RE: FW: block internet at two workstations [security-basics-return-19403-danf=clearnetwork.com@securityfocus.com in Pass-Through List]

From: Tim Laureska (hometeam_at_goeaston.net)
Date: 05/08/03

Next message: sjm: "[Security Basics] Portsentry and Snort"

Previous message: Jason Burroughs: "Re: some permission problem?"
In reply to: Lee Burleson: "Re: FW: block internet at two workstations"
Next in thread: Tim Laureska: "RE: block internet at two workstations"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Lee Burleson'" <lburleso@hotmail.com>
Date: Thu, 8 May 2003 04:32:24 -0400

Unfortunately the two machines that are to not have internet access are
W98 boxes...

interesting thing though... I called both Netgear and Linksys and both
said none of their broadband routers filter by MAC or IP... I found that
hard to believe and contacted my ISP... A guy their said hogwash... he's
going to show me how do to it on a netgear FVS318

-----Original Message-----
From: Lee Burleson [mailto:lburleso@hotmail.com]
Sent: Wednesday, May 07, 2003 11:44 AM
To: danf@clearnetwork.com
Cc: hometeam@goeaston.net
Subject: Re: FW: block internet at two workstations
[security-basics-return-19403-danf=clearnetwork.com@securityfocus.com in
Pass-Through List]

That was a good suggestion, IMO.

If the security is set up properly on the workstations, the users should
not
have permissions to modify the default gateway or set static routes.

However if, for some reason, you have a proxy server that is on the
local
network, the user would still be able to point the browser at it and be
home
free. To solve this, you would set permanant static routes that nullify

that kind of access. Again, user privliges will not allow modification
of
your changes.

Heck, if you don't have local resources that the machines need to
access,
you could just disable the NIC! Or even remove it!

- Lee

> > -----Original Message-----
> > From: Lucas Zaichkowsky [mailto:Lucas@dnsys.com]
> > Sent: Tuesday, May 06, 2003 13:16
> > To: Tim Laureska; security-basics
> > Subject: RE: block internet at two workstations
> >
> >
> > Assuming the users know nothing about networking, simply
> > remove the default
> > gateway from those two workstations.
> >
> > -Lucas
> >
> >
> > -----Original Message-----
> > From: Tim Laureska [mailto:hometeam@goeaston.net]
> > Sent: Tuesday, May 06, 2003 6:01 AM
> > To: security-basics
> > Subject: block internet at two workstations
> >
> >
> > I'm working with a small (10 user network) with a netgear FVS318
> > firewall, accessing the internet via cable modem.. The client wants
to
> > block internet access at two workstations. I don't see anything
> > available within the firewall documentation/configuration that would
> > address this. What is the best and easiest way to do this ...easy
and
> > best may be a contradiction :-)
> >
> > TIA
> > Tim

_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail

------------------------------------------------------------------------

---
FastTrain has your solution for a great CISSP Boot Camp. The industry's
most 
recognized corporate security certification track, provides a
comprehensive 
prospectus based upon the core principle concepts of security. This ALL
INCLUSIVE curriculum utilizes lectures, case studies and true hands-on
utilization 
of pertinent security tools. For a limited time you can enter for a
chance 
to win one of the latest technological innovations, the SEGWAY HT. 
Log onto http://www.securityfocus.com/FastTrain-security-basics 
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most 
recognized corporate security certification track, provides a comprehensive 
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization 
of pertinent security tools. For a limited time you can enter for a chance 
to win one of the latest technological innovations, the SEGWAY HT. 
Log onto http://www.securityfocus.com/FastTrain-security-basics 
----------------------------------------------------------------------------

Next message: sjm: "[Security Basics] Portsentry and Snort"

Previous message: Jason Burroughs: "Re: some permission problem?"
In reply to: Lee Burleson: "Re: FW: block internet at two workstations"
Next in thread: Tim Laureska: "RE: block internet at two workstations"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: block internet at two workstations
... Don't netgear has a filter based on ip address? ... > recognized corporate security certification track, ... This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization ...
(Security-Basics)
Re: Southwest Airlines - 2 seats together
... > So if you don't have Internet access at the time, ... Screening all the employees meant that fewer revenue passengers would ... be put through the process at the gate. ... security, but with no actual *improvement* in security. ...
(rec.travel.air)
RE: p2p and ISA
... allow the user to install the application. ... > recognized corporate security certification track, ... This ALL INCLUSIVE curriculum utilizes lectures, ... For a limited time you can enter ...
(Focus-Microsoft)
RE: Share Point?
... Sharepoint actually has the ability to use either Domain logins or locally ... Has anyone here tested Share Point's security? ... >INCLUSIVE curriculum utilizes lectures, ... For a limited time you can enter for a chance ...
(Focus-Microsoft)
Re: GUIs for Win32 Snort?
... Do you Yahoo!? ... > recognized corporate security certification track, ... > of pertinent security tools. ... This ALL INCLUSIVE curriculum utilizes ...
(Security-Basics)