Why does the movie "Crazy People" come to mind with all of this?? t On 2/28/07 1:47 PM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> spoketh to all: > "ISA, the Firewall that Cares" > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- Microsoft Firewalls (ISA) > > > >> -----Original Message----- >> From: isapros-bounce@xxxxxxxxxxxxx >> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of John T (lists) >> Sent: Wednesday, February 28, 2007 1:34 PM >> To: isapros@xxxxxxxxxxxxx >> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks >> >> "ISA, not your average hardware firewall!" >> >> "An ISA you can trust!" >> >> "ISA, it just keeps working and working and working!" >> >> "ISA blocks what others let through!" >> >> John T >> >>> -----Original Message----- >>> From: isapros-bounce@xxxxxxxxxxxxx >> [mailto:isapros-bounce@xxxxxxxxxxxxx] >>> On Behalf Of Greg Mulholland >>> Sent: Tuesday, February 27, 2007 1:36 PM >>> To: isapros@xxxxxxxxxxxxx >>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks >>> >>> An aussie contribution: >>> >>> ISA ISA ISA, Oi Oi Oi. >>> >>> Sorry that's really bad.. >>> >>> -----Original Message----- >>> From: isapros-bounce@xxxxxxxxxxxxx >> [mailto:isapros-bounce@xxxxxxxxxxxxx] >>> On >>> Behalf Of Thor (Hammer of God) >>> Sent: Wednesday, 28 February 2007 1:51 AM >>> To: isapros@xxxxxxxxxxxxx >>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks >>> >>> How about "ISA. So simple a caveman can use it." Oh wait. >> SBS already >>> took >>> that one! :-p >>> >>> t >>> >>> >>> On 2/27/07 6:36 AM, "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx> >>> spoketh >>> to all: >>> >>>> Should be "Firewall's make me Hot", shouldn't it? >>>> >>>> How about "Flames, baby flames, you're goin' down." As said by The >>>> Bomber What Bombs at Midnight. (from The Tick, of course) >>>> >>>> Amy >>>> >>>> >>>> -----Original Message----- >>>> From: isapros-bounce@xxxxxxxxxxxxx >> [mailto:isapros-bounce@xxxxxxxxxxxxx] >>>> On Behalf Of Gerald G. Young >>>> Sent: Tuesday, February 27, 2007 9:12 AM >>>> To: isapros@xxxxxxxxxxxxx >>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks >>>> >>>> "ISA, your friendly, neighborhood firewall." >>>> "Never a dull rule in ISA." >>>> "ISA's hot." - as imagined said by Paris Hilton. >>>> "ISA and PIX, sitting in a tree..." - yeah, not so much. ;) >>>> "I'll show you my certificate if you'll show me yours." >>>> >>>> Cordially yours, >>>> Jerry G. Young II >>>> Application Engineer, Platform Engineering and Architecture >>>> NTT America, an NTT Communications Company >>>> >>>> 22451 Shaw Rd. >>>> Sterling, VA 20166 >>>> >>>> Office: 571-434-1319 >>>> Fax: 703-333-6749 >>>> Email: g.young@xxxxxxxx >>>> >>>> >>>> -----Original Message----- >>>> From: isapros-bounce@xxxxxxxxxxxxx >> [mailto:isapros-bounce@xxxxxxxxxxxxx] >>>> On Behalf Of Thomas W Shinder >>>> Sent: Monday, February 26, 2007 7:22 PM >>>> To: isapros@xxxxxxxxxxxxx >>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks >>>> >>>> "ISA's Got You In Its Sites" >>>> >>>> Thomas W Shinder, M.D. >>>> Site: www.isaserver.org >>>> Blog: http://blogs.isaserver.org/shinder/ >>>> Book: http://tinyurl.com/3xqb7 >>>> MVP -- Microsoft Firewalls (ISA) >>>> >>>> >>>> >>>>> -----Original Message----- >>>>> From: isapros-bounce@xxxxxxxxxxxxx >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak >>>>> Sent: Monday, February 26, 2007 4:01 PM >>>>> To: isapros@xxxxxxxxxxxxx >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks >>>>> >>>>> I'd rather be on Layer 7 >>>>> >>>>> Amy >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> -----Original Message----- >>>>> From: isapros-bounce@xxxxxxxxxxxxx >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] >>>>> On Behalf Of Jim Harrison >>>>> Sent: