[isalist] Re: Nothing is secure like PIX
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Mon, 26 Jun 2006 14:37:52 -0500
Hi Jerry,
And keep in mind that the ISA firewall is an extremely robust network
layer firewall as well. People often forget this because they focus on
the app layer inspection, but I'd say that it's on par with PIX.
People often forget this little fact, because the "network guys" have
hijacked network security and think in terms of "port attackers". The
ISA firewall is a firewall from top down, from layer 2 to layer 8.
NO one attacks ports, they attack the applications listening on those
ports.
How do you "attack a port" and what does such a "port attack" get you?
A "port" is actually a socket anyhow, so you're a "socket attacker" now?
Are you going to attack the socket or the service listening on that
socket? What's the point of being a "socket attacker"? DoS? I can DoS
any box in the world (including a PIX and Check Point) using a network
flood; that ain't rocket science, but there's not much money to make
with network food DoS attacks.
I always get a kick out of the people looking at the ISA firewall Events
for "port attacks". What do they really do with this information? Show
it to the boss to A. Scare Him or B. Create personal anxiety over things
they shouldn't be worrying about in the first place?
Personally, I put folks who say "port attacks" right up with those who
say "open a port"
BTW -- www.tacteam.net/openport.htm
:)
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Young, Gerald G
Sent: Monday, June 26, 2006 1:17 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Nothing is secure like PIX
And by unanimous decision, ISA is the Heavyweight Firewall
Champion of the World! :-)
Come on, Mohamed, you didn't really think that comparison would
fly, did you? A lot of people throw the OSI model out there and as a
proponent for a L1-4 firewall solution, how can you possibly think that
PIX is more secure when exploits - those of the most serious nature -
generally work in L5-7? Unless you're confusing the TCP/IP stack model
with the OSI model.
Take for example the Ping of Death from years far gone. What
layer did the fault actually occur at?
The real thing to focus on isn't a firewall product. A firewall
is simply a means to mitigate a risk. You need to better understand
that risk in order to better know how to mitigate it.
When it comes to Microsoft networks, ISA does an extremely good
job at mitigating risks, especially in the layers I am generally the
most concerned about: L5-7.
Just my $.02.
Cordially yours,
Jerry G. Young II
MCSE (4.0/W2K)
Atlanta EES Implementation Team Lead
ECNS Microsoft Engineering
Unisys
11493 Sunset Hills Rd.
Reston, VA 20190
Office: 703-579-2727
Cell: 703-625-1468
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE
PROPRIETARY MATERIAL and is thus for use only by the intended recipient.
If you received this in error, please contact the sender and delete the
e-mail and its attachments from all computers.
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
Sent: Monday, June 26, 2006 1:12 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Nothing is secure like PIX
History of PIX flaws:
http://secunia.com/product/706/
http://secunia.com/product/59/
http://secunia.com/product/56/
http://secunia.com/product/6102/
NON-History of ISA firewall flaws:
http://secunia.com/product/3687/ (ZERO, NONE, not any)
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Egyptian Mind
Sent: Monday, June 26, 2006 10:28 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Nothing is secure like PIX
http://www.ISAserver.org
-------------------------------------------------------
Thanks for your suggestion , Steve
It's realy appreciated, but would you take a look to
this results after rearranging them by last modified,
http://search.securityfocus.com/swsearch?query=ISA+vulnerability&sbm=%2F
&submit=Search%21&metaname=alldoc&sort=swishlastmodified
and, this special link, is written by researcher called
Steve too :)
http://www.securityfocus.com/archive/1/433075
and if we search more, we will find more; about both,
ISA or PIX or even watchgurad,
as there is no full protected firewall; hardware or
software, but we are just doing our best to protect our network from
vulnerability by increasing the numbers of cascading gates, with
different classes,
but you know what ; I made something to my network....
My external router has no real IP...
it's just a local loop to the ISP , so that , I put the
ISP security door as the front one,
Increasing cascading different gates ,
What do you think about it?
Best Regards
Mohamed Saleh
Senior Network Administrator
College of Business Administration, CBA
Jeddah, Saudi Arabia
Tel: +966-02-6563199 ext 2521
Cell: - +966-50-2953591
!~` Yesterday is a History` ~!
!~` Tomorrow is a Mystery` ~!
!~` Today is a Gift` ~!
!~` So we call it ...............` ~!
!~` Present .......Simple` ~!
________________________________
From: "Steve Lunn" <Steve.Lunn@xxxxxxxxxxxxxxxx>
Reply-To: isalist@xxxxxxxxxxxxx
To: <isalist@xxxxxxxxxxxxx>
Subject: [isalist] Re: Nothing is secure like
PIX
Date: Mon, 26 Jun 2006 14:42:28 +0100
Can I suggest that you actually read that list
of vulnerabilities that you just posted as they all relate to ISA 2000
and not ISA 2004.
Regards,
Steve
Steve Lunn
Technical Support Analyst - Microsoft MCP
engage Mutual Assurance
DDI: 01423 855101 Fax: 01423 855181
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Egyptian Mind
Sent: 26 June 2006 13:40
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Nothing is secure like
PIX
All right, Jim
I didn't expect this bad atitude from someone
supposed to be well educated and has a good technical knowledge as you
have shown your self,
and by the way, no body is perfect , I f you see
that you know everything, it's a bug mistake..
Knowing how the OS operating, and dealing with
packets, throw RAM and processor,.. etc. will be easy if you r spend
your life in this field, and your education is corosponding this issue..
( Computing, processing and telecommunications), won't be ??
And every one know that PIX is layer 4 device
not like ISA Layer 7,
so Greg,,,,, what I was saying is that PIX is
more secure than ISA till layer 4 processing..
In addition, I said in my first mail that I'm
using the two boxes ( PIX and ISA ) for dublication the security, and
using ISA specially for controling application per user ( as also I said
b4)
and two doors are very good defender than one
door only ofcourse,
***
about the site u send Jim, I think you should
select a site that revile PIX and give the glory to ISA , as I found the
following link in this site too, saying 47 result about vulnerability in
ISA
http://search.securityfocus.com/swsearch?sbm=%2F&metaname=alldoc&query=I
SA+vulnerability
<http://search.securityfocus.com/swsearch?sbm=/&metaname=alldoc&query=IS
A+vulnerability>
Finaly, I will close this issue from my side as
I'm feel very sorry to this bad attitude reaction as the concept of this
list is to discuss everyone issue and thoughts with eachother...., isn't
it??
Best Regards
Mohamed Saleh
Senior Network Administrator
College of Business Administration, CBA
Jeddah, Saudi Arabia
Tel: +966-02-6563199 ext 2521
Cell: - +966-50-2953591
!~` Yesterday is a History` ~!
!~` Tomorrow is a Mystery` ~!
!~` Today is a Gift` ~!
!~` So we call it ...............` ~!
!~` Present .......Simple` ~!
________________________________
From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
Reply-To: isalist@xxxxxxxxxxxxx
To: <isalist@xxxxxxxxxxxxx>
Subject: [isalist] Re: Nothing is secure
like PIX
Date: Sun, 25 Jun 2006 09:35:29 -0700
>In response:
>#1 - "PIX is more secure than ISA
because it's a 'hardware' firewall". This is pure, unadulterated BS,
propagated by the same 1d10t's that ignore the *FACT* that PIX is
nothing more than a custom OS (xNIX, usually). In fact, I've only heard
of *one* "hardware" firewall; that it is strictly a L3-only box (much
like your PIX)
>
>#2 - Speed & security are orthogonal.
