My family spent this Christmas vacation in Las Vegas. This was the first time we’ve done this. We usually spend our Christmas vacation at home. However, our Navy daughter is going to be deployed to Afghanistan next month and we won’t see her for over a year and she said she’d like to spend this Christmas time in Las Vegas. Given that she wasn’t going to be able to have any fun for over a year, we went with her request.

One thing I really don’t like about Las Vegas is that none of the strip hotels (that I’m aware of) offer free Internet access. You have to pay through the nose for it. This was going to be a big problem for us, since there were four of us and everyone wanted to use the Internet while we were there. The hotel we ended up staying at was charging 10 dollars a day for Internet. So, if all of us wanted to connect, it would be forty dollars a day for four days, or 160 dollars! There had to be a better way.

A solution that I’ve used before is to put a NAT device in front of my computer. I’ve done this in the past to solve the VPN problem related to the hotel network having the same network ID as my office network. As you know, the source and destination networks IDs need to be different when establishing a remote access client VPN connection. This wasn’t my problem this time, since I’ve implemented ORB and Foldershare for remote file access.

My problem this time is was that I didn’t have a cable connection at this hotel. They only offered a wireless connection. The problem I needed to solve was to get myself, my wife, and our two kids on the Internet using that single wireless connection.

I solved the problem by reconfiguring my wireless NAT device (I never call them “routers” since they don’t actually route connections, just NAT) into a wireless bridge. This configuration change was easy using the Web based interface on the Belkin wireless NAT device I picked up the day before leaving town (my “travel” NAT device died in an accident).

After changing the NAT device into a wireless bridge, I changed the IP address of the Ethernet port on my laptop to 192.168.2.1/24 and instructed everyone to assigned themselves an IP address on that network ID and make my computer their default gateway for their wireless NICs.

I then enabled Internet Connection Sharing (ICS) on my wireless NIC and then connected to the hotel’s wireless network.

Next, I configured the NAT device with an SSID and to use WPA2 with a pre-shared key. They were able to connect to the WLAN I configured and once I got through with paying for the Internet connection, they were able to connect to the Internet.

You probably think that this is configuration was self evident, but it wasn’t immediately obvious to me how I was going to solve the problem of only having a wireless connection to the hotel network. The reason for this is that I’ve been used to using a wired connection to the hotel and plugging the hotel connection into the public interface of the NAT device and plugging my laptop into the private connection, so that I would be assured that my network ID was different from the network ID used in my office.

What I didn’t think about at first was that my laptop, which has a wireless NIC and an Ethernet interface is that my laptop was a multihomed device and thus I could use ICS to share the hotel wireless connection.

We did end up having to create a remote access VPN connection to our office ISA Firewall, which meant that during the duration of the VPN connections, everyone needed to configure their browsers to be Web proxy clients of the ISA Firewall, which worked fine. I’ll discuss the details in a future article on how you can create a “poor man’s” site to site VPN using ICS in a branch office scenario.

That’s it for now. If you have your own tricks to share hotel wireless connections, let me know!

Thanks!

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)

Kaspersky® Anti-Virus 5.6 for Microsoft ISA Server 2004/2006 Standard Edition is commercially released

Woburn, MA — (SBWIRE) — 12/27/2006 — Kaspersky Lab, a leading developer of secure content management solutions, presents a new version of its product that protects corporate networks from viruses – Kaspersky® Anti-Virus 5.6 for Microsoft ISA Server 2004/2006 Standard Edition.

Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Standard Edition provides antivirus protection for all files transferred using the HTTP and FTP protocols via Microsoft Internet Security and Acceleration Server. The product acts as a filter that intercepts packets transferred via the HTTP and FTP protocols, isolating controlled objects from this data and analyzing them for the presence of viruses. The program attempts to treat any infected objects, and blocks the object, if necessary. This prevents any further transmission of the code, completely blocking the penetration of infected HTTP and FTP objects through Microsoft ISA Server.

For more information:

http://www.sbwire.com/news/view/9856

This week, Microsoft shipped beta versions of its next-generation Windows Small Business Server (SBS–code-named Cougar) and Windows Medium Business Server (code-named Centro) products. These products are currently available only via private beta.

Both Cougar and Centro will be 64-bit products that run on only the x64 hardware platform. Cougar is the Longhorn-era version of SBS and includes integrated versions of Longhorn Server, Exchange Server 2007, SQL Server 2005, ISA 2006, Windows SharePoint Services, and System Center Essentials.

For more information:

http://www.windowsitpro.com/mobile/pda/Article.cfm...News=1

HTH,

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)

December 14, 2006 — (WEB HOST INDUSTRY REVIEW) — Software giant Microsoft (microsoft.com) announced on Wednesday it has been ranked as a leader in independent research firm Forrester Research’s (forrester.com) “Forrester Wave: SSL VPN Appliances, Q4 2006″ report published this week.

…”With ISA server and the IAG products, we are able to provide greater value in the areas of security, ease of use and application optimization, and we’ll continue working with our partners to bring innovative and flexible solutions to our customers.”…

For more information:

http://www.thewhir.com/marketwatch/121406_Microsof...et.cfm

HTH,

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)

Get it now before it disappears again!

http://www.microsoft.com/downloads/details.aspx?di...43da89

HTH,

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)

If you go to the download page, you’ll see:

The download you requested is unavailable. If you continue to see this message when trying to access this download, go to the “Search for a Download” area on the Download Center home page.

I’ll let you know when I find it again.