Monday, February 26, 2007 4:45 PM >>>>> To: isapros@xxxxxxxxxxxxx >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks >>>>> >>>>> Not bad; except for the trailing commentary... >>>>> :-p >>>>> >>>>> -----Original Message----- >>>>> From: isapros-bounce@xxxxxxxxxxxxx >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] >>>>> On Behalf Of Thomas W Shinder >>>>> Sent: Monday, February 26, 2007 12:53 PM >>>>> To: isapros@xxxxxxxxxxxxx >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks >>>>> >>>>> How about: >>>>> >>>>> "ISA Firewall Rules!" >>>>> >>>>> Get it? Firewall rules? Like in firewall ruleset? You >> know, sort of a >>>>> double entendre sort of thingie :)) >>>>> >>>>> Thomas W Shinder, M.D. >>>>> Site: www.isaserver.org >>>>> Blog: http://blogs.isaserver.org/shinder/ >>>>> Book: http://tinyurl.com/3xqb7 >>>>> MVP -- Microsoft Firewalls (ISA) >>>>> >>>>> >>>>> >>>>>> -----Original Message----- >>>>>> From: isapros-bounce@xxxxxxxxxxxxx >>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison >>>>>> Sent: Monday, February 26, 2007 2:27 PM >>>>>> To: isapros@xxxxxxxxxxxxx >>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks >>>>>> >>>>>> Ok - it's official - let's get an "ISABlog motto" contest going. >>>>>> Basic rules: >>>>>> - no derogatory comments about CheckPix or similar (makes >>>>> the lawyers >>>>>> tremble) >>>>>> - no marketing spew >>>>>> - keep it short (10 words max) >>>>>> - must use ISA behavior or feature (like "wpad") >>>>>> - should abuse a common phrase (like "does a nautical >> pimp keep his >>>>>> 'oars' in the water?") >>>>>> >>>>>> -----Original Message----- >>>>>> From: isapros-bounce@xxxxxxxxxxxxx >>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] >>>>>> On Behalf Of Thomas W Shinder >>>>>> Sent: Monday, February 26, 2007 12:23 PM >>>>>> To: isapros@xxxxxxxxxxxxx >>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks >>>>>> >>>>>> You had me at WPAD? :) >>>>>> >>>>>> Thomas W Shinder, M.D. >>>>>> Site: www.isaserver.org >>>>>> Blog: http://blogs.isaserver.org/shinder/ >>>>>> Book: http://tinyurl.com/3xqb7 >>>>>> MVP -- Microsoft Firewalls (ISA) >>>>>> >>>>>> >>>>>> >>>>>>> -----Original Message----- >>>>>>> From: isapros-bounce@xxxxxxxxxxxxx >>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison >>>>>>> Sent: Monday, February 26, 2007 12:26 PM >>>>>>> To: isapros@xxxxxxxxxxxxx >>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and >> Perimeter Networks >>>>>>> >>>>>>> NDA is a completely different point and Amy has it right - >>>>>>> non-MS lists >>>>>>> are verboten to NDA material. >>>>>>> I'm an "odd duck" in this context (for more than one reason - >>>>>>> ha! - beat >>>>>>> ya to it!), because it's actually a large part of my job >>>>> to "keep my >>>>>>> finger on the pulse", as it were. This is why you see me >>>>>> doing trips >>>>>>> like tech Ready & Black Hat. Unfortunately, fiscal >>>>>>> limitations curtail >>>>>>> any further involvement, but such is corporate life. >>>>>>> >>>>>>> I agree that the ISA team hasn't exactly kept pace >> with teams like >>>>>>> Exchange (we don't even have a silly motto like "you had me >>>>>> at ehlo"), >>>>>>> but it still comes back to the "effort priorities". I've >>>>>> been working >>>>>>> with the right folks to make this a better experience >> all around >>>>>>> (especially for the MVPs), but these things tend to >> move slowly... >>>>>>> >>>>>>> -----Original Message----- >>>>>>> From: isapros-bounce@xxxxxxxxxxxxx >>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] >>>>>>> On Behalf Of Thor (Hammer of God) >>>>>>> Sent: Monday, February 26, 2007 9:54 AM >>>>>>> To: isapros@xxxxxxxxxxxxx >>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and >> Perimeter Networks >>>>>>> >>>>>>> Conflicting info, then. I