Fw: Re: DHCP


i had this problem last time,
to prevent anyone that is not authenticated in a win2008
domain to access any of company resources.

my solution was to install an ISA proxy server that taking
the authentication from active directory. therefore, only
authenticated user is able to connect the network resources
through this proxy.

in other server such as web, mail server, application
server, i just only allowed ip address of isa/proxy to
access. so even an unauthorized client getting ip address
from dhcp, they're not allowed to do.

may be that can help a bit.

Regards,
  _         _ _
| |__  ___| | |_   _
| '_ \/ _ \ | | | | |
| |_)   __/ | | |_| |
|_.__/\___|_|_|\__, |
                |___/

Belly Rachdianto
Tel:(+62)813-192.168.0.1
     (+62)8588-020.9.888
     (+60)12-761.20.98


--- On Sat, 5/23/09, auto431078@xxxxxxxxxxxx
<auto431078@xxxxxxxxxxxx>
wrote:

From: auto431078@xxxxxxxxxxxx
<auto431078@xxxxxxxxxxxx>
Subject: Re: DHCP
To: djm@xxxxxxxxxxxxxxx,
security-basics@xxxxxxxxxxxxxxxxx
Date: Saturday, May 23, 2009, 2:47 AM
The Windows Server 2008 feature I
believe you are referring to is
NAP.

Another possible solution using native Windows
functionality would
be Secure Domain Isolation (SDI).  SDI is
essentially
a liberal
application of IPSec policy to prevent computers not
authorized to
communicate with clients on your network from doing
so. 


____________________________________________________________________
________________________

Hi all,

 

I am looking for a way to block any PC that plugs into
my
network
that is not authorized to access any network
resources-servers,
firewalls, etc. Is there a way in DHCP that I can add
reservations
just for the PCs that I want to allow the network
resources
and any
other pc/laptop that happens to be plugged into the
network
either
doesn't get an IP address, gets a dummy IP address,
or
something
else? I've heard Windows Server 2008 can do this, but
I'm
not sure
about 2003. Any suggestions would be greatly
appreciated.

 

Best regards,

 

djm






--------------------------------------------------------------------
----
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot
Camp
in both
Instructor-Led and Online formats is the most
concentrated
exam
prep available. Comprehensive course materials and an
expert
instructor means you pass the exam. Gain a laser like
insight into
what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html

--------------------------------------------------------------------

----


--
Find toupees to help you look your best! Click now!
  http://tagline.hushmail.com/fc/BLSrjkqgXEalrEvMZh90maMOTRUChZXD6thOs8NxlLXGBg8nM1UcN4s98MQ/



------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot
Camp
in both Instructor-Led and Online formats is the most
concentrated exam prep available. Comprehensive
course
materials and an expert instructor means you pass the
exam.
Gain a laser like insight into what is covered on the
exam,
with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html

------------------------------------------------------------------------





------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------

Relevant Pages

  • Re: proper naming of a domain
    ... The primary reason for not being able to see resources/browse etc during a VPN is that the IPschema of remote network is the same as the LAN that you are connecting to. ... from home I can Connect to the server and it tells me that I am connect to ... resources it tells me that the path cannot be found. ...
    (microsoft.public.windows.server.sbs)
  • Re: XP Networking with NT4 Server
    ... >>>having difficultly connect all the resources on the network. ... Are computers 1,2,3,4,5 all Win98? ... >> using Guest, or non-Guest accounts, on the server? ...
    (microsoft.public.windowsxp.network_web)
  • Re: Intermitant XP Network Problems
    ... they just can't connect resources to each other. ... the list of network PC's, and both PC's are always visible. ... I have a Win2K domain server that 2 XP Pro PC's log into. ... it will lose it's connection again some time in the future ...
    (microsoft.public.windowsxp.network_web)
  • XP Networking with NT4 Server
    ... Connection to Server OK - all directories and files accessible. ... The following additional network resources show on the network but you ...
    (microsoft.public.windowsxp.network_web)
  • Re: Overlap between 290 and 270
    ... > with the fact that planning a network and maintaining a network are ... > I'm not sure the same is true though with client / server interaction. ... Like a puzzle, the exam topics interlock. ...
    (microsoft.public.cert.exam.mcsa)