> -----Original Message----- > From: Ron DuFresne [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, April 16, 2002 13:46 > To: Noonan, Wesley > Cc: 'Schouten, Diederik (Diederik)'; 'Rink, Jesse'; > '[EMAIL PROTECTED]' > Subject: RE: Replacing my old PIX Classic > <snip> > > And the problem as noted in the VLAN thread still affects them. you did > also read this part of the thread:
Sure I did. You were making a case for why *VLANs* were a problem, then pointed to a generic switch issue. IOW, it affects all switches, including the standalone switches you seem to be a proponent of. The words you are looking for here are "I was wrong". > > second, you are point to a security tool for IIS that locks IIS web > services > > down as an "exploit" against ISA. You realize that ISA <> IIS? > > <ROFL> sure I do, see below: > Right, but what about that IIS only tool that you have attempted to pass off as an "exploit" against ISA? You know, the one at the top of your list. Here, let me help: <quote> > --24 August 2001 Microsoft Releases IIS Lockdown Tool > In the aftermath of Code Red, Microsoft released an IIS Lockdown Tool > that disables many functions and services that could be exploited by > attackers. > http://www.computerworld.com/storyba/0,4125,NAV47_STO63310,00.html > [Editor's (Schultz) Note: I understand the desire to turn off FTP and > SMTP services, too, but I question the wisdom of doing this when the > real problem is IIS Web servers. It is important to disable all > unnecessary services, but having a tool that purports to fix IIS but > then goes and does other things is not necessarily desirable.] </quote> > > Yes, it does as I have previously noted and attempted to clarify. I was > > incorrectly informed, and incorrectly passed the information on. > > > > Newsgroups tend to be slow, can I suggest butraq and ntbugtraq as better > places to keep informed and up to date? Sure you can. Considering you have no clue as to what newsgroup (or mailing lists quite frankly) I subscribe to, or the people I talk to, I can't say that your suggesting carries much weight with me, but sure you can make it. > I refer not to that, you misread. I refer to the M$ from the BIG man down > directive to make security the prime concern for all products. This is > the recent reference I make. Fair enough. This is a problem how exactly? Would you prefer that they continue their "we are almighty Microsoft" position? Maybe you would prefer them to say something like "our database can not be hacked"? > > This isn't a bad thing, it's a good thing. While yes, it means there are > > problems, it also means they are being addressed. > > > > <smile> there are other issues of history to consider, first, most > vendors are much or historically much quicker to not only admit to a > security issue, but to devise patches for them, linux folks being one. M$ I guess it all depends on how good you are with MS. I have never had an issue with the timeliness of issues, but then again I know how to support MS products. > has a bad record with producing patches in quicktime and also producing > patches that are not broked or break other areas when installed. Which > sounds alot like an issue with QA... No, it sounds more like an issue related to the fact the they wind up supporting an exponential number of more systems, hardware and software than any Unix platform I know of does. You can only test so many variances, and still ship timely... you did make the point of timely patch release, didn't you? > Of course, being fairly new to the > list, you might well be unaware of the history... Yeah, I have only been on the list a few years now... > > However, when a company releases a security lockdown tool, and people > claim > > that it is an exploit, there is some serious FUD being thrown around to > > attempt to discredit said company. I have already addressed the > statements I > > was incorrect in, will you? > > > > Ahh, yes, this is what I get for trying to quickly show how incorrect the > original statement was on ISA being bug clear. and it was perhaps not > realted to this discussion, until you recent rants has made it so. Now It wasn't related what-so-ever, other than a misguided attempt by a poorly informed software bigot to try to bolster a flawed position. > let it demonstrate the poorly realsed tools that are proped up to deal > with issues folks need immediate issues dealt with when there are sploits > and viri/worms damaging their abilities to function. I think what you meant here was "I was wrong". It's really not that difficult to say once you move your ego out of the way. Wes _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
