RE: [fw-wiz] ISA and Authentication Question...
From: Wes Noonan (mailinglists_at_wjnconsulting.com)
Date: 07/21/04
- Previous message: Marcus J. Ranum: "Re: [fw-wiz] iso 17799"
- In reply to: Mark: "Re: [fw-wiz] ISA and Authentication Question..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Mark'" <firewalladmin@bellsouth.net> Date: Wed, 21 Jul 2004 15:42:28 -0500
In lab testing it looks like the firewall client does it. Of course, the
customer can't install the firewall client everywhere so... ;-)
Thanks!!
Wes Noonan
mailinglists@wjnconsulting.com
http://www.wjnconsulting.com
Hardening Network Infrastructure - A concise how to guide
Available Now!!
Order at http://tinyurl.com/5852c
> -----Original Message-----
> From: firewall-wizards-admin@honor.icsalabs.com [mailto:firewall-wizards-
> admin@honor.icsalabs.com] On Behalf Of Mark
> Sent: Wednesday, July 21, 2004 05:56
> To: wnoonan@colltech.com
> Cc: Firewall Wizards Mailing List
> Subject: Re: [fw-wiz] ISA and Authentication Question...
>
> I'm not sure how that would/could be done, a lot may depend on the
> client (firewall client, secure NAT client, web proxy or all 3) but if
> the noble members of this list don't know I would post the question on
> www.isaserver.org. I literally cut my ISA Teeth on that site and was
> never disappointed.
>
> >(oh, and for those wondering why you would want to do this... I
> >dunno... customers... what can you do? :-))
>
> I can think of a reason. There are a few folks on my network that like
> to use a local admin account all day and bypass login scripts and such
> when they use domain accounts (which make them only users on their
> machines). They inherited, by bad policy, local admin rights before I
> started working there and you know how hard it is to take away something
> they have always had. This would make it a real pain for them and
> probably force them to log into the domain like everyone else.
>
> Mark
>
>
> On Tue, 2004-07-20 at 22:00, Wes Noonan wrote:
> > Got a strange question on ISA and authentication of users browsing the
> > Internet.
> >
> > Is it possible to prevent ISA from prompting for a username when a user
> logs
> > onto the workstation using a local user account? By default ISA prompts
> for
> > authentication if integrated authentication fails. In this case, we want
> ISA
> > to simply not permit the connection at all without prompting.
> >
> > I'm open to third party tools as well (I think Websense, etc. can do
> this
> > based on testing with other firewalls).
> >
> > TIA.
> >
> > (oh, and for those wondering why you would want to do this... I dunno...
> > customers... what can you do? :-))
> >
> > Wes Noonan
> > Senior Network Consultant
> > 832-563-3698
> > "Hardening Network Infrastructure"
> > A concise guide to securing your network
> > Available now at http://tinyurl.com/5852c
> >
> >
> >
> > _______________________________________________
> > firewall-wizards mailing list
> > firewall-wizards@honor.icsalabs.com
> > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Marcus J. Ranum: "Re: [fw-wiz] iso 17799"
- In reply to: Mark: "Re: [fw-wiz] ISA and Authentication Question..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
