Firewall Wizards mailing list archives

RE: regarding poduct

From: "J B" <bolesjb () yahoo com>
Date: Sat, 17 Mar 2001 10:57:58 -0700

Sathya,

There are some products available specifically for integrating this type of
flexibility into environments, it just depends on how much you're willing to
pay for them.  For NT centric solutions (with the possibility of
extensibility covering some unix functionality) you might look at the
development possibilities surround Internet Dynamic's Conclave Policy
Server.  That's a relatively cheap solution, but would take some doing on
your end to integrate.  ID has just been bought by RedCreek by the way, but
it appears as if they'll keep offering Conclave for a while, although I
suspect they'll eventually integrate it into their E-Director
product/topology.

That brings to mind, that you might consider establishing this access
through a locked down VPN setup.  A good policy based VPN setup would
compartmentalize your access control to resources, and likely give you much
more granular control.

Or you could go some direction like Access360.  I suspect you could
implement that product to do anything you wanted to for not much more
expense than the GNP of several small nations.  Similarly, there are even
CRM products which could give you killer functionality and meet your needs,
like Pivotal's Customer Hub.  But all of these, for what you've described,
are kind of like having to conduct a DNA analysis to get through the front
door of your house.

But there's a bunch of this kind of stuff around.  IMHO, sounds to me like
you need to better define what specifically you need first, and step back
and look at the best way to implement them in a robust environment.  Sounds
like the direction you're going, like Rip Loomis said, is not a good idea
for an environment you intend to go somewhere in the future.

JB.

Message: 4
From: "Loomis, Rip" <GILBERT.R.LOOMIS () saic com>
To: 'sathyanarayanan' <satsv55 () yahoo com>
Cc: firewall-wizards () nfr com
Subject: RE: [fw-wiz] regarding poduct
Date: Thu, 15 Mar 2001 18:22:40 -0500
charset="iso-8859-1"

The solution would appear to be:
1.  Have a database indicating which accounts
    are paid up, and their expiry date.  Be
    able to export the list of "newly expired
    users" every night at 1 AM (for example).

2.  Every night at 2 AM (for example) have a
    script run under cron (or the NT equivalent
    service) that locks all the newly expired
    accounts.

A better variation would be for the locking
routine to actually query for account status
in real time, and get a list of all valid
account names (from the payment database) and
their status.  Then the locking routine could
review all the accounts in existence and take
one of the three following actions:
1.  Account is valid and paid up - no action
2.  Account is valid but expired - lock it
3.  Account is invalid - call in the cavalry
    to investigate unusual event.

I could write such a setup, with Perl scripts
and .dbm files for the backend and a web
administrative front end, in a couple
of hours and test it in a couple of days.
So could any good UNIX system administrator,
and you could do similar if not identical
things using Microsoft tools.

I must say as an editorial comment (and I would
feel obliged to point this out to a customer
as well) that this is a crappy business model
and I hope you aren't depending on this as
your principal revenue...but I hope this helps.

Rip Loomis              Voice Number: (410) 953-6874
--------------------------------------------------------
Senior Security Engineer
Center for Information Security Technology
Science Applications International Corporation
http://www.cist.saic.com

-----Original Message-----
From: sathyanarayanan [mailto:satsv55 () yahoo com]
Sent: Tuesday, March 13, 2001 11:54 PM
To: John Adams; firewall-wizards () nfr com
Subject: Re: [fw-wiz] regarding poduct

hi John,
   i had little bit phrased the question wrongly,
  it is not webserver, but getting into the internal
network itself.(as we normally map a drive or space to
someother guy from our system , giving right for him
to use in our computer.)
Likewise the client would be given right to somespace
for accessing his files stored by us , inside our
network , for a stipulated lease period.
   when the period expired he should pay again to get
the rights to access the files.I am just wondering
whether there is any software that would do
automatically disabiling the client when the lease
period expires.
 thanks
yours
sathya

http://www.nfr.com/mailman/listinfo/firewall-wizards



_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

regarding poduct sathyanarayanan (Mar 11)
- Re: regarding poduct John Adams (Mar 13)
  - Re: regarding poduct sathyanarayanan (Mar 14)
- <Possible follow-ups>
- RE: regarding poduct Loomis, Rip (Mar 16)
- RE: regarding poduct J B (Mar 18)