was told by a source that non-MSFT >>>>>>> lists were >>>>>>> poo-poo'ed on for liability and NDA reasons. >>>>>>> >>>>>>> And while I totally understand the "bottom line" thinking, it >>>>>>> seems like >>>>>>> a >>>>>>> huge waste to initiate something like the MVP program and to >>>>>>> go through >>>>>>> all >>>>>>> the motions only to do it half-assed. >>>>>>> >>>>>>> t >>>>>>> >>>>>>> >>>>>>> On 2/26/07 9:35 AM, "Jim Harrison" <Jim@xxxxxxxxxxxx> >>>>>> spoketh to all: >>>>>>> >>>>>>>> In fact, ISA product team members are strongly encouraged to >>>>>>> participate >>>>>>>> in lists, NG, blogs and all other manner of public >> communication >>>>>>>> efforts. >>>>>>>> The sad fact is; the time available for such endeavors >>>>> is woefully >>>>>>>> small. >>>>>>>> MS, like many profit-making businesses, operates with >>>>> the smallest >>>>>>> teams >>>>>>>> required to produce product "X". >>>>>>>> Unfortunately, with software engineering being what it >>>>> is, and the >>>>>>>> pressures of the marketing "old boy club", the teams are >>>>>>> too small to >>>>>>>> cover all the "nice to do" bases and still leave >> folks time for >>>>>>>> themselves. >>>>>>>> >>>>>>>> >>>>>>>> -----Original Message----- >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx >>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] >>>>>>>> On Behalf Of Thor (Hammer of God) >>>>>>>> Sent: Monday, February 26, 2007 9:07 AM >>>>>>>> To: isapros@xxxxxxxxxxxxx >>>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and >> Perimeter Networks >>>>>>>> >>>>>>>> I never really saw much from the PM's over there- just that >>>>>>> one stint >>>>>>>> about SQL logging, and to be honest, there wasn't >> much valuable >>>>>>> content >>>>>>>> sourced from the MSFT side... In fact, as I understand it, >>>>>>> the PM and >>>>>>>> product support people (other than Jim) are apparently >>>>>> not pushed to >>>>>>>> participate (and may be asked not to) because of the fact >>>>>> that it is >>>>>>> NOT >>>>>>>> an official MSFT site, and that NDA and product liability >>>>>> may be an >>>>>>>> issue. >>>>>>>> >>>>>>>> I'm going to draft up a "suggestions for the MVP program" >>>>>> and submit >>>>>>>> them to the powers that be, just so that things like >> this can be >>>>>>>> addressed. >>>>>>>> >>>>>>>> t >>>>>>>> >>>>>>>> >>>>>>>> On 2/26/07 8:50 AM, "Thomas W Shinder" >>>>>>> <tshinder@xxxxxxxxxxx> spoketh >>>>>>> to >>>>>>>> all: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> It's been a real problem for the ISA PG to work with the ISA >>>>>>>> MVPs, because they think that the ISA MVPs are still >>>>>>> involved with the >>>>>>>> ISA MVP mailing list. I explained to them that because >>>>> of "issues" >>>>>>> with >>>>>>>> that list that there was less than optimal participation >>>>>>> and that they >>>>>>>> needed to get a MS managed solution. At the very least, >>>>> they could >>>>>>>> create their own DL and send mail to people on that >> list. I hate >>>>>>> missing >>>>>>>> out on the ISA PGs communications on that "other" list, but >>>>>>> my life is >>>>>>>> so much better not having to listen to the ****** that >>>>>> happens over >>>>>>>> there. >>>>>>>> >>>>>>>> Thomas W Shinder, M.D. >>>>>>>> Site: www.isaserver.org <http://www.isaserver.org/> >>>>>>>> <http://www.isaserver.org/> >>>>>>>> Blog: http://blogs.isaserver.org/shinder/ >>>>>>>> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> >>>>>>>> <http://tinyurl.com/3xqb7> >>>>>>>> MVP -- Microsoft Firewalls (ISA) >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ________________________________ >>>>>>>> >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx >>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor >>>>> (Hammer of >>>>>>> God) >>>>>>>> Sent: Monday, February 26, 2007 8:56 AM >>>>>>>> To: isapros@xxxxxxxxxxxxx >>>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter >>>>>>>> Networks >>>>>>>> >>>>>>>> >>>>>>>> I spoke with Melissa Travers, the MVP Lead for both ISA >>>>>>>> and Exchange, and she said the Exchange group's MVP site >>>>>> was really, >>>>>>>> really good, and that the Exchange group themselves is >>>>>> quite active. >>>>>>>> Being they are the Exchange group, I can see why they >>>>> would have a >>>>>>>> decent portal. ;) >>>>>>>> >>>>>>>> I suggested that if there were a single sourced, >>>>>>>> Microsoft controlled MVP site where we could "browse >>>>>> through" other >>>>>>> MVP >>>>>>>> list content, that issues like this (the perceptions >>>>>>> surrounding what >>>>>>>> Exchange will and won't support and why) would be much >>>>> easier to >>>>>>>> manage, and that "the right people" from both sides could >>>>>>> engage each >>>>>>>> other in a positive way when two technologies collide like >>>>>>> this. To >>>>>>>> me, this is a major shortcoming in the MVP program >>>>>> overall. Given >>>>>>> the >>>>>>>> fact that the MVP program was created in order to provide a >>>>>>>> collaborative environment for various technologies, it >>>>>> seems like a >>>>>>>> horrible waste of a perfect opportunity to expand that >>>>>> environment >>>>>>> out >>>>>>>> to the MVP's and product teams in other product >>>>>> competencies. The >>>>>>>> fate of the ISA-MVP list is testament to that. >>>>>>>> >>>>>>>> So, in the absence of a coordinated effort on >>>>>>>> Microsoft's part to wrap it's collective arms around the >>>>>> MVP's and >>>>>>>> product teams, I'll see if I can get on the Exchange >>>>> MVP list and >>>>>>> begin >>>>>>>> a dialog of exactly what is going on here. But I'll >>>>> need to get >>>>>>>> immersed in Ex2007 first, which I've just not had the >>>>> time to do. >>>>>>> The >>>>>>>> promise of true unified messaging in 2007 was a major draw >>>>>>> to me, but >>>>>>>> given the apparent narrow PBX support and lack of official >>>>>>>> functionality documentation, the rush to explore has lost it's >>>>>>> luster. >>>>>>>> >>>>>>>> t >>>>>>>> >>>>>>>> >>>>>>>> On 2/26/07 6:02 AM, "Jim Harrison" <Jim@xxxxxxxxxxxx> >>>>>>>> spoketh to all: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Documentation always follows the product, which >>>>>>>> is barely on the streets. >>>>>>>> I've seen some regarding WM6, but the basic >>>>>>>> concepts are the same. >>>>>>>> ..coming soon to a website near you... >>>>>>>> >>>>>>>> >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx >>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of >> Jason Jones >>>>>>>> Sent: Monday, February 26, 2007 3:31 AM >>>>>>>> To: isapros@xxxxxxxxxxxxx >>>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and >>>>>>>> Perimeter Networks >>>>>>>> >>>>>>>> Hi All, >>>>>>>> >>>>>>>> Anyone (Tim?) had chance to look at the least >>>>>>>> privilige approach with Exchange 2007 yet? >>>>>>>> >>>>>>>> From what I am hearing the "CAS not supported in >>>>>>>> perimeter" statement is based more on "we haven't tested it >>>>>>> yet" more >>>>>>>> than "we don't think it is a good idea". >>>>>>>> >>>>>>>> I have a few customers looking at placing the >>>>>>>> entire Exchange architecture behind ISA (very >>>>> untrusted LANs) - I >>>>>>> have >>>>>>>> done this with Exch2k3, but has anyone looked at this >>>>>> for Exch2k7? >>>>>>>> >>>>>>>> I am guessing this is not supported either, but >>>>>>>> documentation is very thin on the ground with reference >>>>> to 2k7 and >>>>>>>> periemeter networking.... >>>>>>>> >>>>>>>> Cheers >>>>>>>> >>>>>>>> JJ >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ________________________________ >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx >>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor >>>>>> (Hammer of >>>>>>> God) >>>>>>>> Sent: 15 January 2007 15:27 >>>>>>>> To: isapros@xxxxxxxxxxxxx >>>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and >>>>>>>> Perimeter Networks >>>>>>>> Right you are... The analogy fits when you use >>>>>>>> "comparative logic" as opposed to just thinking of the zone in >>>>>>>> singularity... Compared to the areas on either side of >>>>> the DMZ, it >>>>>>>> should be easy to discern any activity at all in the >>>>> DMZ itself- >>>>>>>> particularly hostile activities. There are strict >>>>> policies about >>>>>>> what >>>>>>>> can go on in the Korean DMZ, as there should be in one's >>>>>>> network DMZ. >>>>>>>> Internet traffic is chaotic, and I don't even bother >> trying to >>>>>>>> determine what is going on out on my Internet >> segment- I can't >>>>>>> control >>>>>>>> it anyway (other than my policy of implementing router >>>>>>> ACL's to match >>>>>>>> inbound/outbound traffic policies at my border >>>>> router). Internal >>>>>>>> traffic isn't chaotic, but it is hard to monitor >> for "hostile" >>>>>>> packets >>>>>>>> given the sheer volume and type of traffic being generated by >>>>>>> internal >>>>>>>> users, servers, services, etc to any number of different >>>>>> hosts and >>>>>>>> clients. But in the DMZ, you should be able to >>>>>> immediately notice >>>>>>> when >>>>>>>> something out of the ordinary is going on. For >>>>>> instance, if I see >>>>>>> POP3 >>>>>>>> logon traffic, I know something is FUBAR, as I don't >>>>>>> support POP3 in >>>>>>> my >>>>>>>> DMZ at all. If I see modal enumeration by way of a null >>>>>> session, I >>>>>>>> know something is going on. And etc, etc. >>>>>>>> >>>>>>>> So, to me, it fits, and that is the term I >>>>>>>> choose to use. I won't be changing ;) >>>>>>>> >>>>>>>> t >>>>>>>> >>>>>>>> >>>>>>>> On 1/15/07 6:40 AM, "Gerald G. Young" >>>>>>>> <g.young@xxxxxxxx> spoketh to all: >>>>>>>> The DMZ in Korea itself isn't crawling with >>>>>>>> military. Either side of it is, ensuring that the >>>>> definition of a >>>>>>>> demilitarized zone is observed and maintained. Before >>>>>> the advent of >>>>>>>> DMZs in networking, a DMZ meant an area from which >>>>>> military forces, >>>>>>>> operations, and installations were prohibited. >>>>>> Essentially, it's a >>>>>>>> wide empty area that constitutes a border with forces on >>>>>> either side >>>>>>>> pointing guns into it. >>>>>>>> >>>>>>>> I've always thought the adaptation of the >>>>>>>> acronym to the world of networking a bit strange. >> "Oh! We got >>>>>>>> activity in our networked DMZ! Kill it!" :-) >>>>>>>> >>>>>>>> >>>>>>>> Cordially yours, >>>>>>>> Jerry G. Young II >>>>>>>> Product Engineer - Senior >>>>>>>> Platform Engineering, Enterprise Hosting >>>>>>>> NTT America, an NTT Communications Company >>>>>>>> >>>>>>>> 22451 Shaw Rd. >>>>>>>> Sterling, VA 20166 >>>>>>>> >>>>>>>> Office: 571-434-1319 >>>>>>>> Fax: 703-333-6749 >>>>>>>> Email: g.young@xxxxxxxx >>>>>>>> >>>>>>>> >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx >>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy >>>>> Babinchak >>>>>>>> Sent: Sunday, January 14, 2007 7:08 PM >>>>>>>> To: isapros@xxxxxxxxxxxxx >>>>>>>> Subject: RE: [isapros] Re: ISA, Exchange 2007 >>>>>>>> and Perimeter Networks >>>>>>>> >>>>>>>> >>>>>>>> That's what it means to me too. Can't see the >>>>>>>> Korean no mans' land as qualifying as a DMZ when it's >>>>>> crawling with >>>>>>>> military. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> In this conversation we have to take into >>>>>>>> consideration that CAS also includes the capability to >>>>>>> provide access >>>>>>> to >>>>>>>> folders and files right in OWA. This may be the thing that the >>>>>>> Exchange >>>>>>>> team thinks throws a monkey wrench into the secure >>>>>>> deployment of CAS >>>>>>> in >>>>>>>> a a DMZ. