[isapros] Re: ISA, Exchange 2007 and Perimeter Networks

From: "John T \(lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
To: <isapros@xxxxxxxxxxxxx>
Date: Wed, 28 Feb 2007 14:08:24 -0800
Hey, I resemble that remark.

John T


> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thor (Hammer of God)
> Sent: Wednesday, February 28, 2007 2:08 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> 
> Why does the movie "Crazy People" come to mind with all of this??
> 
> t
> 
> 
> On 2/28/07 1:47 PM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> spoketh to
> all:
> 
> > "ISA, the Firewall that Cares"
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://blogs.isaserver.org/shinder/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- Microsoft Firewalls (ISA)
> >
> >
> >
> >> -----Original Message-----
> >> From: isapros-bounce@xxxxxxxxxxxxx
> >> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of John T (lists)
> >> Sent: Wednesday, February 28, 2007 1:34 PM
> >> To: isapros@xxxxxxxxxxxxx
> >> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> >>
> >> "ISA, not your average hardware firewall!"
> >>
> >> "An ISA you can trust!"
> >>
> >> "ISA, it just keeps working and working and working!"
> >>
> >> "ISA blocks what others let through!"
> >>
> >> John T
> >>
> >>> -----Original Message-----
> >>> From: isapros-bounce@xxxxxxxxxxxxx
> >> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> >>> On Behalf Of Greg Mulholland
> >>> Sent: Tuesday, February 27, 2007 1:36 PM
> >>> To: isapros@xxxxxxxxxxxxx
> >>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> >>>
> >>> An aussie contribution:
> >>>
> >>> ISA ISA ISA, Oi Oi Oi.
> >>>
> >>> Sorry that's really bad..
> >>>
> >>> -----Original Message-----
> >>> From: isapros-bounce@xxxxxxxxxxxxx
> >> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> >>> On
> >>> Behalf Of Thor (Hammer of God)
> >>> Sent: Wednesday, 28 February 2007 1:51 AM
> >>> To: isapros@xxxxxxxxxxxxx
> >>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> >>>
> >>> How about "ISA. So simple a caveman can use it."  Oh wait.
> >> SBS already
> >>> took
> >>> that one! :-p
> >>>
> >>> t
> >>>
> >>>
> >>> On 2/27/07 6:36 AM, "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
> >>> spoketh
> >>> to all:
> >>>
> >>>> Should be "Firewall's make me Hot", shouldn't it?
> >>>>
> >>>> How about "Flames, baby flames, you're goin' down." As said by The
> >>>> Bomber What Bombs at Midnight. (from The Tick, of course)
> >>>>
> >>>> Amy
> >>>>
> >>>>
> >>>> -----Original Message-----
> >>>> From: isapros-bounce@xxxxxxxxxxxxx
> >> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> >>>> On Behalf Of Gerald G. Young
> >>>> Sent: Tuesday, February 27, 2007 9:12 AM
> >>>> To: isapros@xxxxxxxxxxxxx
> >>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> >>>>
> >>>> "ISA, your friendly, neighborhood firewall."
> >>>> "Never a dull rule in ISA."
> >>>> "ISA's hot." - as imagined said by Paris Hilton.
> >>>> "ISA and PIX, sitting in a tree..." - yeah, not so much. ;)
> >>>> "I'll show you my certificate if you'll show me yours."
> >>>>
> >>>> Cordially yours,
> >>>> Jerry G. Young II
> >>>> Application Engineer, Platform Engineering and Architecture
> >>>> NTT America, an NTT Communications Company
> >>>>
> >>>> 22451 Shaw Rd.
> >>>> Sterling, VA 20166
> >>>>
> >>>> Office: 571-434-1319
> >>>> Fax: 703-333-6749
> >>>> Email: g.young@xxxxxxxx
> >>>>
> >>>>
> >>>> -----Original Message-----
> >>>> From: isapros-bounce@xxxxxxxxxxxxx
> >> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> >>>> On Behalf Of Thomas W Shinder
> >>>> Sent: Monday, February 26, 2007 7:22 PM
> >>>> To: isapros@xxxxxxxxxxxxx
> >>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> >>>>
> >>>> "ISA's Got You In Its Sites"
> >>>>
> >>>> Thomas W Shinder, M.D.