Security is demonstrated by resilience in teh face of unwanted traffic;
speed is merely doing it faster.
>
>#3 - You need to read up on how any OS
(specifically Windows) network functionality works. If you *ever* find
packets being stored to disk before being processed, throw that device
out the door
>
>#4 - I posted this for Tony Su; maybe
you'll get more use ot of it:
http://technet2.microsoft.com/WindowsServer/en/Library/823ca085-8b46-487
0-a83e-8032637a87c81033.mspx After you've read up a bit, come back and
rescind this argument
>
>#5 - this means nothing of the sort; if
you can demonstrate this assertion with fact, then by all means do so.
You should also go read up on how processes communicate in Windows.
>
>#6 - Let's see; if I stop the PIX
firewall services, the machine is also open to attack <duh>.
>
>#7 - no machine of any sort has
"unlimited" capabilities. If you really believe that this is possible,
you must not occupy the same physical world as the rest of us.
>
>#8 - Based on this argument, ISA is
also a "hardware" firewall as *all* traffic inspection (not just L3 as
in PIX) is performed in RAM. Not one single packet ever leaves the
motherboard except to enter or leave the network itself.
>
>#9 - The "adaptive security mechanism"
is L3-only. ISA policy engine and packet filter driver operate all the
way to L7. Thus, when the PIX is allowing RPC traffic to teh internal
host "because it asked for it", ISA is blocking it as invalid traffic.
Case in point; Blaster passed through every PIX on the planet; ISA
blocked it in every single case.
>
>#10 - is unclear at best. What's your
point other than to show how you can spew brand names?
>
>#11 - I noticed that you can research
ISA issues, but you seem unable to find PIX vulns? I wonder how that can
be? Go out to www.securityfocus.com and search under "Cisco" for "PIX
Firewall". I see:
>Multiple Cisco Products WebSense
Content Filtering Bypass Vulnerability
<http://www.securityfocus.com/bid/17883>
>2006-05-09
>http://www.securityfocus.com/bid/17883
>
>OpenSSL Denial of Service
Vulnerabilities <http://www.securityfocus.com/bid/9899>
>2006-05-05
>http://www.securityfocus.com/bid/9899
>
>Multiple Vendor TCP/IP Implementation
ICMP Remote Denial Of Service Vulnerabilities
<http://www.securityfocus.com/bid/13124>
>2006-03-22
>http://www.securityfocus.com/bid/13124
>
>Cisco PIX TCP SYN Packet Denial Of
Service Vulnerability <http://www.securityfocus.com/bid/15525>
>2006-03-10
>http://www.securityfocus.com/bid/15525
>
>Cisco Downloadable RADIUS Policies
Information Disclosure Vulnerability
<http://www.securityfocus.com/bid/16025>
>2005-12-21
>http://www.securityfocus.com/bid/16025
>
>Cisco IPSec Unspecified IKE Traffic
Denial Of Service Vulnerabilities
<http://www.securityfocus.com/bid/15401>
>2005-11-14
>http://www.securityfocus.com/bid/15401
>
>Multiple Vendor TCP Sequence Number
Approximation Vulnerability <http://www.securityfocus.com/bid/10183>
>2004-04-20
>http://www.securityfocus.com/bid/10183
>
>Multiple Cisco PIX Remote Denial Of
Service Vulnerabilities <http://www.securityfocus.com/bid/9221>
>2003-12-15
>http://www.securityfocus.com/bid/9221
>
>OpenSSL ASN.1 Large Recursion Remote
Denial Of Service Vulnerability <http://www.securityfocus.com/bid/8970>
>2003-11-04
>http://www.securityfocus.com/bid/8970
>
>Cisco PIX ICMP Echo Request Network
Address Translation Pool Exhaustion Vulnerability
<http://www.securityfocus.com/bid/8754>
>2003-10-03
>http://www.securityfocus.com/bid/8754
>
>Multiple Vendor Session Initiation
Protocol Vulnerabilities <http://www.securityfocus.com/bid/6904>
>2003-02-21
>http://www.securityfocus.com/bid/6904
>
>Multiple Vendor SSH2 Implementation
Buffer Overflow Vulnerabilities <http://www.securityfocus.com/bid/6407>
>2002-12-16
>http://www.securityfocus.com/bid/6407
>
>Cisco PIX VPN Session Hijacking
Vulnerability <http://www.securityfocus.com/bid/6211>
>2002-11-20
>http://www.securityfocus.com/bid/6211
>
>Cisco PIX TACACS+/RADIUS HTTP Proxy
Buffer Overrun Vulnerability <http://www.securityfocus.com/bid/6212>
>2002-11-20
>http://www.securityfocus.com/bid/6212
>
>Cisco PIX Firewall Telnet/SSH Subnet
Handling Denial Of Service Vulnerability
<http://www.securityfocus.com/bid/6110>
>2002-11-05
>http://www.securityfocus.com/bid/6110
>
>Cisco SSH Denial of Service
Vulnerability <http://www.securityfocus.com/bid/5114>
>2002-06-27
>http://www.securityfocus.com/bid/5114
>
>Cisco Malformed SNMP Message Denial of
Service Vulnerabilities <http://www.securityfocus.com/bid/4132>
>2002-02-12
>http://www.securityfocus.com/bid/4132
>
>Cisco PIX Firewall SMTP Content
Filtering Evasion Vulnerability Re-Introduction
<http://www.securityfocus.com/bid/3365>
>2001-09-26
>http://www.securityfocus.com/bid/3365
>
>Cisco PIX TACACS+ Denial of Service
Vulnerability <http://www.securityfocus.com/bid/2551>
>2001-04-06
>http://www.securityfocus.com/bid/2551
>
>SSH CRC-32 Compensation Attack Detector
Vulnerability <http://www.securityfocus.com/bid/2347>
>2001-02-08
>http://www.securityfocus.com/bid/2347
>
>PKCS #1 Version 1.5 Session Key
Retrieval Vulnerability <http://www.securityfocus.com/bid/2344>
>2001-02-06
>http://www.securityfocus.com/bid/2344
>
>Cisco PIX PASV Mode FTP Internal
Address Disclosure Vulnerability <http://www.securityfocus.com/bid/1877>
>2000-10-03
>http://www.securityfocus.com/bid/1877
>
>Cisco PIX Firewall SMTP Content
Filtering Evasion Vulnerability <http://www.securityfocus.com/bid/1698>
>2000-09-19
>http://www.securityfocus.com/bid/1698
>
>Cisco Secure PIX Firewall Forged TCP
RST Vulnerability <http://www.securityfocus.com/bid/1454>
>2000-07-10
>http://www.securityfocus.com/bid/1454
>
>Multiple Firewall Vendor FTP "ALG"
Client Vulnerability <http://www.securityfocus.com/bid/1045>
>2000-03-10
>http://www.securityfocus.com/bid/1045
>
>Multiple Firewall Vendor FTP Server
Vulnerability <http://www.securityfocus.com/bid/979>
>2000-02-09
>http://www.securityfocus.com/bid/979
>
>Cisco PIX Firewall Manager File
Exposure <http://www.securityfocus.com/bid/691>
>1998-08-31
>http://www.securityfocus.com/bid/691
>
>Cisco PIX and CBAC Fragmentation Attack
<http://www.securityfocus.com/bid/690>
>1998-08-18
>http://www.securityfocus.com/bid/690
>
>Well, waddayano; seems like PIX takes
this particular prize.
