[isalist] Re: SME LAN and ISA
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Sun, 21 May 2006 20:30:15 -0700
http://www.ISAserver.org
-------------------------------------------------------
"There is some small bug / hole in ISA2006, that, as yet is it undetected, it
small, it's new and it's specific to ISA2006, it's obscure, but it's there."
The same could be said for *any* product, beta or RTM bits.
It does no good to apply "chicken little" logic to any situation.
As Tim stated; if your' uncomfy with using beta products in production, then
don't do it.
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Glenn P. JOHNSTON
Sent: Sunday, May 21, 2006 18:43
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: SME LAN and ISA
From what I have seen of ISA2006 on my play LAN, it seems stable, works well
and to date, I have found no issues, and while I have not done full speed
tests, I have a gut feel that the performance is better.
However, It's got nothing to do with skill set, being comfortable or anything
like.
Purely on principle, I would not put any beta, or pre lease software near a
production LAN. This comes from 25 years supporting and developing systems in
corporate environments.
What about this situation;
There is some small bug / hole in ISA2006, that, as yet is it undetected, it
small, it's new and it's specific to ISA2006, it's obscure, but it's there.
You put ISA2006 on a production LAN, and some one on the internet finds it,
finds the bug / hole, makes use of it, and hacks in and a customer list find
it's way onto the internet, or in the hands of a competitor.
There is an investigation, possibly with law enforcement called in, the board
finds out there was beta software on their production LAN, you're shot your
self in the foot, you are in an indefensible position.
Unlikely, yes.
Is there any bug / holes in ISA2006, my suspicion is probably not, but the jury
is still out deliberating on that one.
Would it be OK on a production LAN, probably yes, it will work, and work
without issues.
But, if an issue does occur, will any board or business owner support using
beta or pre release on their production system, not likely, more likely, you're
looking for another job. There also could very well be legal issues, where
you're exposed yourself to some liability claim.
It's just not a position you want to be in, no matter how sure you are that
every 'i' is dotted, and 't' crossed, you just don't want to be there in the
the unlikely event of an issue.
If it's full version public released software, the situation would be a lot
different, with beta, you done like a dinner.
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Thor (Hammer of God)
Sent: Monday, 22 May 2006 10:59
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: SME LAN and ISA
People who know what they are doing. If you are not comfortable with your
skillset, then don't do it. But since you question our sanity, that means that
you just know something we don't. Please give us a list of your specific
issues with ISA2006 and the security vulnerabilities you have discovered.
t
On 5/21/06 5:50 PM, "Glenn P. JOHNSTON" <glenn.johnston@xxxxxxxxxxx> spoketh to
all:
Who in there right mind would use a product beta on a production LAN
????
We have enough problems with the day to day stuff, and users, and
business needs , and.........
Why make extra problems of our own making !
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God)
Sent: Monday, 22 May 2006 08:02
To: isalist@xxxxxxxxxxxxx; Greg Mulholland
Subject: [isalist] Re: SME LAN and ISA
Don't listen to Greg. Use ISA2006 all you want (if you know what you
are doing.)
t
On 5/21/06 2:21 PM, "Greg Mulholland" <greg@xxxxxxxxxxxxxx> spoketh to
all:
and dont use isa 2006!! its beta.. use 2004..
Greg Mulholland
________________________________
From: isalist-bounce@xxxxxxxxxxxxx on behalf of Egyptian Mind
Sent: Mon 22/05/2006 1:45 AM
To: isalist@xxxxxxxxxxxxx
Cc: gen_sib@xxxxxxxxx
Subject: [isalist] Re: SME LAN and ISA
http://www.ISAserver.org
-------------------------------------------------------
1- install the ISA server after the adsl router and before the
switch.