> >>>> Site: www.isaserver.org
> >>>> Blog: http://blogs.isaserver.org/shinder/
> >>>> Book: http://tinyurl.com/3xqb7
> >>>> MVP -- Microsoft Firewalls (ISA)
> >>>>
> >>>>
> >>>>
> >>>>> -----Original Message-----
> >>>>> From: isapros-bounce@xxxxxxxxxxxxx
> >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
> >>>>> Sent: Monday, February 26, 2007 4:01 PM
> >>>>> To: isapros@xxxxxxxxxxxxx
> >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> >>>>>
> >>>>> I'd rather be on Layer 7
> >>>>>
> >>>>> Amy
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> -----Original Message-----
> >>>>> From: isapros-bounce@xxxxxxxxxxxxx
> >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> >>>>> On Behalf Of Jim Harrison
> >>>>> Sent: Monday, February 26, 2007 4:45 PM
> >>>>> To: isapros@xxxxxxxxxxxxx
> >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> >>>>>
> >>>>> Not bad; except for the trailing commentary...
> >>>>> :-p
> >>>>>
> >>>>> -----Original Message-----
> >>>>> From: isapros-bounce@xxxxxxxxxxxxx
> >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> >>>>> On Behalf Of Thomas W Shinder
> >>>>> Sent: Monday, February 26, 2007 12:53 PM
> >>>>> To: isapros@xxxxxxxxxxxxx
> >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> >>>>>
> >>>>> How about:
> >>>>>
> >>>>> "ISA Firewall Rules!"
> >>>>>
> >>>>> Get it? Firewall rules? Like in firewall ruleset? You
> >> know, sort of a
> >>>>> double entendre sort of thingie :))
> >>>>>
> >>>>> Thomas W Shinder, M.D.
> >>>>> Site: www.isaserver.org
> >>>>> Blog: http://blogs.isaserver.org/shinder/
> >>>>> Book: http://tinyurl.com/3xqb7
> >>>>> MVP -- Microsoft Firewalls (ISA)
> >>>>>
> >>>>>
> >>>>>
> >>>>>> -----Original Message-----
> >>>>>> From: isapros-bounce@xxxxxxxxxxxxx
> >>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> >>>>>> Sent: Monday, February 26, 2007 2:27 PM
> >>>>>> To: isapros@xxxxxxxxxxxxx
> >>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> >>>>>>
> >>>>>> Ok - it's official - let's get an "ISABlog motto" contest going.
> >>>>>> Basic rules:
> >>>>>> - no derogatory comments about CheckPix or similar (makes
> >>>>> the lawyers
> >>>>>> tremble)
> >>>>>> - no marketing spew
> >>>>>> - keep it short (10 words max)
> >>>>>> - must use ISA behavior or feature (like "wpad")
> >>>>>> - should abuse a common phrase (like "does a nautical
> >> pimp keep his
> >>>>>> 'oars' in the water?")
> >>>>>>
> >>>>>> -----Original Message-----
> >>>>>> From: isapros-bounce@xxxxxxxxxxxxx
> >>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> >>>>>> On Behalf Of Thomas W Shinder
> >>>>>> Sent: Monday, February 26, 2007 12:23 PM
> >>>>>> To: isapros@xxxxxxxxxxxxx
> >>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> >>>>>>
> >>>>>> You had me at WPAD? :)
> >>>>>>
> >>>>>> Thomas W Shinder, M.D.
> >>>>>> Site: www.isaserver.org
> >>>>>> Blog: http://blogs.isaserver.org/shinder/
> >>>>>> Book: http://tinyurl.com/3xqb7
> >>>>>> MVP -- Microsoft Firewalls (ISA)
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>> -----Original Message-----
> >>>>>>> From: isapros-bounce@xxxxxxxxxxxxx
> >>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> >>>>>>> Sent: Monday, February 26, 2007 12:26 PM
> >>>>>>> To: isapros@xxxxxxxxxxxxx
> >>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and
> >> Perimeter Networks
> >>>>>>>
> >>>>>>> NDA is a completely different point and Amy has it right -
> >>>>>>> non-MS lists
> >>>>>>> are verboten to NDA material.
