Re: Host based IP ACL like TCPWrapper or IP_Filter, but for NT?

[Bill_Royds () pch gc ca]

"Alan Morewood" <morewood () on bell ca> on 05/26/99 01:41:09 PM

Please respond to "Alan Morewood" <morewood () on bell ca>

To:   firewall-wizards () nfr net
cc:    (bcc: Bill Royds/HullOttawa/PCH/CA)
Subject:  Host based IP ACL like TCPWrapper or IP_Filter, but for NT?




Does anyone have ideas as to a feasible solution for doing IP ACL
restrictions on a DMZ host?  Or does this seem excessive considering
2-factor authentication is to be used.

details as follows:

<snip a good explanaition of the situation>

NT has no direct IP_Filter equivalent, although there is at least one option
of which I am aware.


---------------------------------------------




NT has the ability to restrict ports that can be used by machine in Control
Panel/Networks/Protocols/Advanced settings.

As well, have you looked at things like the ConSeal firewall
(http://www.signal.com) whcih fit between the Ethernet layer and TCP/IP stack to
enforce a security policy?
THis would seem like the closest to TCPWrappers for NT and it even validates
UDP/ICMP as well.