Security Basics mailing list archives

Re: FW: Something new?

From: "crawford charles" <biv0uac17 () hotmail com>
Date: Wed, 23 Apr 2003 15:22:42 +0000

Sounds like you want the workstations to be connected through switches which

"participate" in the authentication process, to the extent that the switchwon't allowthe workstation to connect to anything (other than the authenticationdevice)

until authentication is complete...

I think Cisco has something along those lines, as do some others.

http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a008007f395.html


viz:
   http://www.toplayer.com/content/products/others/secure_edge.jsp

C.

From: Steve S [mailto:jbodisks () yahoo com]
Sent: Tuesday, April 22, 2003 11:12 AM
To: security-basics () securityfocus com
Subject: Re: Something new?

Thanks for the responses so far but I need to clarify
that this would be for users accessing NT/2000 servers
from inside the company not users connecting from over
the internet.  The user is physically inside the
company sitting at a workstation.  They would have one
point of entry only.

Typical setup - user authenticates to DC
Internet -- Firewall -- Servers -- Users

Proposed setup - gateway authenticates user to DC
??? = gateway/authentication server
Internet -- Firewall -- Servers -- ??? -- Users

--- Steve S <jbodisks () yahoo com> wrote:
> Trying to figure out if anyone has seen or heard of
> some type of gateway or method for setting up an OS
> to
> be a gateway to authenticate all users before they
> have access into a NT/2000 network.  The thinking
> behind this would be the end-user would only be able
> to connect to the internal network through this
> gateway (i.e. access to all servers and associated
> ports on the internal network would be blocked until
> authentication occurred and then you would be
> restricted by your personal access level).  Looking
> to
> expose only a single point internally instead of a
> myriad of servers.


_________________________________________________________________

MSN 8 with e-mail virus protection service: 2 months FREE*http://join.msn.com/?page=features/virus



---------------------------------------------------------------------------

Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, theworld's premier event for IT and network security experts. The two-dayTraining features 6 hand-on courses on May 12-13 taught by professionals.The two-day Briefings on May 14-15 features 24 top speakers with no vendorsales pitches. Deadline for the best rates is April 25. Register today toensure your place. http://www.securityfocus.com/BlackHat-security-basics----------------------------------------------------------------------------

Current thread:

Re: Something new?, (continued)
- Re: Something new? Juan Carlos (Apr 23)
  - RE: Something new? Fred Dirkse - OIC Group, Inc. (Apr 24)
- Re: Something new? qtrang (Apr 22)
- RE: Something new? Cabrera, Nestor (Contractor) (Apr 22)
- RE: Something new? Trevor Cushen (Apr 22)
- Re: Something new? Steve S (Apr 22)
- RE: Something new? Gwydion Mine (Apr 22)
- RE: Something new? Trevor Cushen (Apr 22)
- Re: Something new? James Lee Gromoll (Apr 23)
- RE: Something new? Trevor Cushen (Apr 23)
- Re: FW: Something new? crawford charles (Apr 23)