Security Basics mailing list archives
RE: Something new?
From: "Trevor Cushen" <Trevor.Cushen () sysnet ie>
Date: Wed, 23 Apr 2003 10:25:23 +0100
I still think the application proxy is your answer. User --- Login to Proxy box ------ servers (available only if proxy provides service based on login)----firewall ---internet A unix machine (linux?) with a password file such as Username:password:5:3:Description:/usr/homeDirectory:/bin/delegate -f conf-file for this user Assuming you are using the delegate program I sent the link for. I am sure other products would offer something similar. I have seen terminal services used for this purpose also with much success especially if it is all internal, so bandwidth should not be a problem. In fact would most likely be easier to set up. My two cents for what it's worth. Please post your progress as it is an interesting one. Regards Trevor Cushen -----Original Message----- From: Steve S [mailto:jbodisks () yahoo com] Sent: 22 April 2003 16:12 To: security-basics () securityfocus com Subject: Re: Something new? Thanks for the responses so far but I need to clarify that this would be for users accessing NT/2000 servers from inside the company not users connecting from over the internet. The user is physically inside the company sitting at a workstation. They would have one point of entry only. Typical setup - user authenticates to DC Internet -- Firewall -- Servers -- Users Proposed setup - gateway authenticates user to DC ??? = gateway/authentication server Internet -- Firewall -- Servers -- ??? -- Users --- Steve S <jbodisks () yahoo com> wrote:
Trying to figure out if anyone has seen or heard of some type of gateway or method for setting up an OS to be a gateway to authenticate all users before they have access into a NT/2000 network. The thinking behind this would be the end-user would only be able to connect to the internal network through this gateway (i.e. access to all servers and associated ports on the internal network would be blocked until authentication occurred and then you would be restricted by your personal access level). Looking to expose only a single point internally instead of a myriad of servers. __________________________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo http://search.yahoo.com
__________________________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo http://search.yahoo.com ------------------------------------------------------------------------ --- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-security-basics ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-security-basics ----------------------------------------------------------------------------
Current thread:
- Re: Something new?, (continued)
- Re: Something new? stefmit (Apr 22)
- Re: Something new? Juan Carlos (Apr 23)
- RE: Something new? Fred Dirkse - OIC Group, Inc. (Apr 24)
- Re: Something new? qtrang (Apr 22)
- RE: Something new? Cabrera, Nestor (Contractor) (Apr 22)
- RE: Something new? Trevor Cushen (Apr 22)
- Re: Something new? Steve S (Apr 22)
- RE: Something new? Gwydion Mine (Apr 22)
- RE: Something new? Trevor Cushen (Apr 22)
- Re: Something new? James Lee Gromoll (Apr 23)
- RE: Something new? Trevor Cushen (Apr 23)
- Re: FW: Something new? crawford charles (Apr 23)