Re: FW: Something new?
From: crawford charles (biv0uac17@hotmail.com)
Date: 04/23/03
- Previous message: Juan Carlos: "Re: Comparison of Web Servers"
- Maybe in reply to: Steve S: "Something new?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "crawford charles" <biv0uac17@hotmail.com> To: jbodisks@yahoo.com Date: Wed, 23 Apr 2003 15:22:42 +0000
Sounds like you want the workstations to be connected through switches which
"participate" in the authentication process, to the extent that the switch
won't allow
the workstation to connect to anything (other than the authentication
device)
until authentication is complete...
I think Cisco has something along those lines, as do some others.
http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a008007f395.html
viz:
http://www.toplayer.com/content/products/others/secure_edge.jsp
C.
>From: Steve S [mailto:jbodisks@yahoo.com]
>Sent: Tuesday, April 22, 2003 11:12 AM
>To: security-basics@securityfocus.com
>Subject: Re: Something new?
>
>
>Thanks for the responses so far but I need to clarify
>that this would be for users accessing NT/2000 servers
>from inside the company not users connecting from over
>the internet. The user is physically inside the
>company sitting at a workstation. They would have one
>point of entry only.
>
>Typical setup - user authenticates to DC
>Internet -- Firewall -- Servers -- Users
>
>Proposed setup - gateway authenticates user to DC
>??? = gateway/authentication server
>Internet -- Firewall -- Servers -- ??? -- Users
>
>
>--- Steve S <jbodisks@yahoo.com> wrote:
> > Trying to figure out if anyone has seen or heard of
> > some type of gateway or method for setting up an OS
> > to
> > be a gateway to authenticate all users before they
> > have access into a NT/2000 network. The thinking
> > behind this would be the end-user would only be able
> > to connect to the internal network through this
> > gateway (i.e. access to all servers and associated
> > ports on the internal network would be blocked until
> > authentication occurred and then you would be
> > restricted by your personal access level). Looking
> > to
> > expose only a single point internally instead of a
> > myriad of servers.
_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*
http://join.msn.com/?page=features/virus
---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts. The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches. Deadline for the best rates is April 25. Register today to
ensure your place. http://www.securityfocus.com/BlackHat-security-basics
----------------------------------------------------------------------------
- Previous message: Juan Carlos: "Re: Comparison of Web Servers"
- Maybe in reply to: Steve S: "Something new?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
