Re: IAS gurus?
From: Daniel Billingsley (dbillingsley_at_NO.durcon.SPAAMM.com)
Date: 04/25/03
- Next message: Patty: "Password"
- Previous message: Keith W. McCammon: "Re: SPAM"
- In reply to: Mark: "IAS gurus?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 25 Apr 2003 10:35:12 -0400
First, it's ISA not IAS. :)
And yes it will do what you want quite easily. You would also get some
additional benefits which you may not need, like firewall capabilities and
ability to log users' internet access (where and when they went).
"Mark" <mwilson@cahga.com> wrote in message
news:076601c30a5d$8488cce0$a401280a@phx.gbl...
> ENVIRONMENT:
> Single Win2K AD domain
> 100 XP clients
>
> OBJECTIVE:
> To restrict outgoing http traffic- 3 groups
>
> FullAccess
> LimitedAccess (allowed to access only certain pre-
> defined/configured sites)
> NoAccess
>
> I can do "authentication" on our firewall, but then I
> would have to create/maintain an additional user
> database. I can configure the firewall
> to send authentication requests to a Radius server.
> However, in both these scenarios users would need to
> authenticate to the firewall via a java
> applet, which MUST remain open (or internet access is cut
> off).
>
> A third option that was vaguely recommended was to set up
> an IAS server & proxy Internet usage from there.
>
> QUESTIONS:
>
> Is just setting up IAS/proxy sufficient to meet my
> objecive? Can I control internal internet access,
> configuring the IAS server to proxy http connection
> attmepts based on user authenticatino? Is this
> over-kill?
>
> ANY RECOMMENDATIONS FOR MEETING THE OBJECTIVE GREATLY
> APPRECIATED!
>
> Thanks upfront,
> Mark
>
- Next message: Patty: "Password"
- Previous message: Keith W. McCammon: "Re: SPAM"
- In reply to: Mark: "IAS gurus?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
