Re: [fw-wiz] Firewalling at the domain users level instead of network level
From: Paul D. Robertson (paul_at_compuwar.net)
Date: 07/19/04
- Previous message: Devdas Bhagat: "Re: [fw-wiz] Firewalling at the domain users level instead of network level"
- In reply to: Santos: "[fw-wiz] Firewalling at the domain users level instead of network level"
- Next in thread: Melson, Paul: "RE: [fw-wiz] Firewalling at the domain users level instead of network level"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Santos <casd@netvisao.pt> Date: Mon, 19 Jul 2004 14:08:04 -0400 (EDT)
On Sun, 18 Jul 2004, Santos wrote:
> Hi all.
>
>
> I'm implementing a "Windows clients, Linux servers" kind of network.
> Some users may login at different machines, therefore, ip level is not
> enough. I wonder if it's possible to control the access at the "domain
> users" level instead of network or ip level. I could implement some
> proxies, but each client machine had to be configured and that would
> mean extra work. IPtables can filter at the user level, but only with
You could use transparent proxies with user authentication.
> local users. Is there a way to configure iptables and kerberos working
> together or something like that? Is this doable with PAM? I have read
> that SAMBA authenticated gateway HOWTO, but it doesn't look very
> reliable. Well, so basically what i want, is a firewall similar to a ISA
> Server firewall
Um, then you should probably buy ISA- personally, I'd keep it behind
something else, but that's probably my historical paranoia of products
from that vector.
> Any ideas about this would be apreciated, thanks in advance.
If ISA does what you want, then get it- you could do authenticated SOCKS,
or authentication to any other firewall which supports authentication
(heck, even Apache's mod_proxy does authentication)- but if there's a tool
that does what you wish then barring any major issues, you should use that
tool.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Devdas Bhagat: "Re: [fw-wiz] Firewalling at the domain users level instead of network level"
- In reply to: Santos: "[fw-wiz] Firewalling at the domain users level instead of network level"
- Next in thread: Melson, Paul: "RE: [fw-wiz] Firewalling at the domain users level instead of network level"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
