Re: RES: RE: RES: HI ALL!!

• From: Paul Berg <frogman1370@xxxxxxxxx>
• To: "\[ISAserver.org Discussion List\]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 5 Feb 2003 10:41:34 -0800 (PST)

Tom,
Yep, you are very correct.  I tried testing it and I was able to get out 
successfully.  Would best practice be to block the ports and create the disable 
for the application on the Firewall client?  However, a Microsoft Security 
Specialist claims that we can block applications at layer 7 regardless of users 
renaming the application.  Are they mistaken or is this possible?
BTW:  Thanks, Tom, for pointing me in the right direction on anonymous access 
for the RealPlayer.
 Thomas W Shinder <tshinder@xxxxxxxxxxxxxxxxxx> wrote:http://www.ISAserver.org

Hi Paul, Yes, the problem is if you work in a University or have otherwise 
smart users, they'll discover that they can rename the .exe and get by that. 
That's the value of having teenage children at University :-) Tom Thomas W 
Shinderwww.isaserver.org/shinder ISA Server and Beyond: 
http://tinyurl.com/1jq1Configuring ISA Server: http://tinyurl.com/1llp
  -----Original Message-----
From: Paul Berg [mailto:frogman1370@xxxxxxxxx] 
Sent: Wednesday, February 05, 2003 11:33 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: RES: RE: RES: HI ALL!!

http://www.ISAserver.org 
Value must be 1 to turn on the function of disable... 
 Tiago de Aviz <Tiago@xxxxxxxxxxxxxxx> wrote: @font-face {      font-family: 
Tahoma;}@font-face {       font-family: Comic Sans MS;}@page Section1 {size: 
612.0pt 792.0pt; margin: 72.0pt 90.0pt 72.0pt 90.0pt; }P.MsoNormal {  
FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New 
Roman"}LI.MsoNormal {     FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: 
"Times New Roman"}DIV.MsoNormal {    FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; 
FONT-FAMILY: "Times New Roman"}A:link {   COLOR: blue; TEXT-DECORATION: 
underline}SPAN.MsoHyperlink {     COLOR: blue; TEXT-DECORATION: 
underline}A:visited {     COLOR: purple; TEXT-DECORATION: 
underline}SPAN.MsoHyperlinkFollowed {   COLOR: purple; TEXT-DECORATION: 
underline}P.MsoPlainText {      FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt; 
FONT-FAMILY: "Courier New"}LI.MsoPlainText {      FONT-SIZE: 10pt; MARGIN: 0cm 
0cm 0pt; FONT-FAMILY: "Courier New"}DIV.MsoPlainText {     FONT-SIZE: 10pt; 
MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Courier New"}P.MsoAutoSig { FONT-SIZE: 12pt; 
MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"}LI.MsoAutoSig {    
FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New 
Roman"}DIV.MsoAutoSig {   FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: 
"Times New Roman"}SPAN.estilocorreo17 {      COLOR: windowtext; FONT-FAMILY: 
Arial}SPAN.estilodeemail20 {    COLOR: black}SPAN.EstiloDeEmail22 {     COLOR: 
black}DIV.Section1 {     page: Section1}http://www.ISAserver.org


Thomas,

 

Worked for me! You can also try disabling the kazaa.exe executable in the 
Microsoft Firewall Clients properties in ISA Management. Create a rule for 
kazaa.exe, set the string for Disable and the value to 0.

 

Tiago de Aviz

-----------------------

tiago@xxxxxxxxxxxxxxx

www.softsell.com.br

-----------------------

 

-----Mensagem original-----
De: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Enviada em: terga-feira, 4 de fevereiro de 2003 21:16
Para: [ISAserver.org Discussion List]
Assunto: [isalist] RE: RES: HI ALL!!

 

http://www.ISAserver.org

Hi Tiego,

 

So you've had success with blocking *.kaaza.com? I haven't tried it yet, but 
I'll give it a shot. We usually just remove the app from client workstations 
when the firewall log shows the app.

 

Thanks!

Tom

 

 

Thomas W Shinder
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp 
 ------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
frogman1370@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 


---------------------------------
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now

Other related posts:

• » RES: RE: RES: HI ALL!!
• » Re: RES: RE: RES: HI ALL!!
• » Re: RES: RE: RES: HI ALL!!
• » Re: RES: RE: RES: HI ALL!!
• » Re: RES: RE: RES: HI ALL!!
• » Re: RES: RE: RES: HI ALL!!
• » Re: RES: RE: RES: HI ALL!!

1. Home
2. isalist
3. Archive
4. 02-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---