RE: How ISA rule base works and how to bind users IP with MAC.
From: David Lee Steele, Jr. (d.steele2@comcast.net)Date: 10/23/02
- Previous message: Aristides Taveras: "RE: How ISA rule base works and how to bind users IP with MAC."
- In reply to: Tiger: "How ISA rule base works and how to bind users IP with MAC."
- Next in thread: Tiger: "RE: How ISA rule base works and how to bind users IP with MAC."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 23 Oct 2002 15:17:35 -0400 From: "David Lee Steele, Jr." <d.steele2@comcast.net> To: tiger@justmailz.com, focus-ms@securityfocus.com
Why don't you enable policies so users can't mess with their IP
addresses?
David
-----Original Message-----
From: Tiger [mailto:tiger@justmailz.com]
Sent: Wednesday, October 23, 2002 10:46 AM
To: security-basics@securityfocus.com; focus-ms@securityfocus.com
Subject: How ISA rule base works and how to bind users IP with MAC.
Hi All,
Microsoft ISA Server¡¦s rule base engine first of all denies all
requests and then allows. This increases complicacy. How this rule
base works is not very clear to me. First of all implicitly it denies
all request given in rule base, than allows explicitly allowed rules
and rest deny all.
When it says allow explicitly allowed rules, then what does it mean?
How it picks rules and what would be the sequence?
1. Access Policy
Site and Content Rules
Packet Filters
2. Publishing Rule
Web Publishing
Server Publishing
I can¡¦t understand logic behind Microsoft¡¦s such design, why not
simple rule base like checkpoint or any other firewall.
I have ISA Server Installed. Only selected LAN users are allowed to
access Internet. It¡¦s authenticating users from Domain Controller.
Here my requirement is to allow selected LAN users to access Internet
only from their machine. I have tried allowing them through two ways
1.IP Basis 2.User Basis but both has its limitations
1. IP based: a user can ask or guess someone¡¦s IP and put in his
machine and get access when allowed machine is powered off or NIC is
disabled.
2. User based: Passwords can be shared among users and they can
access Internet from any machine.
There should be some way in Domain Controller to bind user¡¦s access
from their machine or assigned IP only. Any Idea?
OR
Is there any solution in ISA only?
We can reserve IP in DHCP with MAC address and works fine only in the
case when user request DHCP to release IP.
I mean when user select option to ¡§Obtain IP address automatically¡¨
If he assign IP manually then he can enter into domain and access
internet. My purpose can be solved if I get any way to restrict him
to domain.
My friend has cable connection. His machine is not into domain. He is
getting access through MAC + IP address only. Coz of some reason if
he changes MAC or IP his internet doesn¡¦t works.
Any suggestion most welcome ļ
Cheers!
Tiger
______________________________________________________________________
Get Free POP & IMAP Email Accounts on www.justmailz.com !
Quote : "All life is an experiment."
______________________________________________________________________
Get Free POP & IMAP Email Accounts on www.justmailz.com !
Quote : "Our character is what we do when we think no one is looking."
- application/x-pkcs7-signature attachment: smime.p7s
- Previous message: Aristides Taveras: "RE: How ISA rule base works and how to bind users IP with MAC."
- In reply to: Tiger: "How ISA rule base works and how to bind users IP with MAC."
- Next in thread: Tiger: "RE: How ISA rule base works and how to bind users IP with MAC."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