>
>#12 - this is nothing more than another
indication of your vast Windows / ISA ignorance
>
>Please go educate yourself before
making such claims, or at least ask Tony Su for advice.
>
>________________________________
>
>From: isalist-bounce@xxxxxxxxxxxxx on
behalf of Egyptian Mind
>Sent: Sun 6/25/2006 2:32 AM
>To: isalist@xxxxxxxxxxxxx
>Subject: [isalist] Re: Nothing is
secure like PIX
>
>
>http://www.ISAserver.org
-------------------------------------------------------
>
>Dears,
>
>
>
>I'm sorry for not continuing mailing
about this issue, but I was quit busy in upgrading in our network
infrastructure, but I should tell you that I was really surprised by the
160 mails they were in my inbox about this issue..
>
>It means that this matter has gained a
lot of attentions to most of members here in ISA List... I've really get
amused by these mails which come from different members with different
cultures and experiences about using hardware or software as a firewall
boundary, although that some of you have taking this issue as some kind
of joke, or to get amused by mocking ... :-):-):-)
>
>Anyway, I've really get amused by your
mail, TOM, It was really funny and your way of talking and mocking the
Idea is very interesting... Honestly, I laughed for 15 minutes ;
none-stop when I was reading your blog :-):-):-):-):-) (( It does not
mean ridiculing of you, but it means that your way of present your Idea
is really interesting :-) :-):-)
>
>But let's start examine this issue in
neutrality way... "and let me borrow your link for ' ISA Server 2006
Firewall Core' which u have send as you ask" :-)
>
>
>
>First: I didn't say that PIX is the
most secure firewall in the world, and ' Supernova; The greatest hacker'
can grantee this, I just said that PIX is more secure than ISA server,
which is our issue here...( I mean that PIX as a Hardware firewall, is
more secure than ISA as a software firewall)
>
>Second: you say that " Faster is not
the better" and you repeated it in a very interesting way, but I think
you should look at " ISA Server Firewall Core " in this paragraph:::::
>
>"""" Firewall Engine ( Firewall Packet
Engine)
>
>Handling these operations in Kernal
Mode, improves both performance and security. """""
>
>This means that Microsoft tends to
increase the performance of firewall service and security service in ISA
to make it faster as possible :-).
>
>Third: ISA 2006 firewall core depends
on Network Driver Interface Specification ( NDIS) and Microsoft
Networking Stack, that means that packet should pass the network
interface, the processor, RAM, harddisk, till it reach the network
driver in windows ( Kernal Layer) which located over the hardware layer
and assembly layer, in the other hand, the packet is analyzed,
interpreted and processed in hardware layer in any hardware firewall.
>
>Fourth: The TCP/IP Stack in firewall
core in Kernal mode is controlled by windows , which refers to the
previous point of even the firewall engine is analyzing the packet in
layer 3 and 4 before beginning processing, it will of course reach layer
5 of windows which send it to the firewall engine in kernel mode.... ((
Does it make sense??? )) or it's better to analyze the packet as soon as
it reaches the network interface card, Isn't it??
>
>Fifth: In the purposed document
>
>" Policy Engine
>
>The policy engine communicates with all
components of the ISA server firewall core, both with the Kernal-mode
firewall engine and the user-mode firewall service, in addition the
Policy Engine communicates with both layers of application and web
filters""
>
>This means that there are a lot of
channels opened between Firewall core and other applications running in
ISA, which means " open ports", even this ports are opened in
Kernal-mode, but it's still opened port :-)
>
>Sixth: These are some comments
gathering from viewing just the first three papers of Microsoft
Document, and I will not telling the comments getting from the rest of
this document, or the mail will be too long :-) to read, but just I'd
like to present this comment written in the document as my last word
about this document;
>
>" Note The firewall engine driver is
the root of the firewall dependency tree. Stopping the firewall engine
driver ( by using net stop fweng /y at the command prompt) also stops
the other Firewall components, which opens the computer to all network
traffic """
>
>Open to all network traffic
!!!!!!!!!!!!!!!!!!!!!, it means fully penetrated... how could it be that
one command can penetrate my network to all attacks?????? ... it does
not make sense at all, Does it??
>
>Seventh: you compares the ISA server
2006 ( which is last release) with PIX firewall, which is in market over
than 20 years, and you didn't specify which version,, Microsoft has ISA
2000, 2004, 2006... But CISCO has 501,501E,506E,515,525, and the
greatest PIX 535, which has unlimited number of users ad unlimited
numbers of concurrent VPN Connections ....
>
>Eighth : The OS of PIX is too small
which can be loaded in RAM and some portion of processor, It doesn't
mean just that it will be faster and faster than any software firewall,
but I mean that the packet inspector process will be done at the
hardware level, and in fact it happens in the assembly level... More
than that, every interface in PIX has it's own firewall policy, firewall
engine, access control,,, although you manage all interfaces by one
screen, but in fact this screen is collecting policies and access
controls and firewall services for all interfaces,,, as the OS of PIX
divide itself to make each interface has it's own control, so no need to
contact with the core OS or the kernel for any operations....
>
>Ninth: The adaptive security algorithm,
included in PIX, will never allow an incoming traffic to go inside,
except if there is a request for this traffic from inside, and it should
match a random signature it has been given to the requested traffic, or
if u make a policy on the outside interface to allow this traffic to
come in, and is called ADAPTIVE , it means that it will strengthen it
self upon the signature of the attack or the requested traffic and how
it will be filtered to insure that this " man in the middle" will not
gain access though the incoming traffic.
>
>Tenth: I was talking here about PIX 535
which support all clustering features, as well as redundancy, as the
corresponding issue is between ISA and PIX, as a hardware and software
firewall, but If we go to market, we will find Watch Guard, Cyber Guard,
Alphafilter, CyberCom, D-Link,.....etc as well as we will see Symantec ,
Mcafee, ....etc,,, and for linux there are a lot of firewall software
like Netfilter
>
>Eleventh: you talked about ISA 2006,
and you give me a document coming from Microsoft itself, so what will
mama said about her child???????
>
>So if you want this, you can take a
look of the following links ::
>
> PIX 535
>
>http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_she
et09186a008007d05d.html
>
>http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_she
et09186a00801daa53.html
>
>ASA 5500
>
>http://www.cisco.com/en/US/products/ps6120/products_data_sheet0900aecd8
02930c5.html
>
>http://www.cisco.com/en/US/products/ps6120/products_data_sheet0900aecd8
0404916.html
>
>Note that ASA 5500 has been developed
in order to satisfy market need of application filtering and Active
Directory Integrated..
>
>But if we go to neutralized sites, we
will find that most of them are preferred PIX than ISA as a front door
>
>and I will not go far away,
>
>This link is in ISASERVER.org itself
with your handwriting about ISA 2000, which shown some issue
>
>http://www.isaserver.org/articles/Microsoft_Confirms_DoS_Vulnerability_
in_ISA_Server_2000.html
>
>right?
