RE: Something new?

["Trevor Cushen" <Trevor.Cushen () sysnet ie>]

I still  think the application proxy is your answer.


User --- Login to Proxy box ------ servers (available only if proxy
provides service based on login)----firewall ---internet


A unix machine (linux?) with a password file such as 

Username:password:5:3:Description:/usr/homeDirectory:/bin/delegate -f
conf-file for this user

Assuming you are using the delegate program I sent the link for.  I am
sure other products would offer something similar.
I have seen terminal services used for this purpose also with much
success especially if it is all internal, so bandwidth should not be a
problem.  In fact would most likely be easier to set up.

My two cents for what it's worth.

Please post your progress as it is an interesting one.

Regards
Trevor Cushen

-----Original Message-----
From: Steve S [mailto:jbodisks () yahoo com] 
Sent: 22 April 2003 16:12
To: security-basics () securityfocus com
Subject: Re: Something new? 


Thanks for the responses so far but I need to clarify
that this would be for users accessing NT/2000 servers
from inside the company not users connecting from over
the internet.  The user is physically inside the
company sitting at a workstation.  They would have one
point of entry only.

Typical setup - user authenticates to DC
Internet -- Firewall -- Servers -- Users

Proposed setup - gateway authenticates user to DC
??? = gateway/authentication server
Internet -- Firewall -- Servers -- ??? -- Users


--- Steve S <jbodisks () yahoo com> wrote:
> Trying to figure out if anyone has seen or heard of
> some type of gateway or method for setting up an OS
> to
> be a gateway to authenticate all users before they
> have access into a NT/2000 network.  The thinking
> behind this would be the end-user would only be able
> to connect to the internal network through this
> gateway (i.e. access to all servers and associated
> ports on the internal network would be blocked until authentication 
> occurred and then you would be restricted by your personal access 
> level).  Looking to
> expose only a single point internally instead of a
> myriad of servers.
>
> __________________________________________________
> Do you Yahoo!?
> The New Yahoo! Search - Faster. Easier. Bingo http://search.yahoo.com



__________________________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo http://search.yahoo.com

------------------------------------------------------------------------
---
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam,
the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by
professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no
vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today
to 
ensure your place.
http://www.securityfocus.com/BlackHat-security-basics 
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts.  The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches.  Deadline for the best rates is April 25.  Register today to
ensure your place.  http://www.securityfocus.com/BlackHat-security-basics
----------------------------------------------------------------------------