RE: Using IPSEC to block IP
From: Jeroen Beekhuis (j.beekhuis@uci.kun.nl)Date: 08/21/01
- Previous message: Pascal Rossillon: "RE: strange file security properties"
- Maybe in reply to: Tom Geldner: "Using IPSEC to block IP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Jeroen Beekhuis" <j.beekhuis@uci.kun.nl> To: "'Tom Geldner'" <tom@xor.cc>, <wb4-users@forums.chatspace.com> Subject: RE: Using IPSEC to block IP Date: Tue, 21 Aug 2001 11:31:55 +0200 Message-ID: <11673C05E27BD311945000508B2C1DF99CCDB9@kunuci05.uci.kun.nl>
> I want to be able to block two static IPs from being able to transact
> anything with either IIS or WebBoard. I know I can do it internally on
> IIS but WebBoard doesn't have any built-in IP filtering (that
> I'm aware
> of). So I'd prefer to do both at once on a lower level.
>
> So it sounds like IPSEC is the way to go. Help?
>
> Tom
>
Hi Tom,
I use the IPSec settings to assign complete packet filter settings to a hurd
of Win2K webservers, using active dir policies. It's a bit tricky at first,
but now I could block a host or subnet and have al systems apply the new
settings within a minute. The settings I use apply to normal IP traffic,
using IPSec encyption is an option.
You DO need an Active Direcotry in place, otherwise centralized policies
won't work. If you dont't, using local policies should also do the trick.
Since this built-in mechanism doesn't log anything, we use snort as an IDS
(on Win2K) for that.
Jeroen Beekhuis.
- Previous message: Pascal Rossillon: "RE: strange file security properties"
- Maybe in reply to: Tom Geldner: "Using IPSEC to block IP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