>
>And also :
>
>http://forums.isaserver.org/m_240057200/mpage_1/key_/tm.htm#240057210
>
>and please see this
>
>http://www.critical-error.com/Article724.phtml
>
>http://www.techspot.com/vb/archive/index/t-10247.html
>
>http://www.checkpoint.com/defense/advisories/public/2006/printer/cpai_p
rint-03-Jun.html
>
>http://www.networksecurityarchive.org/html/NTBugtraq/2004-11/msg00009.h
tml
>
>
>
> Which means that you should be standby
for any articles and newsgroup to find out if there any discover
Vulnerability, and not just using windows update"
>
>Twelfth: There is a fact that any GUI
operating system should open ports to hardware to operate well, and this
is refer to fact that the first 1024 ports in windows you can't change
or reconfigure, and the other act that the most secure operating system
till now is UNIX , as it is a command prompt operating system and have
never been hacked except when it become LINUX, with a GUI.
>
>And even if it has been hacked, it
records the least amount of hacking processes than windows ofcourse.
>
>Finally : No Doubt that Microsoft is
the greatest marketing company in the world, as it depends on user need,
and nothing is more important to user more than the fancy of GUI ,
Graphical User Interface,
>
>I think most of you agree with me that
this concept ; I mean GUI, is the main reason for Bill Jates treasure
which made up his riches, isn't it???
>
>Now, can you tell me
>
>- Why the great companies and the
effective and sensitive corporations ( Like BMW, Aramco, Nokia ) prefer
to put a hardware firewall instead of ISA server?? ( This is a fact, I
see it myself )
>
>
>
>- Why most of multinational banks (
Like CIB, HSBC ) put more than three cascading hardware firewalls as
it's front door to internet??? ( This is a fact, I see it myself)
>
>
>
>- Why Microsoft itself didn't use any
of it's products, in it's server farms, instead they using UNIX for mail
server as an example??? ( you can check it your self by reading the
arguments shown to you in the address bar of internet explorer when you
open your hotmail inbox, and ask a good web programmer about it )
>
>
>
>- Why you don't recommend ISA server
for DAN as the cheapest way for a firewall system, as he can install it
on a high hardware qualified workstation, not should be a server, if you
think that ISA server can manage?????
>
>
>
>
> Best Regards
> Mohamed Saleh
>
> Senior Network Administrator
> College of Business Administration,
CBA
> Jeddah, Saudi Arabia
> Tel: +966-02-6563199 ext 2521
> Cell: - +966-50-2953591
>
>
>!~` Yesterday is a History` ~!
>!~` Tomorrow is a Mystery` ~!
>!~` Today is a Gift` ~!
>!~` So we call it ...............` ~!
>!~` Present .......Simple` ~!
>
>
>
>
>________________________________
>
> From: "D PIETRUSZKA USWRN INTERLINK
INFRA" <DPietruszka@xxxxxx>
> Reply-To: isalist@xxxxxxxxxxxxx
> To: <isalist@xxxxxxxxxxxxx>
> Subject: [isalist] Re: Nothing is
secure like PIX
> Date: Thu, 22 Jun 2006 07:16:07 -0400
> >http://www.ISAserver.org
>
>-------------------------------------------------------
> >
> >Probably you need to move your test
to a more realistic and complex
> >scenario.
> >
> >Regards
> >Diego R. Pietruszka
> >
> >
> >-----Original Message-----
> >From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx]
> >On Behalf Of Thomas W Shinder
> >Sent: Wednesday, June 21, 2006 6:28
PM
> >To: isalist@xxxxxxxxxxxxx
> >Subject: [isalist] Re: Nothing is
secure like PIX
> >
> >http://www.ISAserver.org
>
>-------------------------------------------------------
> >
> >In my tests, I found them to be the
same.
> >
> >I have one box running ISA 2000 that
hasn't been upgraded or service
> >packed for over two years, and it's
been running without stop for that
> >period of time. This is on a white
box install.
> >
> >There really isn't any difference in
stability from my perspective. If
> >you don't treat it like a
workstation, don't install non-ISA firewall
> >related services on it, it will run
as long as any PIX. And the good
> >thing is, it updates itself. Unlike
the PIX, which does need to be
> >updated like any other device, it
doesn't do it itself and most
> >"hardware" firewall admins just
ignore it. Not very smart or secure, but
> >I see that all the time in the field.
After all, it's hardware, it must
> >be secure [sic].
> >
> >NOT.
> >
> >Tom
> >
> >Thomas W Shinder, M.D.
> >Site: www.isaserver.org
> >Blog:
http://blogs.isaserver.org/shinder/
> >Book: http://tinyurl.com/3xqb7
> >MVP -- ISA Firewalls
> >
> >
> >
> > > -----Original Message-----
> > > From: isalist-bounce@xxxxxxxxxxxxx
> > >
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of D
> > > PIETRUSZKA USWRN INTERLINK INFRA
> > > Sent: Wednesday, June 21, 2006
2:02 PM
> > > To: isalist@xxxxxxxxxxxxx
> > > Subject: [isalist] Re: Nothing is
secure like PIX
> > >
> > > http://www.ISAserver.org
> > >
-------------------------------------------------------
> > >
> > > Do you know the difference between
stability (what I mentioned on my
> > > email) and vulnerability?
> > >
> > > Regards
> > > Diego R. Pietruszka
> > >
> > >
> > > -----Original Message-----
> > > From: isalist-bounce@xxxxxxxxxxxxx
> > >
[mailto:isalist-bounce@xxxxxxxxxxxxx]
> > > On Behalf Of Jim Harrison
> > > Sent: Wednesday, June 21, 2006
1:51 PM
> > > To: isalist@xxxxxxxxxxxxx
> > > Subject: [isalist] Re: Nothing is
secure like PIX
> > >
> > > http://www.ISAserver.org
> > >
-------------------------------------------------------
> > >
> > > This is a completely specious
argument, with absolutely no basis in
> > > historical fact.
> > > When you can demonstrate that a
properly-configured ISA server has
> > > *EVER* been compromised due to a
Windows vulnerability, this
> > > claim *may*
> > > warrant consideration.
> > >
> > > Until then, it's nothing more or
less than simple punditious
> > > regurgitation.
> > >
> > >
-------------------------------------------------------
> > > Jim Harrison
> > > MCP(NT4, W2K), A+, Network+, PCG
> > > http://isaserver.org/Jim_Harrison/
> > > http://isatools.org
> > > Read the help / books / articles!
> > >
-------------------------------------------------------
> > >
> > >
> > > -----Original Message-----
> > > From: isalist-bounce@xxxxxxxxxxxxx
> > >
[mailto:isalist-bounce@xxxxxxxxxxxxx]
> > > On Behalf Of D PIETRUSZKA USWRN
INTERLINK INFRA
> > > Sent: Wednesday, June 21, 2006
08:53
> > > To: isalist@xxxxxxxxxxxxx
> > > Subject: [isalist] Re: Nothing is
secure like PIX
> > >
> > > I completely agree that ISA is far
more secure than PIX, the
> > > only part I
> > > would concede to PIX (and that is
why is still on the market) is the
> > > stability and that is because
don't run on windows as ISA do.