> >>>>>>> I'm an "odd duck" in this context (for more than one reason -
> >>>>>>> ha! - beat
> >>>>>>> ya to it!), because it's actually a large part of my job
> >>>>> to "keep my
> >>>>>>> finger on the pulse", as it were.  This is why you see me
> >>>>>> doing trips
> >>>>>>> like tech Ready & Black Hat.  Unfortunately, fiscal
> >>>>>>> limitations curtail
> >>>>>>> any further involvement, but such is corporate life.
> >>>>>>>
> >>>>>>> I agree that the ISA team hasn't exactly kept pace
> >> with teams like
> >>>>>>> Exchange (we don't even have a silly motto like "you had me
> >>>>>> at ehlo"),
> >>>>>>> but it still comes back to the "effort priorities".  I've
> >>>>>> been working
> >>>>>>> with the right folks to make this a better experience
> >> all around
> >>>>>>> (especially for the MVPs), but these things tend to
> >> move slowly...
> >>>>>>>
> >>>>>>> -----Original Message-----
> >>>>>>> From: isapros-bounce@xxxxxxxxxxxxx
> >>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> >>>>>>> On Behalf Of Thor (Hammer of God)
> >>>>>>> Sent: Monday, February 26, 2007 9:54 AM
> >>>>>>> To: isapros@xxxxxxxxxxxxx
> >>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and
> >> Perimeter Networks
> >>>>>>>
> >>>>>>> Conflicting info, then.  I was told by a source that non-MSFT
> >>>>>>> lists were
> >>>>>>> poo-poo'ed on for liability and NDA reasons.
> >>>>>>>
> >>>>>>> And while I totally understand the "bottom line" thinking, it
> >>>>>>> seems like
> >>>>>>> a
> >>>>>>> huge waste to initiate something like the MVP program and to
> >>>>>>> go through
> >>>>>>> all
> >>>>>>> the motions only to do it half-assed.
> >>>>>>>
> >>>>>>> t
> >>>>>>>
> >>>>>>>
> >>>>>>> On 2/26/07 9:35 AM, "Jim Harrison" <Jim@xxxxxxxxxxxx>
> >>>>>> spoketh to all:
> >>>>>>>
> >>>>>>>> In fact, ISA product team members are strongly encouraged to
> >>>>>>> participate
> >>>>>>>> in lists, NG, blogs and all other manner of public
> >> communication
> >>>>>>>> efforts.
> >>>>>>>> The sad fact is; the time available for such endeavors
> >>>>> is woefully
> >>>>>>>> small.
> >>>>>>>> MS, like many profit-making businesses, operates with
> >>>>> the smallest
> >>>>>>> teams
> >>>>>>>> required to produce product "X".
> >>>>>>>> Unfortunately, with software engineering being what it
> >>>>> is, and the
> >>>>>>>> pressures of the marketing "old boy club", the teams are
> >>>>>>> too small to
> >>>>>>>> cover all the "nice to do" bases and still leave
> >> folks time for
> >>>>>>>> themselves.
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> -----Original Message-----
> >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx
> >>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> >>>>>>>> On Behalf Of Thor (Hammer of God)
> >>>>>>>> Sent: Monday, February 26, 2007 9:07 AM
> >>>>>>>> To: isapros@xxxxxxxxxxxxx
> >>>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and
> >> Perimeter Networks
> >>>>>>>>
> >>>>>>>> I never really saw much from the PM's over there- just that
> >>>>>>> one stint
> >>>>>>>> about SQL logging, and to be honest, there wasn't
> >> much valuable
> >>>>>>> content
> >>>>>>>> sourced from the MSFT side... In fact, as I understand it,
> >>>>>>> the PM and
> >>>>>>>> product support people (other than Jim) are apparently
> >>>>>> not pushed to
> >>>>>>>> participate (and may be asked not to) because of the fact
> >>>>>> that it is
> >>>>>>> NOT
> >>>>>>>> an official MSFT site, and that NDA and product liability
> >>>>>> may be an
> >>>>>>>> issue.
