
>Visit TechGenix.com for more information about our other sites:
>http://www.techgenix.com
>------------------------------------------------------
>To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>Report abuse to listadmin@xxxxxxxxxxxxx
>