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ________________________________ >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx on behalf of >>>>>>>> Jason Jones >>>>>>>> Sent: Sat 1/13/2007 6:46 PM >>>>>>>> To: isapros@xxxxxxxxxxxxx >>>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and >>>>>>>> Perimeter Networks >>>>>>>> >>>>>>>> For me, DMZ means scary place completely >>>>>>>> untrusted, perimeter network means less scary place >>>>> trusted to a >>>>>>>> degree, but strongly controlled >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ________________________________ >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx >>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor >>>>>> (Hammer of >>>>>>> God) >>>>>>>> Sent: 12 January 2007 23:51 >>>>>>>> To: isapros@xxxxxxxxxxxxx >>>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and >>>>>>>> Perimeter Networks >>>>>>>> Interesting... Probably a good idea for us to >>>>>>>> actually articulate what we really mean when we say DMZ. >>>>>>>> >>>>>>>> I guess to some it means "free for all network" >>>>>>>> but for me, it should be the network where you have the most >>>>>>>> restrictive policies controlling each service so that it >>>>>> is obvious >>>>>>>> when malicious traffic hits the wire. Thoughts> >>>>>>>> t >>>>>>>> >>>>>>>> >>>>>>>> On 1/12/07 3:30 PM, "Steve Moffat" >>>>>>>> <steve@xxxxxxxxxx> spoketh to all: >>>>>>>> That's what I thought, now it's what I know.... >>>>>>>> >>>>>>>> >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx >>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of >> Jim Harrison >>>>>>>> Sent: Friday, January 12, 2007 6:35 PM >>>>>>>> To: isapros@xxxxxxxxxxxxx >>>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and >>>>>>>> Perimeter Networks >>>>>>>> >>>>>>>> Aside from normal router & switch ACLs, ISA is >>>>>>>> the single line of defense. >>>>>>>> "..we don't need no stinking DMZs" >>>>>>>> >>>>>>>> >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx >>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of >> Steve Moffat >>>>>>>> Sent: Friday, January 12, 2007 12:12 PM >>>>>>>> To: isapros@xxxxxxxxxxxxx >>>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and >>>>>>>> Perimeter Networks >>>>>>>> >>>>>>>> Ahh...just had a thought. >>>>>>>> >>>>>>>> It's all labeling. >>>>>>>> >>>>>>>> Jason, and others (not Jason's fault), have been >>>>>>>> using the term DMZ. >>>>>>>> >>>>>>>> Historically, is the term DMZ not taken >>>>>>>> literally as being completely firewalled off from the trusted >>>>>>> networks, >>>>>>>> and what Jason is talking about is trusted network >>>>> segmentation. >>>>>>>> >>>>>>>> I betcha that's why the Exchange team don't >>>>>>>> support it...they think it's a typical run of the mill DMZ... >>>>>>>> >>>>>>>> Jim, isn't MS's Internal network segmented by >>>>>>>> usin ISA?? Including your mail servers? >>>>>>>> >>>>>>>> S >>>>>>>> >>>>>>>> >>>>>>>> All mail to and from this domain is >>>>>>>> GFI-scanned. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> All mail to and from this domain is GFI-scanned. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> All mail to and from this domain is GFI-scanned. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> All mail to and from this domain is GFI-scanned. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> All mail to and from this domain is GFI-scanned. >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> All mail to and from this domain is GFI-scanned. >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>> >>>> >>> >>> >>> >>> >> >> >> >> >> > > >