Firewalls: Re: Microsoft Proxy Server

Firewalls
(June 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Microsoft Proxy Server
From:	"Jeremy D. Zawodny" <jzawodn @ wcnet . org>
Date:	Wed, 04 Jun 1997 23:22:59 -0400
To:	Wong <smwong @ pdx . com . my>, Daniel_Yamaguchi @ iscci . com, Jan Guldentops <jacko @ tornado . be>, "Jeremy D. Zawodny" <jzawodn @ wcnet . org>
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<33956691 . 57F6 @ pdx . com . my>
References:	<882564A1 . 00018A6A . 00 @ isc_domino . iscci . com>

At 08:58 PM 6/4/97 +0800, Wong wrote:

>On 23 May 1997, Daniel_Yamaguchi @
 iscci .
 com wrote:
>> 
>>                      All About MickySoft Proxy Server
>> 
>> Security (...???)
>> 
>> Microsoft's Proxy Server was subjected to extensive security testing and
>> evaluation from independent testing agency, Coopers & Lybrand's Information
>> Technology Security Services and is resistant to common attacks such as "IP
>> Spoofing", 'SATAN", and "ISS." 
>> 
>C & L is an accounting and consulting firm (correct me if I'm wrong).
>What do
>they know about TCP/IP ports, filters (packet-level, application-level),
>encryption etc ?
>They might talk about this and that, but do they know how to configure a
>proxy server
>or a firewall ?

Quite a lot, I'd imagine--that is, if they're anything like their peers:
Andersen Consulting, Ernst & Young, etc...  Much of their business now
comes from consulting on topics like network security, architectures, and
so on.  You'd be surprised,  I think.

How do I know?  I almost went to work for Ernst & Young Consulting and met
some of their best people.  They *do* know their stuff.

>> Manageability & Ease of Use
>> 
>> Integrated with NT User Directory Services, Microsoft Proxy Server allows:
>> 
>Directory Service? Are you sure? Using NOVELL NDS or BANYAN Streetalk ?
>Or LDAP?

As the message said, MS Proxy uses NT's directory services (as in their
domain security model) to perform authorization and authentication.

>> Easy Administration provided by a clean, easy to understand and easy to
>> administer interface.
>> 
>How do you administer multiple servers? And they are spread nation-wide?
>Unless you are running NetWare 4.x or Banyan.

If their all part of the same master domain, you administer them the same
way you'd administer any other NT services running on many NT boxes on a
WAN.  This is really a non-sequitor.

>> Remote Administration via Internet Service Manager allows Microsoft Proxy
>> Server to be managed from any Windows NT system on the network.
>> 
>I thought only NetWare have a utility called "rconsole" ?

What's your point?

>> Web Proxy
>> 
>> Multi-Platform Support - The Web Proxy Server supports all platforms
>> including:
>>                  Windows NT Server
>>                  Windows NT Workstation
>>                  Windows '95
>>                  Windows for Workgroups/Win 3.1
>>                  UNIX
>>                  Macintosh
>Does IE run on Macintosh or UNIX? NETSCAPE Navigator can.

IE runs on the Mac, but not on Unix.  What's that have to do with anything?
 It's a proxy server--any up-to-date browser can talk to it.

>> Integrates with NT network security domain model -  Microsoft Proxy Server
>> extensively leverages the network-based Windows NT domain security model to
>> manage access permission and logging.
>> 
>You must use "Trust" to connect those domains together. And, the "Trust"
>can be
>compromised to make the NT trust anybody. Sounds scary . . . .!

Assuming you have multiple domains, yes.  If you run in a Master Domain
model (as many companies do), then the trust is there anyway.  Again, this
is a non-sequitor.  The features you are picking at are NT features and
have little to do with their proxy server, let along firewalls (which is
what this list is about).

>> Massive Scalability - Microsoft Proxy Server's cache is limited only by
>> Windows NY Server system resources.
>> 
>Can NT scale up to 64 processors, like the SUN servers? Or 12
>processors, like the
>Alpha servers.

No.

>Well guys, this is normal MickySoft marketing hype.

And you're surprised?

>On 24 May 1997, Jan wrote:
>>Let's put the record straight: if you are running MS-machines you'll need a
>>complete firewall to shield it all off. Or you can believe all the
>>marketing hype and leave your network completely open.... 
>
>I agree with what you said.
>
>>At 01:39 AM 5/24/97 -0400, Todd Graham Lewis wrote:
>>>On Fri, 23 May 1997 Daniel_Yamaguchi @
 iscci .
 com wrote:
>>>
>>>> We, at ISC Computers & Communications, Inc. feel that this solution will
>>>> meet your current needs regarding Internet Security. 
>>>
>>>I, at 1025 Greenwood Avenue Apartment 3 in Atlanta, do not.
>
>>Great... *Why not?*
>
>You can scroll-up to know why, Jeremy.

I did, and what I saw was an obviously biased view against Microsoft.  Your
apparently dislike of NT has made it difficult for you to put their product
in perspective--to figure out where is *makes sense* and does not.

Jeremy
---
Jeremy D. Zawodny
WCNet Technical Geek & Web Stuff
<URL:http://www.wcnet.org/~jzawodn/>

"You are what you think."

References:

Re: Microsoft Proxy Server
From: Wong <smwong @ pdx . com . my>

Indexed By Date	Previous:	Re: Secure Telnet! From: Vin McLellan <vin @ shore . net>
Indexed By Date	Next:	SMTP-MSmail From: David Murray <David . Murray @ camtech . com . au>
Indexed By Thread	Previous:	Re: Microsoft Proxy Server From: Wong <smwong @ pdx . com . my>
Indexed By Thread	Next:	Re: Microsoft Proxy Server From: "David Harvey-George" <david @ threewiz . demon . co . uk>