[isapros] Re: ISA, Exchange 2007 and Perimeter Networks

  • From: "Greg Mulholland" <gmulholland@xxxxxxxxxxxx>
  • To: <isapros@xxxxxxxxxxxxx>
  • Date: Thu, 1 Mar 2007 09:44:47 +1100

I just found out ugg boots are made from sheepskin-Pamela Anderson

-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On
Behalf Of Steve Moffat
Sent: Thursday, 1 March 2007 9:40 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks

America will never run... And we will always be grateful that liberty
has found such brave defenders. 
George W. Bush

-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
On Behalf Of Greg Mulholland
Sent: Wednesday, February 28, 2007 6:20 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks

Ooh ooh.. even better

Dude, wheres my DMZ?? 

In the days of perimter networks :)

-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
On
Behalf Of Greg Mulholland
Sent: Thursday, 1 March 2007 9:15 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks

A few I thought of

ISA - The route to firewall bliss
Where all your networks are related
Where networks rule (get it network.. rule.. c?)
ISA Server - The one and only firewall policy (my fav)



-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
On
Behalf Of Thomas W Shinder
Sent: Thursday, 1 March 2007 8:47 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks

"ISA, the Firewall that Cares"

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)

 

> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx 
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of John T (lists)
> Sent: Wednesday, February 28, 2007 1:34 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> 
> "ISA, not your average hardware firewall!"
> 
> "An ISA you can trust!"
> 
> "ISA, it just keeps working and working and working!"
> 
> "ISA blocks what others let through!"
> 
> John T
> 
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx 
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> > On Behalf Of Greg Mulholland
> > Sent: Tuesday, February 27, 2007 1:36 PM
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> > 
> > An aussie contribution:
> > 
> > ISA ISA ISA, Oi Oi Oi.
> > 
> > Sorry that's really bad..
> > 
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx 
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> > On
> > Behalf Of Thor (Hammer of God)
> > Sent: Wednesday, 28 February 2007 1:51 AM
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> > 
> > How about "ISA. So simple a caveman can use it."  Oh wait.  
> SBS already
> > took
> > that one! :-p
> > 
> > t
> > 
> > 
> > On 2/27/07 6:36 AM, "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
> > spoketh
> > to all:
> > 
> > > Should be "Firewall's make me Hot", shouldn't it?
> > >
> > > How about "Flames, baby flames, you're goin' down." As said by The
> > > Bomber What Bombs at Midnight. (from The Tick, of course)
> > >
> > > Amy
> > >
> > >
> > > -----Original Message-----
> > > From: isapros-bounce@xxxxxxxxxxxxx 
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> > > On Behalf Of Gerald G. Young
> > > Sent: Tuesday, February 27, 2007 9:12 AM
> > > To: isapros@xxxxxxxxxxxxx
> > > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> > >
> > > "ISA, your friendly, neighborhood firewall."
> > > "Never a dull rule in ISA."
> > > "ISA's hot." - as imagined said by Paris Hilton.
> > > "ISA and PIX, sitting in a tree..." - yeah, not so much. ;)
> > > "I'll show you my certificate if you'll show me yours."
> > >
> > > Cordially yours,
