[Dshield] (no subject)

Kevin Whelan Kevin at mfs-group.co.uk
Wed Mar 27 16:08:07 GMT 2002

I would love that filter as I have a SQL server, and checking through
the logs is a laborious task, if it also allows the info to be sent of
to Dshield all the better

Thanking you in advance

Kevin Whelan
IT Manager
235 The Broadway
SW19 1SD
Tel.   020 8543 6244
Fax.   020 8545 5377
This e-mail message and any attachment may contain confidential
information intended for the addressee(s) only. 

If you are not a named recipient or if you have received it in error,
please e-mail the sender or telephone 020 8543 6244 and then delete the
message from your system.  You should not read, use, copy, forward or
disclose the contents to anyone else.

Unless the content of this e-mail has been approved by MFS IFA, any
views or opinions expressed are those of the sender and do not
necessarily represent those of the company.

As the internet is capable of corrupting data, and as e-mails can be
intercepted, MFS will accept no responsibility for any loss of data, or
damage caused if this email or any attachments contain a virus.

-----Original Message-----
From: Tom Geairn [mailto:tgeairn at newviewconsulting.com] 
Sent: 27 March 2002 15:37
To: list at dshield.org
Subject: RE: [Dshield] (no subject)

Hash: SHA1

Bob, Kevin, et all:

Overall, I've done approximately 30 ISA Server installs in the past 12
months.  These have all gone smoothly and in every case the product has
exceeded the client's expectations.  

I agree with Kevin, in part, though.  The correct set-up of ISA Server
is NOT a trivial task.  It requires all of the knowledge needed to
set-up a firewall, along with thorough knowledge of everything you want
to publish from behind it.  Throw in the fact that MS basically went to
the nth degree in making it flexible (creating about 1000 different ways
to do the same thing) and many smaller companies get frightened off.

In those 30 installs (including approx. 50 servers total), I have never,
NOT ONCE, seen a successful breach of the ISA firewall.  Some of these
machines are at sites being hit continuously by attempted hacks.
Another plus is that using the proxied publishing for web and SMTP
servers (while complex to set up properly) prevented my clients from
experiencing any degradation on their actual web and email servers
during codered, nimda, etc.  

As far as a filter for ISA, I have written one that requires ISA to log
activity in an SQL Server DB.  I then use a stored procedure to parse
the entries and produce a more readily reportable format. 
Another procedure takes the data, throws it into a Dshield format, and
emails it.  I wrote this for a client, but they are not using it (I
don't think).  If there is sufficient demand out there, I will put
together something that doesn't require SQL Server.  Any requests?

- -Tom Geairn
NewView Consulting, LLC

- -----Original Message-----
From: list-admin at dshield.org [mailto:list-admin at dshield.org] On Behalf
Of Bob Savage
Sent: Wednesday, March 27, 2002 6:53 AM
To: list at dshield.org
Subject: RE: [Dshield] (no subject)

And is anyone else out there even USING ISA server?


Version: PGP 7.1


Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list