'Re: FW: Something new?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-basics
Subject:    Re: FW: Something new?
From:       "crawford charles" <biv0uac17 () hotmail ! com>
Date:       2003-04-23 15:22:42
[Download RAW message or body]

Sounds like you want the workstations to be connected through switches which
"participate" in the authentication process, to the extent that the switch 
won't allow
the workstation to connect to anything (other than the authentication 
device)
until authentication is complete...

I think Cisco has something along those lines, as do some others.
    
http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a008007f395.html


viz:
    http://www.toplayer.com/content/products/others/secure_edge.jsp

C.

> From: Steve S [mailto:jbodisks@yahoo.com]
> Sent: Tuesday, April 22, 2003 11:12 AM
> To: security-basics@securityfocus.com
> Subject: Re: Something new?
> 
> 
> Thanks for the responses so far but I need to clarify
> that this would be for users accessing NT/2000 servers
> from inside the company not users connecting from over
> the internet.  The user is physically inside the
> company sitting at a workstation.  They would have one
> point of entry only.
> 
> Typical setup - user authenticates to DC
> Internet -- Firewall -- Servers -- Users
> 
> Proposed setup - gateway authenticates user to DC
> ??? = gateway/authentication server
> Internet -- Firewall -- Servers -- ??? -- Users
> 
> 
> --- Steve S <jbodisks@yahoo.com> wrote:
> > Trying to figure out if anyone has seen or heard of
> > some type of gateway or method for setting up an OS
> > to
> > be a gateway to authenticate all users before they
> > have access into a NT/2000 network.  The thinking
> > behind this would be the end-user would only be able
> > to connect to the internal network through this
> > gateway (i.e. access to all servers and associated
> > ports on the internal network would be blocked until
> > authentication occurred and then you would be
> > restricted by your personal access level).  Looking
> > to
> > expose only a single point internally instead of a
> > myriad of servers.

_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*  
http://join.msn.com/?page=features/virus


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place.  http://www.securityfocus.com/BlackHat-security-basics 
----------------------------------------------------------------------------


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic