Hi Gary, I used the term "(don't)" because the vast majority of folks don't have a full understanding of what each security wizard does to the system. I wouldn't even be the one to say "I know that it will do to your system" because it depends on too many other factors. I could discuss what each setting in each .inf file accomplishes, but what that means to your system may be something entirely different to mine. The ISA team had good intentions and the right idea; make it easy to apply an appropriate security template to a server that protects your network. Unfortunately, many folks using wizards neither have nor want detailed knowledge of what the wizard accomplishes while they're using it. That's a dangerous mixture where security templates are concerned, as many have discovered. The ISA MMC might have popped up a "You better know exactly what applying "XXX.inf" to your system will do before agreeing to this action." message, but that's more oversight that malicious intent. Remember; this product is aimed squarely at the LORG - Enterprise market. The folks in that arena generally study and play with a new technology for an extended time before putting it into production. It's "available" to the SORG-MORG market because it's a totally kewl product, but you can't target that broad a market spectrum without dissatisfying someone. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the book! ----- Original Message ----- From: "Gary Anderson" <gary.anderson@xxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Saturday, December 15, 2001 05:29 Subject: [isalist] Secure Your Server Wizard - Question to Jim Harrison http://www.ISAserver.org Hi Jim, On the Microsoft newsgroup, you answered a "Spoof Attack" thread like this: ==== Please detail your ISA setup (ipconfig /all)? What rules / filters have you defined? Have you used the "secure your sever" wizards (don't)? ==== Can you clarify the "Don't" for secure your server wizards? I agree with you that these "wizards". They cause more problems than they solve. I know how the security works: basicdc.inf, securedc.inf, hisecdc.inf. I also know that "setup security.inf" on a W2K is tighter than basicdc.inf. Still, I'm surprised that an editor would secure an application firewall through the application instead of instructing the system administrator to do so by going through the underlaying OS. Yesterday, I wasted three hours. Clean install of W2K, all of the Microsoft updates, ISA Server and then the "Secure your server" Wizards. "You must restart your computer" message. Ok. The machine never comes back. It hangs on "Preparing Network Connections". Recover the OS and updates from an image. Reinstall ISA without the "Secure your server" wizard step and everyone works fine. (In fact, I even ran a vulnerability test from the outside againt the machine. NMAP found a lot of filtered ports and detected the W2K as XP RC1 or RC2. After one hour of attacks, NESSUS returned only two minor advisories. The fact that it showed so many filtered ports didn't make me happy but overall ISA Server's perimeter security in an "out of the box" installation is very good.) As far as I'm concerned ISA Server's "Secure Your Server" Wizard should be called "Pull The Trigger and Put a Neat Hole in Your Foot" Wizard. A definite candidate for the "Thanks, Bill!" award. Gary Anderson ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')