> >>>>>>>>
> >>>>>>>> I'm going to draft up a "suggestions for the MVP program"
> >>>>>> and submit
> >>>>>>>> them to the powers that be, just so that things like
> >> this can be
> >>>>>>>> addressed.
> >>>>>>>>
> >>>>>>>> t
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> On 2/26/07 8:50 AM, "Thomas W Shinder"
> >>>>>>> <tshinder@xxxxxxxxxxx> spoketh
> >>>>>>> to
> >>>>>>>> all:
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> It's been a real problem for the ISA PG to work with the ISA
> >>>>>>>> MVPs, because they think that the ISA MVPs are still
> >>>>>>> involved with the
> >>>>>>>> ISA MVP mailing list. I explained to them that because
> >>>>> of "issues"
> >>>>>>> with
> >>>>>>>> that list that there was less than optimal participation
> >>>>>>> and that they
> >>>>>>>> needed to get a MS managed solution. At the very least,
> >>>>> they could
> >>>>>>>> create their own DL and send mail to people on that
> >> list. I hate
> >>>>>>> missing
> >>>>>>>> out on the ISA PGs communications on that "other" list, but
> >>>>>>> my life is
> >>>>>>>> so much better not having to listen to the ****** that
> >>>>>> happens over
> >>>>>>>> there.
> >>>>>>>>
> >>>>>>>> Thomas W Shinder, M.D.
> >>>>>>>> Site: www.isaserver.org <http://www.isaserver.org/>
> >>>>>>>> <http://www.isaserver.org/>
> >>>>>>>> Blog: http://blogs.isaserver.org/shinder/
> >>>>>>>> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
> >>>>>>>> <http://tinyurl.com/3xqb7>
> >>>>>>>> MVP -- Microsoft Firewalls (ISA)
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> ________________________________
> >>>>>>>>
> >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx
> >>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor
> >>>>> (Hammer of
> >>>>>>> God)
> >>>>>>>> Sent: Monday, February 26, 2007 8:56 AM
> >>>>>>>> To:  isapros@xxxxxxxxxxxxx
> >>>>>>>> Subject: [isapros] Re: ISA, Exchange 2007 and  Perimeter
> >>>>>>>> Networks
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> I spoke with Melissa Travers, the MVP Lead for both  ISA
> >>>>>>>> and Exchange, and she said the Exchange group's MVP site
> >>>>>> was really,
> >>>>>>>> really good, and that the Exchange group themselves is
> >>>>>> quite active.
> >>>>>>>> Being they are the Exchange group, I can see why they
> >>>>> would have a
> >>>>>>>> decent portal. ;)
> >>>>>>>>
> >>>>>>>> I suggested that if there were a single sourced,
> >>>>>>>> Microsoft controlled MVP site where we could "browse
> >>>>>> through" other
> >>>>>>> MVP
> >>>>>>>> list  content, that issues like this (the perceptions
> >>>>>>> surrounding what
> >>>>>>>> Exchange will  and won't support and why) would be much
> >>>>> easier to
> >>>>>>>> manage, and that "the right  people" from both sides could
> >>>>>>> engage each
> >>>>>>>> other in a positive way when two  technologies collide like
> >>>>>>> this.  To
> >>>>>>>> me, this is a major shortcoming in  the MVP program
> >>>>>> overall.  Given
> >>>>>>> the
> >>>>>>>> fact that the MVP program was created  in order to provide a
> >>>>>>>> collaborative environment for various technologies, it
> >>>>>> seems like a
> >>>>>>>> horrible waste of a perfect opportunity to expand that
> >>>>>> environment
> >>>>>>> out
> >>>>>>>> to the MVP's and product teams in other product
> >>>>>> competencies.    The
> >>>>>>>> fate of the ISA-MVP list is testament to that.
