RE: GPO that forces users to use a proxy server.

leomail04-focusms_at_yahoo.es
Date: 11/02/04

  • Next message: Nelson Brandon: "AW: Remove "Shutdown" command from w2k PCs but enable restart"
    Date: Tue, 2 Nov 2004 15:30:38 +0100 (CET)
    To: focus-ms@securityfocus.com
    
    

    Hi Ryan,

    I think one of the best approaches to resolve your
    problem is the one pointed by Jim Harrison, using a
    .pac file, that way whatever “browser” (ie, mozilla…)
    your company uses, you can have automatic configured
    the proxy when they are at your LAN and this will be
    disabled when they are outside since this file wont be
    reachable.

    (You can have the file in a web server inside your
    network and configure the browsers like this in the
    “automatic proxy configuration url tab”)

    https://intranet/proxy.pac

    -------- Surfing the Internet trough outside networks,
    why not? -------

    My personal point of view is that is useless to force
    your laptops to get trough your VPN just to surf the
    web when they are at home or on the road. It’s much
    solid to have good policies, a good antivirus and
    firewall in every laptop (plus education to users) and
    also considerer to assign a special PVLAN in the
    office to this “less trusted computers” and take
    special care of this segment.

    Other way is easily:

    1) To figure out how to get on the net when they are
    outside,
    2) They might not surf the web (at first) but get
    connected to untrusted networks and get infected /
    exposed.
    3) You are going to allow then to get to others
    networks since you want them to get to your VPN, so
    first they need to get on a network
    4) Not always is possible to get to the VPN using
    IPSec.

    Regards
    Leo

                    
    ______________________________________________
    Renovamos el Correo Yahoo!: ¡100 MB GRATIS!
    Nuevos servicios, más seguridad
    http://correo.yahoo.es

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Nelson Brandon: "AW: Remove "Shutdown" command from w2k PCs but enable restart"