> > > Jerry G. Young II
> > > Application Engineer, Platform Engineering and Architecture
> > > NTT America, an NTT Communications Company
> > >
> > > 22451 Shaw Rd.
> > > Sterling, VA 20166
> > >
> > > Office: 571-434-1319
> > > Fax: 703-333-6749
> > > Email: g.young@xxxxxxxx
> > >
> > >
> > > -----Original Message-----
> > > From: isapros-bounce@xxxxxxxxxxxxx 
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> > > On Behalf Of Thomas W Shinder
> > > Sent: Monday, February 26, 2007 7:22 PM
> > > To: isapros@xxxxxxxxxxxxx
> > > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> > >
> > > "ISA's Got You In Its Sites"
> > >
> > > Thomas W Shinder, M.D.
> > > Site: www.isaserver.org
> > > Blog: http://blogs.isaserver.org/shinder/
> > > Book: http://tinyurl.com/3xqb7
> > > MVP -- Microsoft Firewalls (ISA)
> > >
> > >
> > >
> > >> -----Original Message-----
> > >> From: isapros-bounce@xxxxxxxxxxxxx
> > >> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
> > >> Sent: Monday, February 26, 2007 4:01 PM
> > >> To: isapros@xxxxxxxxxxxxx
> > >> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> > >>
> > >> I'd rather be on Layer 7
> > >>
> > >> Amy
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> -----Original Message-----
> > >> From: isapros-bounce@xxxxxxxxxxxxx
> > >> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> > >> On Behalf Of Jim Harrison
> > >> Sent: Monday, February 26, 2007 4:45 PM
> > >> To: isapros@xxxxxxxxxxxxx
> > >> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> > >>
> > >> Not bad; except for the trailing commentary...
> > >> :-p
> > >>
> > >> -----Original Message-----
> > >> From: isapros-bounce@xxxxxxxxxxxxx
> > >> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> > >> On Behalf Of Thomas W Shinder
> > >> Sent: Monday, February 26, 2007 12:53 PM
> > >> To: isapros@xxxxxxxxxxxxx
> > >> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> > >>
> > >> How about:
> > >>
> > >> "ISA Firewall Rules!"
> > >>
> > >> Get it? Firewall rules? Like in firewall ruleset? You 
> know, sort of a
> > >> double entendre sort of thingie :))
> > >>
> > >> Thomas W Shinder, M.D.
> > >> Site: www.isaserver.org
> > >> Blog: http://blogs.isaserver.org/shinder/
> > >> Book: http://tinyurl.com/3xqb7
> > >> MVP -- Microsoft Firewalls (ISA)
> > >>
> > >>
> > >>
> > >>> -----Original Message-----
> > >>> From: isapros-bounce@xxxxxxxxxxxxx
> > >>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > >>> Sent: Monday, February 26, 2007 2:27 PM
> > >>> To: isapros@xxxxxxxxxxxxx
> > >>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> > >>>
> > >>> Ok - it's official - let's get an "ISABlog motto" contest going.
> > >>> Basic rules:
> > >>> - no derogatory comments about CheckPix or similar (makes
> > >> the lawyers
> > >>> tremble)
> > >>> - no marketing spew
> > >>> - keep it short (10 words max)
> > >>> - must use ISA behavior or feature (like "wpad")
> > >>> - should abuse a common phrase (like "does a nautical 
> pimp keep his
> > >>> 'oars' in the water?")
> > >>>
> > >>> -----Original Message-----
> > >>> From: isapros-bounce@xxxxxxxxxxxxx
> > >>> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> > >>> On Behalf Of Thomas W Shinder
> > >>> Sent: Monday, February 26, 2007 12:23 PM
> > >>> To: isapros@xxxxxxxxxxxxx
> > >>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> > >>>
> > >>> You had me at WPAD? :)
> > >>>
> > >>> Thomas W Shinder, M.D.
> > >>> Site: www.isaserver.org
> > >>> Blog: http://blogs.isaserver.org/shinder/
