Security Basics mailing list archives
Fw: Re: DHCP
From: "( ( ( belly ) ) )" <belly () yahoo com>
Date: Fri, 22 May 2009 18:12:50 -0700 (PDT)
i had this problem last time, to prevent anyone that is not authenticated in a win2008 domain to access any of company resources. my solution was to install an ISA proxy server that taking the authentication from active directory. therefore, only authenticated user is able to connect the network resources through this proxy. in other server such as web, mail server, application server, i just only allowed ip address of isa/proxy to access. so even an unauthorized client getting ip address from dhcp, they're not allowed to do. may be that can help a bit. Regards, _ _ _ | |__ ___| | |_ _ | '_ \/ _ \ | | | | | | |_) __/ | | |_| | |_.__/\___|_|_|\__, | |___/ Belly Rachdianto Tel:(+62)813-192.168.0.1 (+62)8588-020.9.888 (+60)12-761.20.98
--- On Sat, 5/23/09, auto431078 () hushmail com <auto431078 () hushmail com> wrote:From: auto431078 () hushmail com<auto431078 () hushmail com>Subject: Re: DHCP To: djm () yantarni com gt,security-basics () securityfocus comDate: Saturday, May 23, 2009, 2:47 AM The Windows Server 2008 feature I believe you are referring to is NAP. Another possible solution using native Windows functionality would be Secure Domain Isolation (SDI). SDI isessentiallya liberal application of IPSec policy to prevent computers not authorized to communicate with clients on your network from doing so.____________________________________________________________________________________________ Hi all, I am looking for a way to block any PC that plugs intomynetwork that is not authorized to access any network resources-servers, firewalls, etc. Is there a way in DHCP that I can add reservations just for the PCs that I want to allow the networkresourcesand any other pc/laptop that happens to be plugged into thenetworkeither doesn't get an IP address, gets a dummy IP address,orsomething else? I've heard Windows Server 2008 can do this, butI'mnot sure about 2003. Any suggestions would be greatlyappreciated.Best regards, djm------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP BootCampin both Instructor-Led and Online formats is the mostconcentratedexam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html--------------------------------------------------------------------
---- -- Find toupees to help you look your best! Click now! http://tagline.hushmail.com/fc/BLSrjkqgXEalrEvMZh90maMOTRUChZXD6thOs8NxlLXGBg8nM1UcN4s98MQ/------------------------------------------------------------------------This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP BootCampin both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensivecoursematerials and an expert instructor means you pass theexam.Gain a laser like insight into what is covered on theexam,with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- Re: DHCP, (continued)
- Message not available
- Re: DHCP Shreyas Zare (May 22)
- Re: DHCP Tim Clewlow (May 22)