> >>>>>>>>
> >>>>>>>> So, in  the absence of a coordinated effort on
> >>>>>>>> Microsoft's part to wrap it's  collective arms around the
> >>>>>> MVP's and
> >>>>>>>> product teams, I'll see if I can get on  the Exchange
> >>>>> MVP list and
> >>>>>>> begin
> >>>>>>>> a dialog of exactly what is going on here.   But I'll
> >>>>> need to get
> >>>>>>>> immersed in Ex2007 first, which I've just not had  the
> >>>>> time to do.
> >>>>>>> The
> >>>>>>>> promise of true unified messaging in 2007 was  a major draw
> >>>>>>> to me, but
> >>>>>>>> given the apparent narrow PBX support and lack of  official
> >>>>>>>> functionality documentation, the rush to explore has lost it's
> >>>>>>> luster.
> >>>>>>>>
> >>>>>>>> t
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> On 2/26/07 6:02 AM, "Jim Harrison"  <Jim@xxxxxxxxxxxx>
> >>>>>>>> spoketh to all:
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> Documentation always follows the  product, which
> >>>>>>>> is barely on the streets.
> >>>>>>>> I've seen some regarding WM6,  but the basic
> >>>>>>>> concepts are the same.
> >>>>>>>> ..coming soon to a website near  you...
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx
> >>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]  On Behalf Of
> >> Jason Jones
> >>>>>>>> Sent: Monday, February 26, 2007  3:31 AM
> >>>>>>>> To: isapros@xxxxxxxxxxxxx
> >>>>>>>> Subject: [isapros] Re:  ISA, Exchange 2007 and
> >>>>>>>> Perimeter Networks
> >>>>>>>>
> >>>>>>>> Hi All,
> >>>>>>>>
> >>>>>>>> Anyone (Tim?) had chance to look at the least
> >>>>>>>> privilige approach with Exchange 2007 yet?
> >>>>>>>>
> >>>>>>>> From what I am hearing the "CAS not supported in
> >>>>>>>> perimeter" statement is based more on "we haven't tested it
> >>>>>>> yet" more
> >>>>>>>> than  "we don't think it is a good idea".
> >>>>>>>>
> >>>>>>>> I have a few customers looking at placing the
> >>>>>>>> entire  Exchange architecture behind ISA (very
> >>>>> untrusted LANs) - I
> >>>>>>> have
> >>>>>>>> done this  with Exch2k3, but has anyone looked at this
> >>>>>> for  Exch2k7?
> >>>>>>>>
> >>>>>>>> I am guessing this is not supported either, but
> >>>>>>>> documentation is very thin on the ground with reference
> >>>>> to 2k7 and
> >>>>>>>> periemeter networking....
> >>>>>>>>
> >>>>>>>> Cheers
> >>>>>>>>
> >>>>>>>> JJ
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> ________________________________
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx
> >>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]  On Behalf Of Thor
> >>>>>> (Hammer of
> >>>>>>> God)
> >>>>>>>> Sent: 15 January 2007  15:27
> >>>>>>>> To: isapros@xxxxxxxxxxxxx
> >>>>>>>> Subject: [isapros] Re:  ISA, Exchange 2007 and
> >>>>>>>> Perimeter Networks
> >>>>>>>> Right you are...  The analogy fits when you use
> >>>>>>>> "comparative logic" as opposed to just thinking of the zone in
> >>>>>>>> singularity... Compared to the areas on either side of
> >>>>> the DMZ, it
> >>>>>>>> should be  easy to discern any activity at all in the
> >>>>> DMZ itself-
> >>>>>>>> particularly hostile  activities.  There are strict
> >>>>> policies about
> >>>>>>> what
> >>>>>>>> can go on in the  Korean DMZ, as there should be in one's
> >>>>>>> network DMZ.
