MS ISA Server - evidence/quotes

Tue, 18 Sep 2001 06:36:50 -0700 

Dear Members of the list! 
As Mr Du Fresne gives the most recent "evidence" that MS ISA might NOT be
as secure as one might think (referring to the released patches),
I feel much more comfortable with my ip_chains FW @ home then behind
the ISA @ my customers site ;-)
I DO understand what linux does with/to the packets ( at least I think) but
I neither SEE
nor can I analyze what the ISA packetfilters does to the packets.

For me the ISA is more of a MS Proxy V2.0 with some nice filtering - no more
no less.
I feel uncomfortable for not having the right links/references at hand when
I first wrote
my comment on ISA and Ben Nagy was totally right for asking me for
"evidence" or
links. Now, that Ron has taken that burden I feel much better ;-)

Happy firewalling, I always appreciate your input/comments and never meant
to offend anyone!

Regards
Basti

> recent posting via sans and security wire digest might be of interest
> here, not limited to, yet, including the more recent out of sans;
> 
>  --24 August 2001  Microsoft Releases IIS Lockdown Tool
> In the aftermath of Code Red, Microsoft released an IIS Lockdown Tool
> that disables many functions and services that could be exploited
> by attackers.
> http://www.computerworld.com/storyba/0,4125,NAV47_STO63310,00.html
> [Editor's (Schultz) Note: I understand the desire to turn off FTP
> and SMTP services, too, but I question the wisdom of doing this when
> the real problem is IIS Web servers.  It is important to disable all
> unnecessary services, but having a tool that purports to fix IIS but
> then goes and does other things is not necessarily desirable.]
> 
>  --17 August 2001  Patch Available for ISA Server 2000 Flaws
> Microsoft has issued a patch to repair three holes in its Internet
> Security and Acceleration (ISA) Server 2000.  Two of the flaws are
> memory leaks: one in the voice-over-IP capability, and one in the
> proxy service that could lead to denial of service.  The third is an
> error message-handling problem that could allow attackers to execute
> malicious code and use cookies on the affected machines.
>
http://computerworld.com/nlt/1%2C3590%2CNAV65-663_STO63199_NLTSEC%2C00.html

> CP fw1, -> greater bang for the buck and far less hardware
> <http://sartryckr.idg.se/art/Brandvaggar4_nok102001.html>.

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net

_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls

Reply via email to