HTH,

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)

Microsoft’s Intelligent Application Gateway Recognized for Its Security Support, Manageability and Usability, and Monitoring and Reporting

REDMOND, Wash., Dec. 13 /PRNewswire-FirstCall/ — Microsoft Corp. (Nasdaq: MSFT - News) is ranked a “Leader” in the “Forrester Wave: SSL VPN Appliances, Q4 2006,” published this week. This marks the first time Microsoft has been included in this prestigious review of the secure sockets layer virtual private networking (SSL VPN) market prepared by Forrester Research Inc., an independent research firm. Microsoft’s SSL VPN products were recognized for their security support, manageability and usability, and monitoring and reporting features, and Microsoft received one of the top scores for its overall product strategy (http://www.microsoft.com/whale ).

“Microsoft has moved quickly and efficiently into the SSL VPN appliance market with its acquisition of Whale Communications, now a wholly owned subsidiary. Whale’s Intelligent Application Gateway places Microsoft among the top SSL VPN vendors and provides a critical component for enhancing its Internet Security and Acceleration (ISA) Server. The result should not only be a heavyweight contender for enterprise remote access, but an ideal architecture for small and medium-size businesses (SMBs) as well,” the report stated.

Microsoft’s SSL VPN solutions covered in the Forrester report include the Intelligent Application Gateway (IAG) and Microsoft® Internet Security and Acceleration (ISA) Server. Together, these products provide the cornerstone for Microsoft’s overall secure access strategy and platform. Microsoft scored a 4.70 out of a potential 5.0 on product strategy, with the Forrester report noting that “Microsoft has a very strong vision that involves further integration of its IAG assets into the broader security and access portfolio.”

Microsoft’s Intelligent Application Gateway takes an application-centered approach and is the only SSL VPN in the market with Application Optimizers, which optimize access and security for both Microsoft and third-party applications. The IAG also enables companies to utilize the Application Optimizers for custom applications.

“Microsoft’s SSL VPN crown jewel is its intelligent Application Optimizer templates for deploying large applications, which will save hours of complex configuration for IT administrators,” the Forrester report noted in its Executive Summary about Microsoft.

“IT professionals today must balance the need for secure access by a growing mobile work force with protecting applications and network infrastructure. We’re committed to providing a comprehensive platform that meets both of these needs cost-effectively,” said Margaret Arakawa, senior director of the Security and Access Product Group at Microsoft. “With ISA Server and the IAG products, we are able to provide greater value in the areas of security, ease of use and application optimization, and we’ll continue working with our partners to bring innovative and flexible solutions to our customers.”

More information about the Microsoft SSL VPN solution can be found at http://www.microsoft.com/whale .

Firewall Client for ISA Server can be optionally installed on client computers protected by Microsoft ISA Server. Firewall Client for ISA Server provides enhanced security, application support, and access control for client computers. It provides authentication for Winsock applications that use TCP and UDP, supports complex secondary protocols, and supplies user and application information to the ISA Server logs.

When a client computer running Firewall Client for ISA Server makes a request, the destination is evaluated by the Firewall Client software, and external requests are directed to the ISA Server computer for handling. No specific routing infrastructure is required. Firewall Client sends user information transparently with each request, enabling you to create a firewall policy on the ISA Server computer with rules that use the authentication credentials presented by the client. ISA Server allows you to configure automatic discovery for Firewall client computers, using a WPAD entry in DNS or DHCP to obtain correct Web proxy settings for clients, depending on their location.
For more information about Firewall Client, see Internal Client Concepts in ISA Server and Automatic Discovery in ISA Server at the Microsoft TechNet site.

Download the beta at: http://www.microsoft.com/downloads/details.aspx?Fa...ang=en

HTH,

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)

Propalms Ltd was founded in 2001 as a focused software company to develop infrastructure products to license and distribute worldwide. Propalms specializes in URL filtering systems Microsoft ISA Firewall platforms and has sold its solutions to various industries across the United States and Europe through a distribution network that reaches 28 countries worldwide. Propalms has more than 2000 customers worldwide from international and local governments to all types of private enterprises.

For more information: http://www.marketwire.com/mw/release_html_b1?relea...193574

I’ve always considered the “hardware appliance” business as some kind of racket akin to the old Military Industrial complex post World War II. They had fear and superstition in common, and most importantly, the racketeers were able to cash in big on the ignorance and superstitions of their customers.

You can see this in the “hardware appliance” market today with vendors like Cisco and Blue Coat, who charge unseemly premiums for low to moderate grade hardware and software bundles. They get away with this by sprinkling a generous portion of fairy dust over their products, which magically makes their hapless customers believe that their offerings are more secure, higher performance and more reliable than a Windows based solution.

It’s an amazing disconnect for us who have been using Windows based Firewalls, email systems, databases and other applications for years without any significant security, performance or reliability issues, or at least fewer than those documented by the “hardware appliance” vendors (this is in regards to security, where Windows based Firewalls have a better track record, security-wise, than most “hardware” implementations).

But I think there’s light at the end of tunnel. Today’s network admins are smarter than those who “grandfathered” in from the 1990s. Those old timers think in terms of “port opening and closing” and “Windows 95 isn’t secure”. Modern network admins realize that Windows is as secure as you make it and Windows based Firewalls, such as the ISA Firewall, can be as secure, and in most cases, more secure than so-called “hardware” firewalls.

Even more important, the “hardware firewall” hucksters are going to have to deal with changes in the market. One of the Old Chestnuts guys like Blue Coat like to throw at you is that “we have higher performance because we’re purpose built”. My ass. If I create a white box solution with a dual die, 4-way per die, making for an 8 way box, I’ll wipe out any fantasized performance advantages that the Blue Coat box might have, and I’ll be able to do it at about half the price and not pay PHAT margins to the sales guys who supply me with a load of bull about their relative performance, reliability and security when compared to Windows.

For another excellent perspective on the “hardware appliance” smoke and mirror show, check out Why appliances are dinosaurs at http://www.theconvergingnetwork.com/2006/11/why_ap...s.html

HTH,

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)