RE: FW: block internet at two workstations [security-basics-return-19403-danf=clearnetwork.com () securityfocus com in Pass-Through List]

["Tim Laureska" <hometeam () goeaston net>]

Unfortunately the two machines that are to not have internet access are
W98 boxes... 

interesting thing though... I called both Netgear and Linksys and both
said none of their broadband routers filter by MAC or IP... I found that
hard to believe and contacted my ISP... A guy their said hogwash... he's
going to show me how do to it on a netgear FVS318


-----Original Message-----
From: Lee Burleson [mailto:lburleso () hotmail com] 
Sent: Wednesday, May 07, 2003 11:44 AM
To: danf () clearnetwork com
Cc: hometeam () goeaston net
Subject: Re: FW: block internet at two workstations
[security-basics-return-19403-danf=clearnetwork.com () securityfocus com in
Pass-Through List]

That was a good suggestion, IMO.

If the security is set up properly on the workstations, the users should
not 
have permissions to modify the default gateway or set static routes.

However if, for some reason, you have a proxy server that is on the
local 
network, the user would still be able to point the browser at it and be
home 
free.  To solve this, you would set permanant static routes that nullify

that kind of access.  Again, user privliges will not allow modification
of 
your changes.

Heck, if you don't have local resources that the machines need to
access, 
you could just disable the NIC!  Or even remove it!

- Lee


> > -----Original Message-----
> > From: Lucas Zaichkowsky [mailto:Lucas () dnsys com]
> > Sent: Tuesday, May 06, 2003 13:16
> > To: Tim Laureska; security-basics
> > Subject: RE: block internet at two workstations
> >
> >
> > Assuming the users know nothing about networking, simply
> > remove the default
> > gateway from those two workstations.
> >
> > -Lucas
> >
> >
> > -----Original Message-----
> > From: Tim Laureska [mailto:hometeam () goeaston net]
> > Sent: Tuesday, May 06, 2003 6:01 AM
> > To: security-basics
> > Subject: block internet at two workstations
> >
> >
> > I'm working with a small (10 user network) with a netgear FVS318
> > firewall, accessing the internet via cable modem.. The client wants
to
> > block internet access at two workstations.  I don't see anything
> > available within the firewall documentation/configuration that would
> > address this.  What is the best and easiest way to do this ...easy
and
> > best may be a contradiction :-)
> >
> > TIA
> > Tim

_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail


------------------------------------------------------------------------
---
FastTrain has your solution for a great CISSP Boot Camp. The industry's
most 
recognized corporate security certification track, provides a
comprehensive 
prospectus based upon the core principle concepts of security. This ALL
INCLUSIVE curriculum utilizes lectures, case studies and true hands-on
utilization 
of pertinent security tools. For a limited time you can enter for a
chance 
to win one of the latest technological innovations, the SEGWAY HT. 
Log onto http://www.securityfocus.com/FastTrain-security-basics 
------------------------------------------------------------------------
----






---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most 
recognized corporate security certification track, provides a comprehensive 
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case 
studies and true hands-on utilization 
of pertinent security tools. For a limited time you can enter for a chance 
to win one of the latest technological innovations, the SEGWAY HT. 
Log onto http://www.securityfocus.com/FastTrain-security-basics 
----------------------------------------------------------------------------