Folks,
I must apologize here, the documentation I was referencing from has long
since past by here, and been hit with the delete key. While I do retain
much information that passes my desk, for citing and referal in reports
and to back up claims I post, the direct information I meant to be citing
from escapes me here at present, even after a strong attempt to relocate
it in the reams of data kept on hand. Additional information supplied on
this issue by Eugenio
<http://sartryckr.idg.se/art/Brandvaggar4_nok102001.html> and
[EMAIL PROTECTED]/Randy Graham <http://nsa2.www.conxion.com/>, feel not to
be the information upon which I was basing my statements, so, please, let
me step back and reasses my stance on the isa server in a modified form:
recent posting via sans and security wire digest might be of interest
here, not limited to, yet, including the more recent out of sans;
--24 August 2001 Microsoft Releases IIS Lockdown Tool
In the aftermath of Code Red, Microsoft released an IIS Lockdown Tool
that disables many functions and services that could be exploited
by attackers.
http://www.computerworld.com/storyba/0,4125,NAV47_STO63310,00.html
[Editor's (Schultz) Note: I understand the desire to turn off FTP
and SMTP services, too, but I question the wisdom of doing this when
the real problem is IIS Web servers. It is important to disable all
unnecessary services, but having a tool that purports to fix IIS but
then goes and does other things is not necessarily desirable.]
--17 August 2001 Patch Available for ISA Server 2000 Flaws
Microsoft has issued a patch to repair three holes in its Internet
Security and Acceleration (ISA) Server 2000. Two of the flaws are
memory leaks: one in the voice-over-IP capability, and one in the
proxy service that could lead to denial of service. The third is an
error message-handling problem that could allow attackers to execute
malicious code and use cookies on the affected machines.
http://computerworld.com/nlt/1%2C3590%2CNAV65-663_STO63199_NLTSEC%2C00.html
Additionally, from what I have seen on ISA puts it more in the 'packet
filtering firewall' realm, then a tool on par with the better known tools
like the pix, CP fw1, and similair high end products, which appear to give
greater bang for the buck and far less hardware
<http://sartryckr.idg.se/art/Brandvaggar4_nok102001.html>.
Thanks,
Ron DuFresne
On Fri, 14 Sep 2001, Ian McHale wrote:
> Ron:
>
> What exactly is ment by "You have no control over what is sent out." Are you
> inferring that ISA is not capable of blocking access from the intranet to
> the Internet? If that is the case you are mistaken. If you have a more
> specific meaning please share as I would be interested in hearing what you
> know about the product and your experience in configuring/deploying ISA in a
> Corporate/Enterprise environment.
>
>
> Best Regards,
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Ron DuFresne
> Sent: Thursday, September 13, 2001 4:20 PM
> To: Chris Patterson
> Cc: Firewalls (E-mail); [EMAIL PROTECTED]
> Subject: Re: MS ISA Server
>
>
>
> Bewary if ISA server in this role. Consider it more of a 'personal
> firewall' only able to 'monitor' what comes from the outside. You have no
> control over what is sent out. M$ altered their web pages to accomodate
> this. You might find an "ISA" query on the bugtraq archives to be
> knowledge worthy.
>
> Thanks,
>
> Ron DuFresne
>
> O
>
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
