mailing list archives
Re: Bypassing ISA Server 2004 with IPv6
From: Christine Kronberg <seeker () shalla de>
Date: Sat, 15 Apr 2006 22:23:48 +0200 (CEST)
Microsoft ISA Server can't filter events from Microsoft Mouse, but
Apples and peas?
Microsoft Mouse can be bound to computer. It's security risk, but I know
how to secure mouse without ISA and I accept this risk.
Nice, that you do. If I manage by any means to see remotely
that you have attached a mouse to your ISA and to (ab)use it,
I'm much better that I thought - and you have much bigger problems
than you thought.
The nice thing about icmp is that I do not require much knowledge
to get information remotely. Same true with ipv6. Unless something
in between stops me. Which brings us back to the topic: a firewall
allowing too much.
IPv6 can not be filtered by ISA, but it still can be filtered by
different tools, or by it's own means, as IPv6 support network-level
security. Unlike IPv4, IPv6 supports authentication, integrity checking
and encryption natively. See ipsec6.exe and descriptions for Security
Association Batabase and Security Policy Database.
So you state that it is perfectly well for a firewall to allow
any traffic through. Per default? And that this firewall does not
need to have the interface to configure what traffic is allowed?
If a firewall supports a protocol, that same firewall should also
provide the proper means and interface to configure it. And not blow
holes in networks.
Re: Bypassing ISA Server 2004 with IPv6 offtopic (Apr 09)