[isapros] Re: ISA, Exchange 2007 and Perimeter Networks

  • From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
  • To: "isapros@xxxxxxxxxxxxx" <isapros@xxxxxxxxxxxxx>
  • Date: Sat, 13 Jan 2007 10:45:40 -0800

But that¹s the opposite of what the analogy means- the ³free for all, combat
rich, chaotic, uncontrollable² zone is NOT the DMZ.  The ³DMZ,² where it
refers to Korea, is a highly controlled, restricted area bound by the policy
of the armistice.  I would never put a honeypot in the DMZ, as no one would
ever hit it- not in MY DMZ¹s anyway... The honeypot goes on the Internet
segment or somewhere that everyone can hit it... The DMZ is where one should
most closely monitor traffic or deploy intrusion detection... Why have yet
another term?  If people can¹t understand what DMZ really is, then I doubt
they will understand what PNS is...

t


On 1/12/07 4:09 PM, "Steve Moffat" <steve@xxxxxxxxxx> spoketh to all:

> Personally, I think it should mean what it says, and match the anology that it
> is part of?.
>  
> Free for all?no restrictions, somewhere you would put a honey pot?..
>  
> And use the proper term for it which would be is?..?? PNS..Protected Network
> Segment
>  
> S
>  
> 
> From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On
> Behalf Of Thor (Hammer of God)
> Sent: Friday, January 12, 2007 7:51 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
>  
> Interesting... Probably a good idea for us to actually articulate what we
> really mean when we say DMZ.
> 
> I guess to some it means ³free for all network² but for me, it should be the
> network where you have the most restrictive policies controlling each service
> so that it is obvious when malicious traffic hits the wire.  Thoughts>
> t
> 
> 
> On 1/12/07 3:30 PM, "Steve Moffat" <steve@xxxxxxxxxx> spoketh to all:
> That¹s what I thought, now it¹s what I know?.
>  
> 
> From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On
> Behalf Of Jim Harrison
> Sent: Friday, January 12, 2007 6:35 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> 
> Aside from normal router & switch ACLs, ISA is the single line of defense.
> ³..we don¹t need no stinking DMZs²
>  
> 
> From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On
> Behalf Of Steve Moffat
> Sent: Friday, January 12, 2007 12:12 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> 
> Ahh?just had a thought.
>  
> It¹s all labeling.
>  
> Jason, and others (not Jason¹s fault), have been using the term DMZ.
>  
> Historically, is the term DMZ not taken literally as being completely
> firewalled off from the trusted networks, and what Jason is talking about is
> trusted network segmentation.
>  
> I betcha that¹s why the Exchange team don¹t support it?they think it¹s a
> typical run of the mill DMZ?
>  
> Jim, isn¹t MS¹s Internal network segmented by usin ISA?? Including your mail
> servers?
>  
> S 
> All mail to and from this domain is GFI-scanned.
> 
>  
> 
>  
>

Other related posts:

  1. Home
  2. isapros
  3. Archive
  4. 01-2007