Re: What needs to talk to my systems?

From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
Date: Mon, 25 Sep 2006 06:51:44 -0700

"TwistedPair" <twistedpair@xxxxxxxx> wrote in message
news:%23H%23pDqE4GHA.4820@xxxxxxxxxxxxxxxxxxxxxxx

All,
Is there a way to run something on a server that continuously monitors
which computers talk to it and compile a list of those computers over
time? Example: I'd like to lock down a list of computers, however I want
to be sure that I know what is accessing those machines. Once I get that
list, I take it to people who would know for sure which ones are okay, and
which ones aren't, and I can lock stuff down appropriately. I am mostly
concerned about connections that require domain authentication, although
other types of traffic would be nice as well. The point is to lock stuff
down, but not to the extent that it denies legitimate traffic.

-P

I think there is one big problem in your interesting approach.
How long do you watch before configuring the minimal net exposure?

I have a workstation joined to your domain. I work 70 hour weeks,
but still have not had need to access the DFS root directly, or to access
the employee info shared off the HR employee services server (been too
busy). Now, I try and cannot. What's with that?

Network exposure minimization is more often done prescriptively.
This machine is supposed to allow A, B, and C. For each of those
there is an "allowed to", and an "also requires". The "also requires"
would often be such as "authentication communications with DC of
all account domain in the forest". One of the "supposed to allow"s
needs to be "allow proper behaviors as member server in domain"
but most are things like "allow tcp 80/443 to internal IPs and VPN"

Roger

.

Follow-Ups:
- Re: What needs to talk to my systems?
  - From: TwistedPair

References:
- What needs to talk to my systems?
  - From: TwistedPair

Prev by Date: Digital signature, USB tokens and terminal services
Next by Date: Re: WebDav, https and Encrypted file system
Previous by thread: What needs to talk to my systems?
Next by thread: Re: What needs to talk to my systems?
Index(es):
- Date
- Thread

Relevant Pages

Re: What needs to talk to my systems?
... I'd definitely monitor for ... Is there a way to run something on a server that continuously monitors ... which computers talk to it and compile a list of those computers over ... I'd like to lock down a list of computers, ...
(microsoft.public.windows.server.security)
RE: New Update for #70-299
... > Segment A contains a single server named TestKing1. ... > Segment B contains all other computers, ... > TestKing?s written security policy states that Segment B ... > Updates on all computers in Segment B to use ...
(microsoft.public.cert.exam.mcse)
Help with 070-217
... The network contains 25,000 computers. ... single Windows 2000 domain named research.contoso.com. ... Server computers that are configured as domain controllers. ...
(microsoft.public.cert.exam.mcse)
Re: Help with 070-217
... The network contains 25,000 computers. ... > single Windows 2000 domain named research.contoso.com. ... > Server computers that are configured as domain controllers. ...
(microsoft.public.cert.exam.mcse)
RE: Help with 070-217
... The network contains 25,000 computers. ... > single Windows 2000 domain named research.contoso.com. ... > Server computers that are configured as domain controllers. ...
(microsoft.public.cert.exam.mcse)