> > >
> > >
> > >
> > > Regards
> > >
> > > Diego R. Pietruszka
> > >
> > >
> > >
> > > ________________________________
> > >
> > > From: isalist-bounce@xxxxxxxxxxxxx
> > >
[mailto:isalist-bounce@xxxxxxxxxxxxx]
> > > On Behalf Of Thomas W Shinder
> > > Sent: Wednesday, June 21, 2006
11:05 AM
> > > To: isalist@xxxxxxxxxxxxx
> > > Cc: isapros-repost@xxxxxxxxxxxxx
> > > Subject: [isalist] Re: Nothing is
secure like PIX
> > >
> > >
> > >
> > > Hi EM,
> > >
> > >
> > >
> > > You are right. PIX is not very
secure. It's a router with
> > > some advanced
> > > ACLs and does neat routing tricks.
But when it comes to
> > > security, you're
> > > very very wrong that it's more
secure. Hardware doesn't fall from
> > > heaven, and all "hardware" is
controlled by software, and
> > > Syphco's core
> > > compentancy is not application
protection -- it's routing and
> > > switching.
> > >
> > >
> > >
> > >
> > > I agree that there is no
comparison between PIX and ISA -- only a fool
> > > would be convinced that they get
any real security from a PIX, becuase
> > > they never took the time to learn
about network security and what the
> > > end game was. Check Point? That's
another story. Like the ISA
> > > firewall,
> > > Check Point is a so-called
"software firewall" (something to pothead
> > > "hardware" firewall guys often
forget). Check Point is better than ISA
> > > and you pay a LOT for that.
However, a PIX is a joke and I think the
> > > more thoughtful firewall admins
out there realize they've
> > > been hyMOtized
> > > by the Syphco sales reps.
> > >
> > >
> > >
> > > PIX is a puppy dog, a little
terrier, a laptop or a pretty little
> > > Persian kitty cat -- the ISA
firewall is the brobdingnagian that
> > > provides your real security. The
PIX is an emotional blanket,
> > > a network
> > > Prozac, an expensive and illusory
work for security fiction.
> > > The PIX is
> > > the emperor with no clothes and is
front of my hacked Web sites and
> > > networks than any other firewall.
> > >
> > >
> > >
> > > You mention that the PIX software
is "advanced" -- I'll give you the
> > > opposite perspective and proffer
that it's a trisomy 13 baby
> > > compared to
> > > the robust and healthy child that
is the ISA firewall. No one has ever
> > > broken into an ISA firewall and I
consider the ISA firewall
> > > mandatory. A
> > > PIX is nothing more than a
historical superstition, a carry over from
> > > the dawn days of the Internet. I
never never never never never never
> > > NEVER recommend putting a PIX in
front or behind or anywhere near the
> > > ISA firewall (a Check Point?
Sometimes that's useful for defense in
> > > depth -- Check Point, unlike PIX,
is a real network security
> > > solution).
> > >
> > >
> > >
> > > The PIX with worthless and weak.
Who is it? What is it? What does it
> > > plan to do with it's life? (name
that tune!) On the other
> > > hand, the ISA
> > > firewall is built by people who
understand software, understand
> > > security, and is much more than a
stupid router with a
> > > "firewall" decal
> > > slapped on its bezel.
> > >
> > >
> > >
> > > The ISA firewall's VPN server is
MUCH MORE SECURE than the simple PIX
> > > VPN. I've always wondered about
the IQ of folks who have thought
> > > otherwise. It's probably not an
intelligence issue, but just an
> > > ignorance issue, since they
probably don't understand the
> > > weaknesses of
> > > the PIX VPN solution or the
strengths of the ISA firewall's VPN
> > > solutions -- but that's par for
the course for folks who've been
> > > hypmotized by the Syphco sales
reps, and have had the implanted
> > > suggestions reinforced by the
ABMer idiot echo chamber.
> > >
> > >
> > >
> > > Faster is not more secure.
> > >
> > > Repeat
> > >
> > > Faster is NOT more secure
> > >
> > > Repeat
> > >
> > > Faster is NOT more secure
> > >
> > > Repeat
> > >
> > > Faster is NOT NOT NOT more secure
> > >
> > >
> > >
> > > Hardware is NOT more secure
> > >
> > > Repeat
> > >
> > > Hardware is NOT more secure
> > >
> > > Repeat
> > >
> > > Hardware is NOT more secure
> > >
> > > Repeat
> > >
> > > Hardware is NOT more secure
> > >
> > > Repeat
> > >
> > > Hardware is NOT more secure
> > >
> > > Repeat
> > >
> > > Hardware is NOT more secure
> > >
> > > Repeat
> > >
> > > Hardware is NOT more secure
> > >
> > > Repeat
> > >
> > >
> > >
> > > Remember, PIX has many security
vulnerabilies that you can
> > > check out at
> > > Secunia. Strangely enough, the ISA
firewall has NONE. And
> > > don't feed me
> > > that tired old drivel about "but
it runs on Windows". If you
> > > can show me
> > > how this is an issue after reading
this
> > >
http://www.microsoft.com/isaserver/2006/prodinfo/Firewall_Corewp.mspx
> > > (which you won't do if you depend
on your Syphco sales rep for tech
> > > info).
> > >
> > >
> > >
> > > Finally, be careful about throwing
Syphco PIX FUD around here. I've
> > > worked with the worthless PIX for
a long time and studied it
> > > in depth. I
> > > know it's cr*p on a cracker and it
survives because it's been
> > > grandfathered into the business.
We're all now suffering badly because
> > > the "network guys" who are
clueless lusers when it comes to understand
> > > application security, have
hijacked network security and companies get
> > > hacked far more often than they
should because these dolts are "port
> > > openers" and "port closers". The
current situation has the clowns
> > > running the circus.
> > >
> > >
> > >
> > > In conclusion, there are several
neuroleptic medications I
> > > can recommend
> > > to anyone who seriously believes
the worthless PIX is more secure than
> > > an ISA firewall.
> > >
> > >
> > >
> > > IMNHO,
> > >
> > > Tom
> > >
> > >
> > >
> > > P.S. You're welcome to borrow any
of the creative phases I've included
> > > in this email. I only ask that you
give the props :)
> > >
> > > Thomas W Shinder, M.D.
> > > Site: www.isaserver.org
<http://www.isaserver.org/>
> > > Blog:
http://blogs.isaserver.org/shinder/
> > > Book: http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > >
> > >
> > >
> > >
> > >
> > >
> > > ________________________________
> > >
> > >
> > > From: isalist-bounce@xxxxxxxxxxxxx
> > >
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Egyptian Mind
> > > Sent: Wednesday, June 21, 2006
9:01 AM
> > > To: isalist@xxxxxxxxxxxxx
> > > Subject: [isalist] Nothing is
secure like PIX
> > >
> > > http://www.ISAserver.org
> > >
-------------------------------------------------------
> > >
> > >
> > >
> > > Dears,
> > >
> > > No doubt that ISA 2000 or 2004 or
even 2006, have increased the
> > > possibility of controling user
access,,, by allowing or denying the
> > > browsing or a tiny issue like
downloding gif and not
> > > downloading jpg as
> > > an example..
> > >
> > > This shows how much we can control
user action,,,
> > >
> > > Moreover, features like firewall
services, securing VPN
> > > connection, Nating, Publishing web
sites, etc.... are very helpfull
> > > features to make or Network
Control is much easier...
> > >
> > > But Nothing is secure like PIX...
> > >
> > > I don't mean that PIX is more
secure than ISA, or more capable
> > > of handling requests... I'm
talking about features and design and even
> > > the hardware specification....
There is no comparison between ISA and
> > > PIX
> > >
> > > I'm here, in my network ; using
two failover PIX and two
> > > clustering ISA servers as well..
every device has it's
> > > responsiblities...
> > >
> > > ISA is responisble for handling he
request from users and
> > > filtering it depends on customized
rules, and the great thing that ISA
> > > server is a domain member, so I
can customized the rules directly to
> > > specific user ,,,
> > >
> > > PIX is my Huge Body Guard which
stand infront of my Out Door, to
> > > filter any request come in or out
my door... YEs ..( in or out ) not
> > > just in .... and it is built on a
very advanced built-in
> > > program in the
> > > hardware it self, it is the
adaptive security algorithm,
> > > which has alot
> > > of tools to scan the coming
packet,... like if we said , the
> > > ultravoilet, infarraed, and eye
scanner and everything...
> > >
> > > It's a very adaptive algorithm and
it's very hard to
> > > penetrate,,, note that this
alogorithm is working on every packet goes
> > > or come , also depend on your own
cutomized rule you make on PIX,,,
> > >
> > > and instead that the windows how
operates, the adaptive security
> > > algorithm are running using the
same processing speed of it's
> > > processor,
> > > as it is already loaded in the PIX
processor and rams..
> > >
> > > How faster do you think it will be
!!!!!!?????
> > >
> > > it also has a complete secure
process for VPN connection and
> > > PATING, NATING , ... etc
> > >
> > > But PIX is not function as layer 7
appliance, so we use ISA for
> > > this purpose,,, to control the
Application layer and presentation
> > > layer... nothing more, nothing
less,, and also because PIX is not
> > > integrating with Active
Directory..
> > >
> > > Finally, PIX is mandatory for
security, and ISA is mandatory for
> > > controling... but if we talked
about the ability to be hacked
> > > , I think
> > > you will agree with me that
hacking a program runing on
> > > Windows platform
> > > is much easier from penetrating
program runing on security dedicated
> > > appliance........ (( you can ask
Bill Jates about it ))
> > >
> > >
> > >
> > >
> > >
> > > Best Regards
> > >
> > > Mohamed Saleh
> > >
> > >
> > > Senior Network Administrator
> > > College of Business
Administration, CBA
> > > Jeddah, Saudi Arabia
> > > Tel: +966-02-6563199 ext 2521
> > > Cell: - +966-50-2953591
> > >
> > >
> > >
> > >
> > > !~` Yesterday is a History` ~!
> > >
> > > !~` Tomorrow is a Mystery` ~!
> > >
> > > !~` Today is a Gift` ~!
> > >
> > > !~` So we call it ...............`
~!
> > >
> > > !~` Present .......Simple` ~!
> > >
> > >
> > >
> > >
> > >
> > >
> > > ________________________________
> > >
> > >
> > > From: "Shane Mullins"
<tsmullins@xxxxxxxxxxxxxx>
> > > Reply-To: isalist@xxxxxxxxxxxxx
> > > To: <isalist@xxxxxxxxxxxxx>
> > > Subject: [isalist] Re:
Hardware.... (cringe) ...firewall
> > > ?
> > > Date: Tue, 20 Jun 2006 13:12:08
-0400
> > > >http://www.ISAserver.org
> > >
>-------------------------------------------------------
> > > > Good Deal,
> > > >
> > > > We have used ISA since Proxy
2.0. I really liked the
> > > upgrade
> > > >from 2.0 to ISA 2000. But, I
really really like ISA
> > > 2004. Some of
> > > >the new features are great, esp
in the VPN areas,
> > > stateful packet
> > > >inspection. Also, I like the way
ISA integrates into
> > > AD, this is
> > > >huge if you are a Windows shop.
Also, there are some
> > > third party
> > > >snap ins that are very helpful.
> > > >
> > > >Shane
> > > >
> > > >PS I also really enjoyed reading
your ISA 2004 book.
> > > >
> > > >
> > > >
> > > >----- Original Message -----
From: "Thomas W Shinder"
> > > ><tshinder@xxxxxxxxxxx>
> > > >To: <isalist@xxxxxxxxxxxxx>
> > > >Sent: Tuesday, June 20, 2006
10:33 AM
> > > >Subject: [isalist] Re:
Hardware.... (cringe)
> > > ...firewall ?
> > > >
> > > >
> > > >http://www.ISAserver.org
> > >
>-------------------------------------------------------
> > > >
> > > >Hi Shane,
> > > >
> > > >No problems, that's how I took
it! :)
> > > >
> > > >The PIX tax reminds of when in
the middle ages you
> > > could pay the
> > > >church
> > > >to absolve you of your sins. The
situation here is that
> > > they're
> > > >paying
> > > >Cisco for their sin of
slothfullness. Slothful in that
> > > they haven't
> > > >spent the time and effort to
understand real network
> > > security and
> > > >blindly pay a router and switch
company big money to
> > > protect
> > > >comporate
> > > >data (does anyone see the paradox
in this?)
> > > >
> > > >Thanks!
> > > >Tom
> > > >
> > > >Thomas W Shinder, M.D.
> > > >Site: www.isaserver.org
> > > >Blog:
http://blogs.isaserver.org/shinder/
> > > >Book: http://tinyurl.com/3xqb7
> > > >MVP -- ISA Firewalls
> > > >
> > > >
> > > >
> > > >>-----Original Message-----
> > > >>From:
isalist-bounce@xxxxxxxxxxxxx
> > >
>>[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of
> > > Shane Mullins
> > > >>Sent: Tuesday, June 20, 2006
7:56 AM
> > > >>To: isalist@xxxxxxxxxxxxx
> > > >>Subject: [isalist] Re:
Hardware.... (cringe)
> > > ...firewall ?
> > > >>
> > > >>http://www.ISAserver.org
> > >
> > >
>>-------------------------------------------------------
> > > >>
> > > >>Hey Thomas,
> > > >>
> > > >> I meant that to be a plug for
ISA 2004. I think ISA
> > > 2004
> > > >>is great. We
> > > >>have two ISA 2004 boxes that
firewall and provide
> > > internet
> > > >>access for 3,500
> > > >>machines. ISA 2004 has been rock
solid for us. ISA
> > > 2004
> > > >>provides advanced
> > > >>logging and caching functions
that a "hardware"
> > > firewall
> > > >>cannot provide. I
> > > >>have nothing against unix, but
ISA 2004 is great.
> > > >> We could have paid 50k for a
single pix to provide
> > > >>firewall services.
> > > >>Then signed up for a 5k a year
maintenance agreement
> > > (so we could
> > > >>rcv
> > > >>updates). And all machines need
updates, even
> > > "hardware"
> > > >>firewalls have an
> > > >>OS. And ISA still does so much
more.
> > > >>
> > > >>Shane
> > > >>
> > > >>
> > > >>
> > > >>
> > > >>
> > > >> > On 6/19/06, Thomas W Shinder
<tshinder@xxxxxxxxxxx>
> > > wrote:
> > > >> >> http://www.ISAserver.org
> > > >> >>
> > >
-------------------------------------------------------
> > > >> >>
> > > >> >> Yes, it's that good. Go
Daddy and the ISP are
> > > clueless.
> > > >>Have you ever
> > > >> >> talked to your ISP's "tech
guys" who make these
> > > >>recommendations? Let's
> > > >> >> just say that the typical
interaction leaves you
> > > with the
> > > >>feeling that
> > > >> >> they're not on the top of
the firewall and
> > > networking food
> > > >>chains :)
> > > >> >>
> > > >> >> Thomas W Shinder, M.D.
> > > >> >> Site: www.isaserver.org
> > > >> >> Blog:
http://blogs.isaserver.org/shinder/
> > > >> >> Book:
http://tinyurl.com/3xqb7
> > > >> >> MVP -- ISA Firewalls
> > > >> >>
> > > >> >>
> > > >> >>
> > > >> >> > -----Original Message-----
> > > >> >> > From:
isalist-bounce@xxxxxxxxxxxxx
> > > >> >> >
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf
> > > Of Shane
> > > >>Mullins
> > > >> >> > Sent: Monday, June 19,
2006 1:10 PM
> > > >> >> > To: isalist@xxxxxxxxxxxxx
> > > >> >> > Subject: [isalist] Re:
Hardware.... (cringe)
> > > ...firewall ?
> > > >> >> >
> > > >> >> > http://www.ISAserver.org
> > > >> >> >
> > >
-------------------------------------------------------
> > > >> >> >
> > > >> >> > ISA 2K4 is really good?
There is an eval
> > > version. Maybe he
> > > >> >> > would let you
> > > >> >> > try that.
> > > >> >> >
> > > >> >> >
> > > >> >> > Shane
> > > >> >> >
> > > >> >> > ----- Original Message
-----
> > > >> >> > From: "G.Waleed Kavalec"
<kavalec@xxxxxxxxx>
> > > >> >> > To:
<isalist@xxxxxxxxxxxxx>
> > > >> >> > Sent: Monday, June 19,
2006 1:08 PM
> > > >> >> > Subject: [isalist]
Hardware.... (cringe)
> > > ...firewall ?
> > > >> >> >
> > > >> >> >
> > > >> >> > > http://www.ISAserver.org
> > > >> >> > >
> > >
-------------------------------------------------------
> > > >> >> > > My boss has been talking
to our ISP and also
> > > to some folks
> > > >> >> > at GoDaddy.
> > > >> >> > >
> > > >> >> > > Both use - and recommend
- hardware firewall
> > > solutions.
> > > >> >> > >
> > > >> >> > > What do I tell him? He
is poised to make one
> > > of those
> > > >>classic PHB
> > > >> >> > > decisions.
> > > >> >> > >
> > > >> >> > > (currently on ISA 2K)
> > > >> >> > >
> > > >> >> > > --
> > > >> >> > >
> > > >> >> > > G. Waleed Kavalec
> > > >> >> > >
-------------------------
> > > >> >> > > Why are we all in this
handbasket
> > > >> >> > > and where is it going so
fast?
> > > >> >> > >
> > >
------------------------------------------------------
> > > >> >> > > List Archives:
> > >
//www.freelists.org/archives/isalist/
> > > >> >> > ISA Server
> > > >> >> > > Newsletter:
> > >
http://www.isaserver.org/pages/newsletter.asp
> > > >> >> > ISA Server
> > > >> >> > > Articles and Tutorials:
> > > >> >> >
http://www.isaserver.org/articles_tutorials/ ISA
> > > >> >> > > Server Blogs:
> > > >> >> > >
http://blogs.isaserver.org/
> > > >> >> >
> > >
------------------------------------------------------
> > > >> >> > > Visit TechGenix.com for
more information about
> > > our other
> > > >>sites:
> > > >> >> > > http://www.techgenix.com
> > > >> >> >
> > >
------------------------------------------------------
> > > >> >> > > To unsubscribe visit
> > > >> >> >
http://www.isaserver.org/pages/isalist.asp
> > > Report
> > > >> >> > > abuse to
listadmin@xxxxxxxxxxxxx
> > > >> >> > >
> > > >> >> >
> > > >> >> >
> > >
------------------------------------------------------
> > > >> >> > List Archives:
> > >
//www.freelists.org/archives/isalist/
> > > >> >> > ISA Server Newsletter:
> > >
>>http://www.isaserver.org/pages/newsletter.asp
> > > >> >> > ISA Server Articles and
Tutorials:
> > > >> >> >
http://www.isaserver.org/articles_tutorials/
> > > >> >> > ISA Server Blogs:
http://blogs.isaserver.org/
> > > >> >> >
> > >
------------------------------------------------------
> > > >> >> > Visit TechGenix.com for
more information about
> > > our other
> > > >>sites:
> > > >> >> > http://www.techgenix.com
> > > >> >> >
> > >
------------------------------------------------------
> > > >> >> > To unsubscribe visit
> > >
>>http://www.isaserver.org/pages/isalist.asp
> > > >> >> > Report abuse to
listadmin@xxxxxxxxxxxxx
> > > >> >> >
> > > >> >> >
> > > >> >> >
> > > >> >>
> > >
------------------------------------------------------
> > > >> >> List Archives:
> > >
//www.freelists.org/archives/isalist/
> > > >> >> ISA Server Newsletter:
> > >
>>http://www.isaserver.org/pages/newsletter.asp
> > > >> >> ISA Server Articles and
Tutorials:
> > > >> >>
http://www.isaserver.org/articles_tutorials/
> > > >> >> ISA Server Blogs:
http://blogs.isaserver.org/
> > > >> >>
> > >
------------------------------------------------------
> > > >> >> Visit TechGenix.com for more
information about our
> > > other sites:
> > > >> >> http://www.techgenix.com
> > > >> >>
> > >
------------------------------------------------------
> > > >> >> To unsubscribe visit
> > >
http://www.isaserver.org/pages/isalist.asp
> > > >> >> Report abuse to
listadmin@xxxxxxxxxxxxx
> > > >> >>
> > > >> >>
> > > >> >
> > > >> >
> > > >> > -- >
> > > >> > G. Waleed Kavalec
> > > >> > -------------------------
> > > >> > Why are we all in this
handbasket
> > > >> > and where is it going so
fast?
