Re: A "secure" Guest account for ISA server
From: BOT House (BOTHouse_at_insight-*-rr-*-com)
Date: 12/15/03
- Next message: Oli Restorick [MVP]: "Re: User Rights to Install Software"
- Previous message: David: "Backdoor.OptixPro.13"
- In reply to: N. Miller: "Re: A "secure" Guest account for ISA server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 15 Dec 2003 12:56:43 -0500
> > The problem is this: management wants to deploy an interior anonymous proxy server, but they want to know who uses it to go
where.
> > Probably 75% of the users will be from trusted domains. It is up to the untrusted domains as to how they will prevent "their"
users
> > from using "our" proxy (yes, it's a political nightmare).
>
> This is a big problem. Your managers want to trust an "untrusted" domain to
> prevent your proxy from being abused? Why don't they just issue blank checks
> to the employees on payday? It is up to the trusted network to prevent
> access by untrusted domains. Period. Otherwise there is no sense in even
> trying to secure the proxies.
>
Um, we are not trying to secure the proxy. We are offering everyone unlimited Internet access whether we trust them or not and
whether their department heads like it or not. It is our mandate. It is a function we must perform.
That's not the problem. The problem is, for those users we CAN authenticate, how do we do that without a Guest account on ISA
server? Can't be done, unless you consider a person is authenticated by his/her IP address, which is nonsense.
And as far as the paychecks go, the Printers Union won't let us do that.
- Next message: Oli Restorick [MVP]: "Re: User Rights to Install Software"
- Previous message: David: "Backdoor.OptixPro.13"
- In reply to: N. Miller: "Re: A "secure" Guest account for ISA server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