2- put two interface cards in the server
3- attach one interface with the adsl router ( outside ) and
the other to the unmanged switch ( inside )
4- assign an IP from your local lan to the inside interface
5- assign any IP of the range that given from the ISP ( after
the router nat ) to the ouside interface
6- make ur own rules on the ISA server
BASIC SME NETWork SETUP
Internet Cloud
|
|
|
|
ADSL (AZTECH ETHERNET USB) Broadband Router
DHCP
| _____________________________
| | |
|___outside interface ( 10.11.1.1/24) | ISA Server
___insdie interface ( 192.168.1.1/24 ) |
| |_____________________________|
|
|______________________
LoCAL AREA NETWORK (Unmanaged Switch)
LAN IP Address 192.168.1.0/24
______________________________
SBS2003-BOX (HP DL3*) LINUX-Box (HP DL3*)
AD OpenSource Helpdesk System
DHCP OpenSource Network Monitoring(nagios, nmis)
DNS SMS Pager
Intranet AV(clamWin Free AV)
Accounting
MAILs (Pulled from ISP thru pop3 connector)
CRM
WSUS
AV (clamWin Free AV + AVG)
!~` Yesterday is a History` ~!
!~` Tomorrow is a Mystery` ~!
!~` Today is a Gift` ~!
!~` So we call it ...............` ~!
!~` Present .......Simple` ~!
Mob : +966 50 2953591
________________________________
From: Gene Sibbs <gen_sib@xxxxxxxxx>
Reply-To: isalist@xxxxxxxxxxxxx
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] SME LAN and ISA
Date: Sun, 21 May 2006 02:25:59 -0700 (PDT)
Greetings,
I have attached a basic LAN setup diagram and I would
like to pick your brains as far as the security is concerned.
My objective is that the In/Outbound traffic must
pass thru ISA box
Base on the attached design I feel that the security
is lacking. I have downloaded ISA 2006 BETA version...and I want to introduce
ISA Server as a member of the family to beef-up security.
How can I make ISA Server 2006 beta play with this
basic design, bearing in mind that I don't have a static IP address from my
ISP. My ADSL is dhcp obtaining the IP address from ISP.
I want to run ISA2006 on a separate box completely.
With many thanks!
Gene Sibbs
________________________________
New Yahoo! Messenger with Voice. Call regular phones
from your PC
<http://us.rd.yahoo.com/mail_us/taglines/postman5/*http://us.rd.yahoo.com/evt=39666/*http://messenger.yahoo.com>
<http://us.rd.yahoo.com/mail_us/taglines/postman5/*http://us.rd.yahoo.com/evt=39666/*http://messenger.yahoo.com>
and save big.
________________________________
Feel free to call! Free PC-to-PC calls. Low rates on
PC-to-Phone. Get Yahoo! Messenger with Voice
<http://us.rd.yahoo.com/mail_us/taglines/postman10/*http://us.rd.yahoo.com/evt=39663/*http://messenger.yahoo.com>
<http://us.rd.yahoo.com/mail_us/taglines/postman10/*http://us.rd.yahoo.com/evt=39663/*http://messenger.yahoo.com>
>BASIC SME NETWork SETUP
>
>Internet Cloud
> |
> |
> |
> |
>ADSL (AZTECH ETHERNET USB) Broadband Router
> DHCP
> |
> |
> |
>________|______________________
>LoCAL AREA NETWORK (Unmanaged Switch)
>LAN IP Address 10.11.1.0/24
>
>______________________________
>
>SBS2003-BOX (HP DL3*) LINUX-Box (HP DL3*)
>
>AD OpenSource Helpdesk System
>DHCP OpenSource Network Monitoring(nagios, nmis)
>DNS SMS Pager
>Intranet AV(clamWin Free AV)
>Accounting
>MAILs (Pulled from ISP thru pop3 connector)
>CRM
>WSUS
>AV (clamWin Free AV + AVG)
>______________________________
>
>Security is an issue here...
>
------------------------------------------------------ List
Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and
Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs:
http://blogs.isaserver.org/
------------------------------------------------------ Visit TechGenix.com for
more information about our other sites: http://www.techgenix.com
------------------------------------------------------ To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp Report abuse to
listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