> > >>> Book: http://tinyurl.com/3xqb7
> > >>> MVP -- Microsoft Firewalls (ISA)
> > >>>
> > >>>
> > >>>
> > >>>> -----Original Message-----
> > >>>> From: isapros-bounce@xxxxxxxxxxxxx
> > >>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > >>>> Sent: Monday, February 26, 2007 12:26 PM
> > >>>> To: isapros@xxxxxxxxxxxxx
> > >>>> Subject: [isapros] Re: ISA, Exchange 2007 and 
> Perimeter Networks
> > >>>>
> > >>>> NDA is a completely different point and Amy has it right -
> > >>>> non-MS lists
> > >>>> are verboten to NDA material.
> > >>>> I'm an "odd duck" in this context (for more than one reason -
> > >>>> ha! - beat
> > >>>> ya to it!), because it's actually a large part of my job
> > >> to "keep my
> > >>>> finger on the pulse", as it were.  This is why you see me
> > >>> doing trips
> > >>>> like tech Ready & Black Hat.  Unfortunately, fiscal
> > >>>> limitations curtail
> > >>>> any further involvement, but such is corporate life.
> > >>>>
> > >>>> I agree that the ISA team hasn't exactly kept pace 
> with teams like
> > >>>> Exchange (we don't even have a silly motto like "you had me
> > >>> at ehlo"),
> > >>>> but it still comes back to the "effort priorities".  I've
> > >>> been working
> > >>>> with the right folks to make this a better experience 
> all around
> > >>>> (especially for the MVPs), but these things tend to 
> move slowly...
> > >>>>
> > >>>> -----Original Message-----
> > >>>> From: isapros-bounce@xxxxxxxxxxxxx
> > >>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> > >>>> On Behalf Of Thor (Hammer of God)
> > >>>> Sent: Monday, February 26, 2007 9:54 AM
> > >>>> To: isapros@xxxxxxxxxxxxx
> > >>>> Subject: [isapros] Re: ISA, Exchange 2007 and 
> Perimeter Networks
> > >>>>
> > >>>> Conflicting info, then.  I was told by a source that non-MSFT
> > >>>> lists were
> > >>>> poo-poo'ed on for liability and NDA reasons.
> > >>>>
> > >>>> And while I totally understand the "bottom line" thinking, it
> > >>>> seems like
> > >>>> a
> > >>>> huge waste to initiate something like the MVP program and to
> > >>>> go through
> > >>>> all
> > >>>> the motions only to do it half-assed.
> > >>>>
> > >>>> t
> > >>>>
> > >>>>
> > >>>> On 2/26/07 9:35 AM, "Jim Harrison" <Jim@xxxxxxxxxxxx>
> > >>> spoketh to all:
> > >>>>
> > >>>>> In fact, ISA product team members are strongly encouraged to
> > >>>> participate
> > >>>>> in lists, NG, blogs and all other manner of public 
> communication
> > >>>>> efforts.
> > >>>>> The sad fact is; the time available for such endeavors
> > >> is woefully
> > >>>>> small.
> > >>>>> MS, like many profit-making businesses, operates with
> > >> the smallest
> > >>>> teams
> > >>>>> required to produce product "X".
> > >>>>> Unfortunately, with software engineering being what it
> > >> is, and the
> > >>>>> pressures of the marketing "old boy club", the teams are
> > >>>> too small to
> > >>>>> cover all the "nice to do" bases and still leave 
> folks time for
> > >>>>> themselves.
> > >>>>>
> > >>>>>
> > >>>>> -----Original Message-----
> > >>>>> From: isapros-bounce@xxxxxxxxxxxxx
> > >>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> > >>>>> On Behalf Of Thor (Hammer of God)
> > >>>>> Sent: Monday, February 26, 2007 9:07 AM
> > >>>>> To: isapros@xxxxxxxxxxxxx
> > >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and 
> Perimeter Networks
> > >>>>>
> > >>>>> I never really saw much from the PM's over there- just that
> > >>>> one stint
> > >>>>> about SQL logging, and to be honest, there wasn't 
> much valuable