> > > >> >
> > > >> >
http://www.kavalec.com/thisisislam.swf
> > > >> >
> > >
------------------------------------------------------
> > > >> > List Archives:
> > >
//www.freelists.org/archives/isalist/
> > > >>ISA Server
> > > >> > Newsletter:
> > >
http://www.isaserver.org/pages/newsletter.asp
> > > >>ISA Server
> > > >> > Articles and Tutorials:
> > >
>>http://www.isaserver.org/articles_tutorials/ ISA
> > > >> > Server Blogs:
> > > >> > http://blogs.isaserver.org/
> > >
>>------------------------------------------------------
> > > >> > Visit TechGenix.com for more
information about our
> > > other sites:
> > > >> > http://www.techgenix.com
> > >
>>------------------------------------------------------
> > > >> > To unsubscribe visit
> > >
>>http://www.isaserver.org/pages/isalist.asp Report
> > > >> > abuse to
listadmin@xxxxxxxxxxxxx
> > > >>
> > >
>>------------------------------------------------------
> > > >>List Archives:
> > >
//www.freelists.org/archives/isalist/
> > > >>ISA Server Newsletter:
> > >
>>http://www.isaserver.org/pages/newsletter.asp
> > > >>ISA Server Articles and
Tutorials:
> > >
>>http://www.isaserver.org/articles_tutorials/
> > > >>ISA Server Blogs:
http://blogs.isaserver.org/
> > >
>>------------------------------------------------------
> > > >>Visit TechGenix.com for more
information about our
> > > other sites:
> > > >>http://www.techgenix.com
> > >
>>------------------------------------------------------
> > > >>To unsubscribe visit
> > >
http://www.isaserver.org/pages/isalist.asp
> > > >>Report abuse to
listadmin@xxxxxxxxxxxxx
> > > >>
> > > >>
> > > >>
> > >
>------------------------------------------------------
> > > >List Archives:
> > >
//www.freelists.org/archives/isalist/
> > > >ISA Server Newsletter:
> > >
http://www.isaserver.org/pages/newsletter.asp
> > > >ISA Server Articles and
Tutorials:
> > >
>http://www.isaserver.org/articles_tutorials/
> > > >ISA Server Blogs:
http://blogs.isaserver.org/
> > >
>------------------------------------------------------
> > > >Visit TechGenix.com for more
information about our
> > > other sites:
> > > >http://www.techgenix.com
> > >
>------------------------------------------------------
> > > >To unsubscribe visit
> > >
http://www.isaserver.org/pages/isalist.asp
> > > >Report abuse to
listadmin@xxxxxxxxxxxxx
> > > >
> > >
>------------------------------------------------------
> > > >List Archives:
> > >
//www.freelists.org/archives/isalist/ ISA
> > > >Server Newsletter:
> > >
http://www.isaserver.org/pages/newsletter.asp ISA
> > > >Server Articles and Tutorials:
> > >
>http://www.isaserver.org/articles_tutorials/ ISA Server
> > > Blogs:
> > > >http://blogs.isaserver.org/
> > >
>------------------------------------------------------
> > > >Visit TechGenix.com for more
information about our
> > > other sites:
> > > >http://www.techgenix.com
> > >
>------------------------------------------------------
> > > >To unsubscribe visit
> > >
http://www.isaserver.org/pages/isalist.asp
> > > >Report abuse to
listadmin@xxxxxxxxxxxxx
> > > >
> > >
> > >
------------------------------------------------------ List
> > > Archives:
//www.freelists.org/archives/isalist/ ISA Server
> > > Newsletter:
http://www.isaserver.org/pages/newsletter.asp ISA Server
> > > Articles and Tutorials:
> > >
http://www.isaserver.org/articles_tutorials/ ISA
> > > Server Blogs:
http://blogs.isaserver.org/
> > >
------------------------------------------------------ Visit
> > > TechGenix.com for more information
about our other sites:
> > > http://www.techgenix.com
> > >
------------------------------------------------------ To unsubscribe
> > > visit
http://www.isaserver.org/pages/isalist.asp Report abuse to
> > > listadmin@xxxxxxxxxxxxx
> > >
> > >
> > > All mail to and from this domain
is GFI-scanned.
> > >
> > >
------------------------------------------------------
> > > List Archives:
//www.freelists.org/archives/isalist/
> > > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server Articles and Tutorials:
> > >
http://www.isaserver.org/articles_tutorials/
> > > ISA Server Blogs:
http://blogs.isaserver.org/
> > >
------------------------------------------------------
> > > Visit TechGenix.com for more
information about our other sites:
> > > http://www.techgenix.com
> > >
------------------------------------------------------
> > > To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
> > > Report abuse to
listadmin@xxxxxxxxxxxxx
> > >
> > >
------------------------------------------------------
> > > List Archives:
//www.freelists.org/archives/isalist/
> > > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server Articles and Tutorials:
> > >
http://www.isaserver.org/articles_tutorials/
> > > ISA Server Blogs:
http://blogs.isaserver.org/
> > >
------------------------------------------------------
> > > Visit TechGenix.com for more
information about our other sites:
> > > http://www.techgenix.com
> > >
------------------------------------------------------
> > > To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
> > > Report abuse to
listadmin@xxxxxxxxxxxxx
> > >
> > >
> > >
>
>------------------------------------------------------
> >List Archives:
//www.freelists.org/archives/isalist/
> >ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> >ISA Server Articles and Tutorials:
>
>http://www.isaserver.org/articles_tutorials/
> >ISA Server Blogs:
http://blogs.isaserver.org/
>
>------------------------------------------------------
> >Visit TechGenix.com for more
information about our other sites:
> >http://www.techgenix.com
>
>------------------------------------------------------
> >To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
> >Report abuse to
listadmin@xxxxxxxxxxxxx
> >
>
>------------------------------------------------------
> >List Archives:
//www.freelists.org/archives/isalist/
> >ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> >ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
> >ISA Server Blogs:
http://blogs.isaserver.org/
>
>------------------------------------------------------
> >Visit TechGenix.com for more
information about our other sites:
> >http://www.techgenix.com
>
>------------------------------------------------------
> >To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
> >Report abuse to
listadmin@xxxxxxxxxxxxx
> >
>
>
>------------------------------------------------------ List Archives:
//www.freelists.org/archives/isalist/ ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and
Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server
Blogs: http://blogs.isaserver.org/
------------------------------------------------------ Visit
TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------ To unsubscribe
visit http://www.isaserver.org/pages/isalist.asp Report abuse to
listadmin@xxxxxxxxxxxxx
>
>All mail to and from this domain is
GFI-scanned.
>
><< winmail.dat >>
engage Mutual Assurance is a trading name of
Homeowners Friendly Society Limited (HFSL), Registered and Incorporated
under the Friendly Societies Act 1992, Reg. No. 964F, and its wholly
owned subsidiary engage Mutual Funds Limited (eMFL), Reg. No. 3224780,
HFSL and eMFL are both authorised and regulated by the Financial
Services Authority (FSA). HFSL's FSA Register no. is 110072, eMFL's FSA
Register no. is 181487. You can check this on the FSA's Register by
visiting the FSA's website http://www.fsa.gov.uk/register or by
contacting the FSA on 0845 606 1234
engage Mutual Investment Funds ICVC is an
investment company with variable capital. Registered in England No.
IC00044.
engage Mutual Administration Limited Reg. No.
4301736, engage Mutual Services Limited Reg. No. 3088162 and Homeowners
Membership Services Limited Reg. No. 3091667 are non-regulated limited
companies.
United Kingdom Civil Service Benefit Society
(UKCSBS) and United Kingdom Armed Forces Benefit Society (UKAFBS) are
trading styles of Homeowners Friendly Society Limited
All registered at Hornbeam Park Avenue,
Harrogate. HG2 8XE. Tel: 01423 855000 Web: http://www.engagemutual.com
<http://www.engagemutual.com/> This e-mail is intended only for the
person named as recipient. The contents are confidential. If you are not
the intended recipient of this e-mail, please notify us as soon as
possible and delete it. If you are not the intended recipient of the
e-mail, any use by you is prohibited.
------------------------------------------------------ List Archives:
//www.freelists.org/archives/isalist/ ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and
Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server
Blogs: http://blogs.isaserver.org/
------------------------------------------------------ Visit
TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------ To unsubscribe
visit http://www.isaserver.org/pages/isalist.asp Report abuse to
listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/ ISA Server
Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server
Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA
Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------ Visit
TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------ To unsubscribe
visit http://www.isaserver.org/pages/isalist.asp Report abuse to
listadmin@xxxxxxxxxxxxx
Other related posts:
