RE: Stop me before I jump...

• From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 23 Jan 2004 09:14:24 -0500

Tom,

 

It's because ISA is so much more sophisticated than other firewalls. On most 
firewalls items you mention under points 2,3,4 and 5 don't exist. I do know 
what you mean though when I try to ask enough questions to be able to configure 
ISA using questions 2,3,4 and 5 I get the blank stare (or what sounds like a 
blank stare over the phone) and a statement something like "all it says is open 
port 2055". 

 

Go ahead and try to setup uni-directional port access to a particular 
destination port in a $200-$600 "firewall" appliance; it isn't going to happen. 

 

Amy

 

________________________________

From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Thursday, January 22, 2004 6:06 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Stop me before I jump...

 

http://www.ISAserver.org
http://www.ISAserver.org

Hi Amy,

 

The thing that gets me is that the term is useless and meaningless and leads to 
uneeded confusion.

 

The tech support guy who says "open ports 1, 2 and 3". OK, first there is no 
open port button. Second, there is no directionality to the statement. Third, 
there is no source or destination port information in the statement. Fourth, 
there is no indication of whether this is a primary to secondary connection. 
Fifth, it says nothing about things like the app layer protocol embedding 
private addresses in the comm stream.

 

The "open a port" concept comes from people who have no idea what's going on. 
They imagine that the firewall is a wall with a series of serrated circles on 
it, and each of these circles has a number. Now, to open port 3, you just punch 
is out and "stuff" (not otherwise specified) flows through it. Too bad things 
don't work that way, otherwise the Open Port Button [patent pending] would be a 
useful thing and not something used for comic relief :)

 

Thanks!

Tom

 

________________________________

From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, January 21, 2004 3:04 PM
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] Stop me before I jump...

Yes, well the information is uesful for those of us that have to support 
non-ISA firewall configurations. Beleive me I hate that my only options on a 
symantec firewall/VPN thingy are open or non-existant. Talk about a security 
problem waiting to happen. Such is the life of a consultant.

 

Amy

 

________________________________

From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Wed 1/21/2004 3:58 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Stop me before I jump...

http://www.ISAserver.org
http://www.ISAserver.org

From the Windows 2003 Help File:

 

"To use Remote Assistance through a firewall
Remote Assistance uses the Remote Desktop Protocol (RDP) to establish a 
connection between a user requesting help and an assistant providing it. The 
RDP uses TCP port 3389 for this connection. To allow users within an 
organization to request help outside your organization using Remote Assistance, 
port 3389 must be open at the firewall. To prohibit users from requesting help 
outside the organization, this port should be closed at the firewall."

...where is that dreaded Open Port[Patent Pending] button?...

 

Thomas W Shinder

www.isaserver.org/shinder <http://www.isaserver.org/shinder>  

  <http://www.microsoft.com/isaserver/beta/default.asp> 

ISA Server and Beyond: http://tinyurl.com/1jq1

Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp> 

 

 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=alist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?typeúQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=alist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?typeúQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=alist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?typeúQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=alist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?typeúQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

Other related posts:

• » Stop me before I jump...
• » RE: Stop me before I jump...
• » Re: Stop me before I jump...
• » Re: Stop me before I jump...
• » Re: Stop me before I jump...
• » Re: Stop me before I jump...
• » Re: Stop me before I jump...
• » Re: Stop me before I jump...
• » Re: Stop me before I jump...
• » Re: Stop me before I jump...
• » RE: Stop me before I jump...
• » RE: Stop me before I jump...
• » RE: Stop me before I jump...
• » RE: Stop me before I jump...
• » RE: Stop me before I jump...
• » RE: Stop me before I jump...
• » Re: Stop me before I jump...
• » Re: Stop me before I jump...
• » RE: Stop me before I jump...
• » RE: Stop me before I jump...
• » Re: Stop me before I jump...

1. Home
2. isalist
3. Archive
4. 01-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---