> > >>>> content
> > >>>>> sourced from the MSFT side... In fact, as I understand it,
> > >>>> the PM and
> > >>>>> product support people (other than Jim) are apparently
> > >>> not pushed to
> > >>>>> participate (and may be asked not to) because of the fact
> > >>> that it is
> > >>>> NOT
> > >>>>> an official MSFT site, and that NDA and product liability
> > >>> may be an
> > >>>>> issue.
> > >>>>>
> > >>>>> I'm going to draft up a "suggestions for the MVP program"
> > >>> and submit
> > >>>>> them to the powers that be, just so that things like 
> this can be
> > >>>>> addressed.
> > >>>>>
> > >>>>> t
> > >>>>>
> > >>>>>
> > >>>>> On 2/26/07 8:50 AM, "Thomas W Shinder"
> > >>>> <tshinder@xxxxxxxxxxx> spoketh
> > >>>> to
> > >>>>> all:
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> It's been a real problem for the ISA PG to work with the ISA
> > >>>>> MVPs, because they think that the ISA MVPs are still
> > >>>> involved with the
> > >>>>> ISA MVP mailing list. I explained to them that because
> > >> of "issues"
> > >>>> with
> > >>>>> that list that there was less than optimal participation
> > >>>> and that they
> > >>>>> needed to get a MS managed solution. At the very least,
> > >> they could
> > >>>>> create their own DL and send mail to people on that 
> list. I hate
> > >>>> missing
> > >>>>> out on the ISA PGs communications on that "other" list, but
> > >>>> my life is
> > >>>>> so much better not having to listen to the ****** that
> > >>> happens over
> > >>>>> there.
> > >>>>>
> > >>>>> Thomas W Shinder, M.D.
> > >>>>> Site: www.isaserver.org <http://www.isaserver.org/>
> > >>>>> <http://www.isaserver.org/>
> > >>>>> Blog: http://blogs.isaserver.org/shinder/
> > >>>>> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
> > >>>>> <http://tinyurl.com/3xqb7>
> > >>>>> MVP -- Microsoft Firewalls (ISA)
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> ________________________________
> > >>>>>
> > >>>>> From: isapros-bounce@xxxxxxxxxxxxx
> > >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor
> > >> (Hammer of
> > >>>> God)
> > >>>>> Sent: Monday, February 26, 2007 8:56 AM
> > >>>>> To:  isapros@xxxxxxxxxxxxx
> > >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and  Perimeter
> > >>>>> Networks
> > >>>>>
> > >>>>>
> > >>>>> I spoke with Melissa Travers, the MVP Lead for both  ISA
> > >>>>> and Exchange, and she said the Exchange group's MVP site
> > >>> was really,
> > >>>>> really good, and that the Exchange group themselves is
> > >>> quite active.
> > >>>>> Being they are the Exchange group, I can see why they
> > >> would have a
> > >>>>> decent portal. ;)
> > >>>>>
> > >>>>> I suggested that if there were a single sourced,
> > >>>>> Microsoft controlled MVP site where we could "browse
> > >>> through" other
> > >>>> MVP
> > >>>>> list  content, that issues like this (the perceptions
> > >>>> surrounding what
> > >>>>> Exchange will  and won't support and why) would be much
> > >> easier to
> > >>>>> manage, and that "the right  people" from both sides could
> > >>>> engage each
> > >>>>> other in a positive way when two  technologies collide like
> > >>>> this.  To
> > >>>>> me, this is a major shortcoming in  the MVP program
> > >>> overall.  Given
> > >>>> the
> > >>>>> fact that the MVP program was created  in order to provide a
> > >>>>> collaborative environment for various technologies, it
> > >>> seems like a
> > >>>>> horrible waste of a perfect opportunity to expand that
> > >>> environment
> > >>>> out
> > >>>>> to the MVP's and product teams in other product
> > >>> competencies.    The
> > >>>>> fate of the ISA-MVP list is testament to that.
> > >>>>>
> > >>>>> So, in  the absence of a coordinated effort on
> > >>>>> Microsoft's part to wrap it's  collective arms around the
> > >>> MVP's and
> > >>>>> product teams, I'll see if I can get on  the Exchange
> > >> MVP list and
> > >>>> begin
> > >>>>> a dialog of exactly what is going on here.   But I'll
> > >> need to get
> > >>>>> immersed in Ex2007 first, which I've just not had  the
> > >> time to do.
> > >>>> The
> > >>>>> promise of true unified messaging in 2007 was  a major draw
> > >>>> to me, but
> > >>>>> given the apparent narrow PBX support and lack of  official
> > >>>>> functionality documentation, the rush to explore has lost it's
> > >>>> luster.
> > >>>>>
> > >>>>> t
> > >>>>>
> > >>>>>
> > >>>>> On 2/26/07 6:02 AM, "Jim Harrison"  <Jim@xxxxxxxxxxxx>
> > >>>>> spoketh to all:
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> Documentation always follows the  product, which
> > >>>>> is barely on the streets.
> > >>>>> I've seen some regarding WM6,  but the basic
> > >>>>> concepts are the same.
> > >>>>> ..coming soon to a website near  you...
> > >>>>>
> > >>>>>
> > >>>>> From: isapros-bounce@xxxxxxxxxxxxx
> > >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]  On Behalf Of 
> Jason Jones
> > >>>>> Sent: Monday, February 26, 2007  3:31 AM
> > >>>>> To: isapros@xxxxxxxxxxxxx
> > >>>>> Subject: [isapros] Re:  ISA, Exchange 2007 and
> > >>>>> Perimeter Networks
> > >>>>>
> > >>>>> Hi All,
> > >>>>>
> > >>>>> Anyone (Tim?) had chance to look at the least
> > >>>>> privilige approach with Exchange 2007 yet?
> > >>>>>
> > >>>>> From what I am hearing the "CAS not supported in
> > >>>>> perimeter" statement is based more on "we haven't tested it
> > >>>> yet" more
> > >>>>> than  "we don't think it is a good idea".
> > >>>>>
> > >>>>> I have a few customers looking at placing the
> > >>>>> entire  Exchange architecture behind ISA (very
> > >> untrusted LANs) - I
> > >>>> have
> > >>>>> done this  with Exch2k3, but has anyone looked at this
> > >>> for  Exch2k7?
> > >>>>>
> > >>>>> I am guessing this is not supported either, but
> > >>>>> documentation is very thin on the ground with reference
> > >> to 2k7 and
> > >>>>> periemeter networking....
> > >>>>>
> > >>>>> Cheers
> > >>>>>
> > >>>>> JJ
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> ________________________________
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> From: isapros-bounce@xxxxxxxxxxxxx
> > >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]  On Behalf Of Thor
> > >>> (Hammer of
> > >>>> God)
> > >>>>> Sent: 15 January 2007  15:27
> > >>>>> To: isapros@xxxxxxxxxxxxx
> > >>>>> Subject: [isapros] Re:  ISA, Exchange 2007 and
> > >>>>> Perimeter Networks
> > >>>>> Right you are...  The analogy fits when you use
> > >>>>> "comparative logic" as opposed to just thinking of the zone in
> > >>>>> singularity... Compared to the areas on either side of
> > >> the DMZ, it
> > >>>>> should be  easy to discern any activity at all in the
> > >> DMZ itself-
> > >>>>> particularly hostile  activities.  There are strict
> > >> policies about
> > >>>> what
> > >>>>> can go on in the  Korean DMZ, as there should be in one's
> > >>>> network DMZ.
> > >>>>> Internet  traffic is chaotic, and I don't even bother 
> trying to
> > >>>>> determine what is  going on out on my Internet 
> segment- I can't
> > >>>> control
