Re: Use of L2TP in isolated W2K3 AD
From: Joshua Feek (jfeek_at_yahoo.com.au)
Date: 06/09/04
- Previous message: Milos Puchta: "Use of L2TP in isolated W2K3 AD"
- In reply to: Milos Puchta: "Use of L2TP in isolated W2K3 AD"
- Next in thread: Fabrice Aubry: "RE: Use of L2TP in isolated W2K3 AD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 9 Jun 2004 12:26:32 +0100 (BST) To: Milos Puchta <puchta@cslab.felk.cvut.cz>, focus-ms@securityfocus.com
It might be difficult to strategise all the
configurations but start with using IPSEC. All domain
members get a GPO config which forces down a machine
cert. Use IPSEC rules to filter traffic to only
machine cert based authentication. All other non cert
based traffic is denied. How complex your environment
is will determine how much effort is required but
there is nothing to stop you enabling IPSEC based
connectivity between all domain members via GPO
therefore stopping all traffic from non domain members
from reaching any domain member. Just a starting point
to use the technology you alrady have and is freely
available with what you own
Josh
--- Milos Puchta <puchta@cslab.felk.cvut.cz> wrote: >
1.
> Imagine a large network that is more or less opened
> to the Internet.
> I mean that there is packet filtering for some
> ports, one subnet
> is blocked from the access from the Internet but due
> to the routing
> between subnets all subnets are opened....
>
> 2.
> I can do nothing as to the changes in the structure
> of LAN :-(((
> except asking for blocking direct access to the
> selected computers.
> (No private LAN for private range of ip, no
> blocking routing,... :-(( ...)
>
> 3.
> There are various services and operating system on
> the LAN,
> including Windows, FreeBSD, Novell, SUN,VMS etc
>
> 4.
> I "develop" and maintain Active Directory (Windows
> 2003 Server and Windows
> XP Professional) in this structure. Windows XP
> clients should reach
> data on various system (data and licenses on license
> servers).
>
> Because of security problems I consider the
> isolation of domain controllers
> behind
> internal ISA firewall and Windows clients would use
> L2TP protocol, as if
> they were
> accessing domain controllers and file servers from
> the Internet.
> Is this solution in my case?
>
> Thanks for your opinion and qualified guess.
>
> Regards,
> Milos
>
>
>
---------------------------------------------------------------------------
>
---------------------------------------------------------------------------
>
____________________________________________________________
Yahoo! Messenger - Communicate instantly..."Ping"
your friends today! Download Messenger Now
http://uk.messenger.yahoo.com/download/index.html
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Milos Puchta: "Use of L2TP in isolated W2K3 AD"
- In reply to: Milos Puchta: "Use of L2TP in isolated W2K3 AD"
- Next in thread: Fabrice Aubry: "RE: Use of L2TP in isolated W2K3 AD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
