[isapros] Re: ISA, Exchange 2007 and Perimeter Networks

• From: "Jason Jones" <Jason.Jones@xxxxxxxxxxxxxxxxx>
• To: <isapros@xxxxxxxxxxxxx>
• Date: Sat, 13 Jan 2007 23:46:28 -0000

Can't believe they just make their own decision terminology/security
architecture rather than asking ISA product team for advise on what they
should be saying....maybe that is just me being incredibly naive though
;-)

________________________________

From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
On Behalf Of Thomas W Shinder
Sent: 13 January 2007 17:32
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks


However, one thing I DON'T want to get back to is the "single model" DMZ
-- because the entire point of this conversation is that there is a
heterogeniety of DMZs and that the problem with the Exchange team is
that they didn't understand this in the first place. :)
 
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- Microsoft Firewalls (ISA)

 


________________________________

        From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
        Sent: Saturday, January 13, 2007 11:23 AM
        To: isapros@xxxxxxxxxxxxx
        Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
        
        
        It's interesting how the canaille misinterprets the term DMZ,
like they do for most things :)
         
        Think about the Korean DMZ -- is that really a "free for all"
place? Or one of the most monitored and secured areas in the world,
where nothing happens without someone knowing about it almost
immediately?
         
        That what you get when the Syphco reps teach a generation of
"port openers"....
         
        Thomas W Shinder, M.D.
        Site: www.isaserver.org <http://www.isaserver.org/> 
        Blog: http://blogs.isaserver.org/shinder/
        Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
        MVP -- Microsoft Firewalls (ISA)

         


________________________________

                From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God)
                Sent: Friday, January 12, 2007 5:51 PM
                To: isapros@xxxxxxxxxxxxx
                Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter
Networks
                
                
                Interesting... Probably a good idea for us to actually
articulate what we really mean when we say DMZ.
                
                I guess to some it means "free for all network" but for
me, it should be the network where you have the most restrictive
policies controlling each service so that it is obvious when malicious
traffic hits the wire.  Thoughts>
                t
                
                
                On 1/12/07 3:30 PM, "Steve Moffat" <steve@xxxxxxxxxx>
spoketh to all:
                
                

                        That's what I thought, now it's what I know....
                         
                        
                        From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
                        Sent: Friday, January 12, 2007 6:35 PM
                        To: isapros@xxxxxxxxxxxxx
                        Subject: [isapros] Re: ISA, Exchange 2007 and
Perimeter Networks
                        
                        Aside from normal router & switch ACLs, ISA is
the single line of defense.
                        "..we don't need no stinking DMZs"
                         
                        
                        From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
                        Sent: Friday, January 12, 2007 12:12 PM
                        To: isapros@xxxxxxxxxxxxx
                        Subject: [isapros] Re: ISA, Exchange 2007 and
Perimeter Networks
                        
                        Ahh...just had a thought.
                         
                        It's all labeling.
                         
                        Jason, and others (not Jason's fault), have been
using the term DMZ.
                         
                        Historically, is the term DMZ not taken
literally as being completely firewalled off from the trusted networks,
and what Jason is talking about is trusted network segmentation.
                         
                        I betcha that's why the Exchange team don't
support it...they think it's a typical run of the mill DMZ...
                         
                        Jim, isn't MS's Internal network segmented by
usin ISA?? Including your mail servers?
                         
                        S 

                        All mail to and from this domain is GFI-scanned.


                        
                        

                
                

• Follow-Ups:
  • [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
    • From: Jim Harrison

• References:
  • [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
    • From: Thomas W Shinder

Other related posts:

• » [isapros] ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
• » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks

1. Home
2. isapros
3. Archive
4. 01-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---