> >>>>>>>> Internet  traffic is chaotic, and I don't even bother
> >> trying to
> >>>>>>>> determine what is  going on out on my Internet
> >> segment- I can't
> >>>>>>> control
> >>>>>>>> it anyway (other than  my policy of implementing router
> >>>>>>> ACL's to match
> >>>>>>>> inbound/outbound traffic  policies at my border
> >>>>> router).  Internal
> >>>>>>>> traffic isn't chaotic, but it  is  hard to monitor
> >> for "hostile"
> >>>>>>> packets
> >>>>>>>> given the sheer volume and  type of traffic being generated by
> >>>>>>> internal
> >>>>>>>> users, servers, services, etc to  any number of different
> >>>>>> hosts and
> >>>>>>>> clients.  But in the DMZ, you should  be able to
> >>>>>> immediately notice
> >>>>>>> when
> >>>>>>>> something out of the ordinary is going  on.  For
> >>>>>> instance, if I see
> >>>>>>> POP3
> >>>>>>>> logon traffic, I know something is  FUBAR, as I don't
> >>>>>>> support POP3 in
> >>>>>>> my
> >>>>>>>> DMZ at all.  If I see modal  enumeration by way of a null
> >>>>>> session, I
> >>>>>>>> know something is going on.   And etc, etc.
> >>>>>>>>
> >>>>>>>> So, to me, it fits, and that is the term I
> >>>>>>>> choose to use.  I won't be changing ;)
> >>>>>>>>
> >>>>>>>> t
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> On 1/15/07  6:40 AM, "Gerald G. Young"
> >>>>>>>> <g.young@xxxxxxxx> spoketh to  all:
> >>>>>>>> The DMZ in Korea itself isn't crawling with
> >>>>>>>> military.  Either side of it is, ensuring that the
> >>>>> definition of a
> >>>>>>>> demilitarized zone is observed and maintained.  Before
> >>>>>> the advent of
> >>>>>>>> DMZs in networking, a DMZ meant an area from which
> >>>>>> military forces,
> >>>>>>>> operations, and installations were prohibited.
> >>>>>> Essentially, it's a
> >>>>>>>> wide empty area that constitutes a border with forces on
> >>>>>> either side
> >>>>>>>> pointing guns into it.
> >>>>>>>>
> >>>>>>>> I've always thought the adaptation of  the
> >>>>>>>> acronym to the world of networking a bit strange.
> >> "Oh!  We  got
> >>>>>>>> activity in our networked DMZ!  Kill it!"  :-)
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> Cordially  yours,
> >>>>>>>> Jerry G. Young  II
> >>>>>>>> Product  Engineer - Senior
> >>>>>>>> Platform Engineering, Enterprise Hosting
> >>>>>>>> NTT  America, an NTT Communications Company
> >>>>>>>>
> >>>>>>>> 22451 Shaw  Rd.
> >>>>>>>> Sterling, VA 20166
> >>>>>>>>
> >>>>>>>> Office: 571-434-1319
> >>>>>>>> Fax:  703-333-6749
> >>>>>>>> Email:  g.young@xxxxxxxx
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx
> >>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]  On Behalf Of Amy
> >>>>> Babinchak
> >>>>>>>> Sent: Sunday, January 14, 2007  7:08 PM
> >>>>>>>> To: isapros@xxxxxxxxxxxxx
> >>>>>>>> Subject: RE: [isapros]  Re: ISA, Exchange 2007
> >>>>>>>> and Perimeter Networks
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> That's what it means to me too. Can't see the
> >>>>>>>> Korean  no mans' land as qualifying as a DMZ when it's
> >>>>>> crawling with
> >>>>>>>> military.
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> In this conversation we have to take into
> >>>>>>>> consideration that CAS also includes the capability to
> >>>>>>> provide access
> >>>>>>> to
> >>>>>>>> folders and files right in OWA. This may be the thing that the
> >>>>>>> Exchange
> >>>>>>>> team  thinks throws a monkey wrench into the secure
> >>>>>>> deployment of CAS
> >>>>>>> in
> >>>>>>>> a a DMZ.
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> ________________________________
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx on behalf  of
> >>>>>>>> Jason Jones
> >>>>>>>> Sent: Sat 1/13/2007 6:46 PM
> >>>>>>>> To:  isapros@xxxxxxxxxxxxx
> >>>>>>>> Subject: [isapros] Re: ISA, Exchange 2007  and
> >>>>>>>> Perimeter Networks
> >>>>>>>>
> >>>>>>>> For me, DMZ means scary place completely
> >>>>>>>> untrusted,  perimeter network means less scary place
> >>>>> trusted to a
> >>>>>>>> degree, but strongly  controlled
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> ________________________________
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx
> >>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]  On Behalf Of Thor
> >>>>>> (Hammer of
> >>>>>>> God)
> >>>>>>>> Sent: 12 January 2007  23:51
> >>>>>>>> To: isapros@xxxxxxxxxxxxx
> >>>>>>>> Subject: [isapros] Re:  ISA, Exchange 2007 and
> >>>>>>>> Perimeter Networks
> >>>>>>>> Interesting... Probably a good idea for us to
> >>>>>>>> actually articulate what we really mean when we say DMZ.
> >>>>>>>>
> >>>>>>>> I guess to  some it means "free for all network"
> >>>>>>>> but for me, it should be the network  where you have the most
> >>>>>>>> restrictive policies controlling each service so  that it
> >>>>>> is obvious
> >>>>>>>> when malicious traffic hits the wire.   Thoughts>
> >>>>>>>> t
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> On 1/12/07 3:30 PM, "Steve Moffat"
> >>>>>>>> <steve@xxxxxxxxxx> spoketh to all:
> >>>>>>>> That's what I thought, now it's what I  know....
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx
> >>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]  On Behalf Of
> >> Jim Harrison
> >>>>>>>> Sent: Friday, January 12, 2007  6:35 PM
> >>>>>>>> To: isapros@xxxxxxxxxxxxx
> >>>>>>>> Subject: [isapros] Re:  ISA, Exchange 2007 and
> >>>>>>>> Perimeter Networks
> >>>>>>>>
> >>>>>>>> Aside from normal router & switch ACLs, ISA is
> >>>>>>>> the single line of defense.
> >>>>>>>> "..we don't need no stinking  DMZs"
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx
> >>>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]  On Behalf Of
> >> Steve Moffat
> >>>>>>>> Sent: Friday, January 12, 2007  12:12 PM
> >>>>>>>> To: isapros@xxxxxxxxxxxxx
> >>>>>>>> Subject: [isapros]  Re: ISA, Exchange 2007 and
> >>>>>>>> Perimeter Networks
> >>>>>>>>
> >>>>>>>> Ahh...just had a thought.
> >>>>>>>>
> >>>>>>>> It's all  labeling.
> >>>>>>>>
> >>>>>>>> Jason, and others (not Jason's fault), have been
> >>>>>>>> using the term DMZ.
> >>>>>>>>
> >>>>>>>> Historically, is the term DMZ not taken
> >>>>>>>> literally as being completely firewalled off from the trusted
> >>>>>>> networks,
> >>>>>>>> and  what Jason is talking about is trusted network
> >>>>> segmentation.
> >>>>>>>>
> >>>>>>>> I  betcha that's why the Exchange team don't
> >>>>>>>> support it...they think it's a  typical run of the mill DMZ...
> >>>>>>>>
> >>>>>>>> Jim, isn't MS's Internal network  segmented by
> >>>>>>>> usin ISA?? Including your mail servers?
> >>>>>>>>
> >>>>>>>> S
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> All mail to and  from this domain is
> >>>>>>>> GFI-scanned.
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> All mail to and from this domain is GFI-scanned.
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> All mail to and from this domain is GFI-scanned.
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> All mail to and from this domain is GFI-scanned.
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>>
> >>>>>> All mail to and from this domain is GFI-scanned.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>
> >>>>>
> >>>>> All mail to and from this domain is GFI-scanned.
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>>
> >>
> >>
> >>
> >>
> >>
> >
> >
> >
> 
>
References:
- [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
  - From: Thor (Hammer of God)
[isapros] Re: ISA, Exchange 2007 and Perimeter Networks

Other related posts:
