[isapros] Re: ..and the noise increases...
- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Tue, 25 Sep 2007 12:07:36 -0700
In regard to that article, what they are doing is actually a good thing
given the way they are going about it. The secured, locked down desktop
environment is FAR more secure than NOT doing it that way. The benefits
of that configuration far outweigh the risks of having an environment
where they don't have that control. The PC's would be pwned anyway. And
the real crux of that article is in regard to off-shore asset management
- like sending your infrastructure and IP over to another country where
copyright and patent law may not exist...
Are you going to write the white paper? Virtualization may very well
provide excellent benefits within a "secure infrastructure" if done
properly. In fact, I think you owe it to the public to write about what
they shouldn't do just so they see what is possible when done "right."
Or are you saying that the inclusion of virtual assets in any topology
obviates security in any form?
t
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-
> bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> Sent: Tuesday, September 25, 2007 11:45 AM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: ..and the noise increases...
>
> Lot's of places. Check out this article
>
> http://www.csoonline.com/read/050105/offshore.html
>
> Look at the section "Lock down the infrastructure"
>
> Also, I was recently hired to write a white paper on creating a secure
> infrastructure for the professional services sector, and they want me
> to
> include the benefits of virtualization as part of it. :\
>
> Tom
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- Microsoft Firewalls (ISA)
>
>
>
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx
> > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor
> > (Hammer of God)
> > Sent: Tuesday, September 25, 2007 1:22 PM
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] Re: ..and the noise increases...
> >
> > Not to start something none of us can finish, but where are you
> seeing
> > anyone declaring virtualization to be a security solution? It's a
> > deployment solution, just like Windows and Linux are "deployment"
> > solutions. Just another operating system that's, well, operating
> > systems. Security lives above and below any deployment
> > solution where's
> > it always been -- before everyone goes nuts regarding what Microsoft
> > will or won't support, let's make sure we're all talking
> > about the same
> > thing.
> >
> > And regarding what MSFT does and doesn't support, it has far
> > less to do
> > with the products than it does the people they are hiring to support
> > those products.
> >
> > t
> >
> > > -----Original Message-----
> > > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-
> > > bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> > > Sent: Tuesday, September 25, 2007 11:10 AM
> > > To: isapros@xxxxxxxxxxxxx
> > > Subject: [isapros] Re: ..and the noise increases...
> > >
> > > I don't think the problem is that virtualization isn't good. Heck,
> > I've
> > > been using Vmware since it's pre 1.0 days.
> > >
> > > The problem is that people think it's a miracle cure all for all
> the
> > > problems they've had (which is amazing, because even when I first
> > > starting using VMs, I never considered it anything other
> > than a useful
> > > test tool and server consolidation solution). But somehow
> > people think
> > > it's a "security solution" which it truly ain't, except for
> > some very
> > > specific scenarios, such as offshoring a network and PC
> > infrastructure.
> > > When it comes to security, it just adds to the attack
> > surface, so keep
> > > your network and infrastructure security devices that are meant to
> > > protect the virtualized infrastructure *off* VMs.
> > >
> > > IMHO,
> > > GMT
> > >
> > > Thomas W Shinder, M.D.
> > > Site: www.isaserver.org
> > > Blog: http://blogs.isaserver.org/shinder/
> > > Book: http://tinyurl.com/3xqb7
> > > MVP -- Microsoft Firewalls (ISA)
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
> > > > Sent: Tuesday, September 25, 2007 12:45 PM
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] Re: ..and the noise increases...
> > > >
> > > > Absolutely.
> > > >
> > > > And remember...not supported doesn't mean it doesn't work. It
> also
> > > > doesn't mean it's not supported either.....
> > > >
> > > > Betcha if you had Jimbo on the other end of the CSS phone
> > call, he'd
> > > > help if he wasn't busy.....
> > > >
> > > > Anyway..if it's a vm and it worked when you first set it up,
> > > > you'd have
> > > > a backup that you could rely on anyway...wouldn't you???
> > > >
> > > > :)
> > > >
> > > > -----Original Message-----
> > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx]
> > > > On Behalf Of Jim Harrison
> > > > Sent: Tuesday, September 25, 2007 2:40 PM
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] Re: ..and the noise increases...
> > > >
> > > > Yes; disappointment in the blog posting by an otherwise
respected
> > > > person.
> > > >
> > > > Actually, I do like virtualization (ask Steve about my
> > latest toy).
> > > > I'd really love it if we could have a policy that didn't have to
> > > > consider the "but I wanna!!!!" 1d10t'5 that will try to blame
ISA
> > for
> > > > what it can't control. Remember the IPv6 fiasco of last
> > > > year? That was
> > > > started by an MVP, no less... Imagine what "Joe
> > IsaAdmin" will try
> > > to
> > > > do (seen the NG postings lately?).
> > > >
> > > > I'm trying to work out something a bit better than what
> > we currently
> > > > have, but what (nearly) everyone forgets is that any ISA support
> > > > statement has to be balanced on the needle-point of
> > > > "support". Our CSS
> > > > folks have to be able to recognize fact from bullshrimp and
> > > > we all know
> > > > that "customers never lie; they merely misrepresent certain
> > facts"...
> > > > MS counts support costs in minutes and every minute that the CSS
> > > folks
> > > > waste sorting out the ISA deployment into "supported &
> > unsupported"
> > > > wastes time for the customer and MS both.
> > > >
> > > > -----Original Message-----
> > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx]
> > > > On Behalf Of Amy Babinchak
> > > > Sent: Tuesday, September 25, 2007 10:19 AM
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] Re: ..and the noise increases...
> > > >
> > > > Jim,
> > > >
> > > > Is that disappointment I see in the subject line?
> > > >
> > > > Don't you know? Virtualization is the solution to all things.
> It's
> > > > backup. It's totally secure. It's business continuity. And it's
> > > cheap!
> > > > What could possibility be better?
> > > >
> > > > Yes, that's sarcasm.
> > > >
> > > >
> > > > P.S. Oh yeah Tom. Shiver me timbers, talk like a pirate day
> > > > was like so
> > > > last Wednesday, arg.
> > > >
> > > > -----Original Message-----
> > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > [mailto:isapros-bounce@xxxxxxxxxxxxx]
> > > > On Behalf Of Thomas W Shinder
> > > > Sent: Tuesday, September 25, 2007 12:56 PM
> > > > To: isapros@xxxxxxxxxxxxx
> > > > Subject: [isapros] Re: ..and the noise increases...
> > > >
> > > > And they'll blame Microsoft when they implement abysmal security
> > > > practices because they want to get security "on the cheep"
> > > >
> > > > ARG.
> > > >
> > > > Thomas W Shinder, M.D.
> > > > Site: www.isaserver.org
> > > > Blog: http://blogs.isaserver.org/shinder/
> > > > Book: http://tinyurl.com/3xqb7
> > > > MVP -- Microsoft Firewalls (ISA)
> > > >
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: isapros-bounce@xxxxxxxxxxxxx
> > > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim
Harrison
> > > > > Sent: Tuesday, September 25, 2007 11:34 AM
> > > > > To: isapros-repost@xxxxxxxxxxxxx
> > > > > Subject: [isapros] ..and the noise increases...
> > > > >
> > > > >
http://www.windowsitpro.com/Articles/ArticleID/97153/97153.html
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> >
> >
> >
> >
Other related posts:
