Firewall Wizards mailing list archives
RE: regarding poduct
From: "J B" <bolesjb () yahoo com>
Date: Sat, 17 Mar 2001 10:57:58 -0700
Sathya, There are some products available specifically for integrating this type of flexibility into environments, it just depends on how much you're willing to pay for them. For NT centric solutions (with the possibility of extensibility covering some unix functionality) you might look at the development possibilities surround Internet Dynamic's Conclave Policy Server. That's a relatively cheap solution, but would take some doing on your end to integrate. ID has just been bought by RedCreek by the way, but it appears as if they'll keep offering Conclave for a while, although I suspect they'll eventually integrate it into their E-Director product/topology. That brings to mind, that you might consider establishing this access through a locked down VPN setup. A good policy based VPN setup would compartmentalize your access control to resources, and likely give you much more granular control. Or you could go some direction like Access360. I suspect you could implement that product to do anything you wanted to for not much more expense than the GNP of several small nations. Similarly, there are even CRM products which could give you killer functionality and meet your needs, like Pivotal's Customer Hub. But all of these, for what you've described, are kind of like having to conduct a DNA analysis to get through the front door of your house. But there's a bunch of this kind of stuff around. IMHO, sounds to me like you need to better define what specifically you need first, and step back and look at the best way to implement them in a robust environment. Sounds like the direction you're going, like Rip Loomis said, is not a good idea for an environment you intend to go somewhere in the future. JB. Message: 4 From: "Loomis, Rip" <GILBERT.R.LOOMIS () saic com> To: 'sathyanarayanan' <satsv55 () yahoo com> Cc: firewall-wizards () nfr com Subject: RE: [fw-wiz] regarding poduct Date: Thu, 15 Mar 2001 18:22:40 -0500 charset="iso-8859-1" The solution would appear to be: 1. Have a database indicating which accounts are paid up, and their expiry date. Be able to export the list of "newly expired users" every night at 1 AM (for example). 2. Every night at 2 AM (for example) have a script run under cron (or the NT equivalent service) that locks all the newly expired accounts. A better variation would be for the locking routine to actually query for account status in real time, and get a list of all valid account names (from the payment database) and their status. Then the locking routine could review all the accounts in existence and take one of the three following actions: 1. Account is valid and paid up - no action 2. Account is valid but expired - lock it 3. Account is invalid - call in the cavalry to investigate unusual event. I could write such a setup, with Perl scripts and .dbm files for the backend and a web administrative front end, in a couple of hours and test it in a couple of days. So could any good UNIX system administrator, and you could do similar if not identical things using Microsoft tools. I must say as an editorial comment (and I would feel obliged to point this out to a customer as well) that this is a crappy business model and I hope you aren't depending on this as your principal revenue...but I hope this helps. Rip Loomis Voice Number: (410) 953-6874 -------------------------------------------------------- Senior Security Engineer Center for Information Security Technology Science Applications International Corporation http://www.cist.saic.com
-----Original Message----- From: sathyanarayanan [mailto:satsv55 () yahoo com] Sent: Tuesday, March 13, 2001 11:54 PM To: John Adams; firewall-wizards () nfr com Subject: Re: [fw-wiz] regarding poduct hi John, i had little bit phrased the question wrongly, it is not webserver, but getting into the internal network itself.(as we normally map a drive or space to someother guy from our system , giving right for him to use in our computer.) Likewise the client would be given right to somespace for accessing his files stored by us , inside our network , for a stipulated lease period. when the period expired he should pay again to get the rights to access the files.I am just wondering whether there is any software that would do automatically disabiling the client when the lease period expires. thanks yours sathya http://www.nfr.com/mailman/listinfo/firewall-wizards
_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- regarding poduct sathyanarayanan (Mar 11)
- Re: regarding poduct John Adams (Mar 13)
- Re: regarding poduct sathyanarayanan (Mar 14)
- <Possible follow-ups>
- RE: regarding poduct Loomis, Rip (Mar 16)
- RE: regarding poduct J B (Mar 18)
- Re: regarding poduct John Adams (Mar 13)