> > >>>>> it anyway (other than  my policy of implementing router
> > >>>> ACL's to match
> > >>>>> inbound/outbound traffic  policies at my border
> > >> router).  Internal
> > >>>>> traffic isn't chaotic, but it  is  hard to monitor 
> for "hostile"
> > >>>> packets
> > >>>>> given the sheer volume and  type of traffic being generated by
> > >>>> internal
> > >>>>> users, servers, services, etc to  any number of different
> > >>> hosts and
> > >>>>> clients.  But in the DMZ, you should  be able to
> > >>> immediately notice
> > >>>> when
> > >>>>> something out of the ordinary is going  on.  For
> > >>> instance, if I see
> > >>>> POP3
> > >>>>> logon traffic, I know something is  FUBAR, as I don't
> > >>>> support POP3 in
> > >>>> my
> > >>>>> DMZ at all.  If I see modal  enumeration by way of a null
> > >>> session, I
> > >>>>> know something is going on.   And etc, etc.
> > >>>>>
> > >>>>> So, to me, it fits, and that is the term I
> > >>>>> choose to use.  I won't be changing ;)
> > >>>>>
> > >>>>> t
> > >>>>>
> > >>>>>
> > >>>>> On 1/15/07  6:40 AM, "Gerald G. Young"
> > >>>>> <g.young@xxxxxxxx> spoketh to  all:
> > >>>>> The DMZ in Korea itself isn't crawling with
> > >>>>> military.  Either side of it is, ensuring that the
> > >> definition of a
> > >>>>> demilitarized zone is observed and maintained.  Before
> > >>> the advent of
> > >>>>> DMZs in networking, a DMZ meant an area from which
> > >>> military forces,
> > >>>>> operations, and installations were prohibited.
> > >>> Essentially, it's a
> > >>>>> wide empty area that constitutes a border with forces on
> > >>> either side
> > >>>>> pointing guns into it.
> > >>>>>
> > >>>>> I've always thought the adaptation of  the
> > >>>>> acronym to the world of networking a bit strange.  
> "Oh!  We  got
> > >>>>> activity in our networked DMZ!  Kill it!"  :-)
> > >>>>>
> > >>>>>
> > >>>>> Cordially  yours,
> > >>>>> Jerry G. Young  II
> > >>>>> Product  Engineer - Senior
> > >>>>> Platform Engineering, Enterprise Hosting
> > >>>>> NTT  America, an NTT Communications Company
> > >>>>>
> > >>>>> 22451 Shaw  Rd.
> > >>>>> Sterling, VA 20166
> > >>>>>
> > >>>>> Office: 571-434-1319
> > >>>>> Fax:  703-333-6749
> > >>>>> Email:  g.young@xxxxxxxx
> > >>>>>
> > >>>>>
> > >>>>> From: isapros-bounce@xxxxxxxxxxxxx
> > >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]  On Behalf Of Amy
> > >> Babinchak
> > >>>>> Sent: Sunday, January 14, 2007  7:08 PM
> > >>>>> To: isapros@xxxxxxxxxxxxx
> > >>>>> Subject: RE: [isapros]  Re: ISA, Exchange 2007
> > >>>>> and Perimeter Networks
> > >>>>>
> > >>>>>
> > >>>>> That's what it means to me too. Can't see the
> > >>>>> Korean  no mans' land as qualifying as a DMZ when it's
> > >>> crawling with
> > >>>>> military.
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> In this conversation we have to take into
> > >>>>> consideration that CAS also includes the capability to
> > >>>> provide access
> > >>>> to
> > >>>>> folders and files right in OWA. This may be the thing that the
> > >>>> Exchange
> > >>>>> team  thinks throws a monkey wrench into the secure
> > >>>> deployment of CAS
> > >>>> in
> > >>>>> a a DMZ.
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> ________________________________
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> From: isapros-bounce@xxxxxxxxxxxxx on behalf  of
> > >>>>> Jason Jones
> > >>>>> Sent: Sat 1/13/2007 6:46 PM
> > >>>>> To:  isapros@xxxxxxxxxxxxx
> > >>>>> Subject: [isapros] Re: ISA, Exchange 2007  and
> > >>>>> Perimeter Networks
> > >>>>>
> > >>>>> For me, DMZ means scary place completely
> > >>>>> untrusted,  perimeter network means less scary place
> > >> trusted to a
> > >>>>> degree, but strongly  controlled
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> ________________________________
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> From: isapros-bounce@xxxxxxxxxxxxx
> > >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]  On Behalf Of Thor
> > >>> (Hammer of
> > >>>> God)
> > >>>>> Sent: 12 January 2007  23:51
> > >>>>> To: isapros@xxxxxxxxxxxxx
> > >>>>> Subject: [isapros] Re:  ISA, Exchange 2007 and
> > >>>>> Perimeter Networks
> > >>>>> Interesting... Probably a good idea for us to
> > >>>>> actually articulate what we really mean when we say DMZ.
> > >>>>>
> > >>>>> I guess to  some it means "free for all network"
> > >>>>> but for me, it should be the network  where you have the most
> > >>>>> restrictive policies controlling each service so  that it
> > >>> is obvious
> > >>>>> when malicious traffic hits the wire.   Thoughts>
> > >>>>> t
> > >>>>>
> > >>>>>
> > >>>>> On 1/12/07 3:30 PM, "Steve Moffat"
> > >>>>> <steve@xxxxxxxxxx> spoketh to all:
> > >>>>> That's what I thought, now it's what I  know....
> > >>>>>
> > >>>>>
> > >>>>> From: isapros-bounce@xxxxxxxxxxxxx
> > >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]  On Behalf Of 
> Jim Harrison
> > >>>>> Sent: Friday, January 12, 2007  6:35 PM
> > >>>>> To: isapros@xxxxxxxxxxxxx
> > >>>>> Subject: [isapros] Re:  ISA, Exchange 2007 and
> > >>>>> Perimeter Networks
> > >>>>>
> > >>>>> Aside from normal router & switch ACLs, ISA is
> > >>>>> the single line of defense.
> > >>>>> "..we don't need no stinking  DMZs"
> > >>>>>
> > >>>>>
> > >>>>> From: isapros-bounce@xxxxxxxxxxxxx
> > >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]  On Behalf Of 
> Steve Moffat
> > >>>>> Sent: Friday, January 12, 2007  12:12 PM
> > >>>>> To: isapros@xxxxxxxxxxxxx
> > >>>>> Subject: [isapros]  Re: ISA, Exchange 2007 and
> > >>>>> Perimeter Networks
> > >>>>>
> > >>>>> Ahh...just had a thought.
> > >>>>>
> > >>>>> It's all  labeling.
> > >>>>>
> > >>>>> Jason, and others (not Jason's fault), have been
> > >>>>> using the term DMZ.
> > >>>>>
> > >>>>> Historically, is the term DMZ not taken
> > >>>>> literally as being completely firewalled off from the trusted
> > >>>> networks,
> > >>>>> and  what Jason is talking about is trusted network
> > >> segmentation.
> > >>>>>
> > >>>>> I  betcha that's why the Exchange team don't
> > >>>>> support it...they think it's a  typical run of the mill DMZ...
> > >>>>>
> > >>>>> Jim, isn't MS's Internal network  segmented by
> > >>>>> usin ISA?? Including your mail servers?
> > >>>>>
> > >>>>> S
> > >>>>>
> > >>>>>
> > >>>>> All mail to and  from this domain is
> > >>>>> GFI-scanned.
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> All mail to and from this domain is GFI-scanned.
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> All mail to and from this domain is GFI-scanned.
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>> All mail to and from this domain is GFI-scanned.
> > >>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>
> > >>>
> > >>> All mail to and from this domain is GFI-scanned.
> > >>>
> > >>>
> > >>>
> > >>>
> > >>
> > >>
> > >> All mail to and from this domain is GFI-scanned.
> > >>
> > >>
> > >>
> > >>
> > >>
> > >
> > >
> > >
> > >
> > 
> > 
> > 
> > 
> 
> 
> 
> 
>

Other related posts:

  1. Home
  2. isapros
  3. Archive
  4. 02-2007