Yeh - and you're a terrible landlord, too... ;-p ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, July 20, 2005 06:44 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Question for the Gallery regarding VPN access http://www.ISAserver.org Hi Jim, GREAT! Its funny that I never thought of this until after I asked the question re: Server Publishing Rules. And here you mirrored the thought I had for the first time today. You're not one of the voices in my head, are you? Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > Sent: Wednesday, July 20, 2005 8:15 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Question for the Gallery regarding VPN access > > http://www.ISAserver.org > > 1. stop trying to server-publish file shares (and web shares) > 2. use raw protocols that don't tolerate NAT (SvrPub) > 3. authenticate the user (SvrPub can't) > 4. reduce the ISA (and upstream) attack surface > 5. quarantine, baby! > > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Wednesday, July 20, 2005 6:03 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] Question for the Gallery regarding VPN access > > http://www.ISAserver.org > > Hey guys, > > I want to do an article on how you can use the ISA firewall to provide > fined-tuned access control for VPN users. > > To make is as topical as possible (within the limits of my > abilities and > time), what are the top three reasons for you to give users VPN access > to your network instead of creating Web or Server Publishing Rules? > > Thanks! > Tom > www.isaserver.org/shinder <http://www.isaserver.org/shinder> > Tom and Deb Shinder's Configuring ISA Server 2004 > http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> > MVP -- ISA Firewalls > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.