Welcome to ISAserver.org

Your Opinions

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Firewall] >> Access Policies >> Your Opinions

Page: [1]

Message

<< Older Topic Newer Topic >>

Your Opinions - 21.Jan.2007 10:01:43 AM

bradyb

Posts: 11
Joined: 30.Dec.2006
Status: offline

Hi all,

I have just installed ISA 2006 onto our firewall machine and am about to do a restrucure of firewall policies. I just wanted to get your opinions as to what would be most secure and efficient.

There are two user groups, Restricted Users and Admin Users. Restricted users are not allowed to access specific domains/URLs, and they are restricted by a schedule. Admin users have virtually 'unrestricted' access to the internet, all domains, all URLS, 24/7 - no schedule.

For arguments sake 'unrestricted' is not fully what it is. ALL users can only access HTTP, HTTPS, POP3, POP3S, SMPT, SMPTS, PING, FTP and a few other custom defined ports for various business systems. In our MIS departments eyes, this is to prevent applications such as Limewire or Torrent programs running.

Is it just the easiest to create two rules, one for Restricted Users and one for Admin Users? Also would you recommend a rule for all users for DNS traffic from Internal to External and External to Internal and a rule for DNS request/reply from all networks to the DHCP server and vice versa?

Cheers
Brady.

Post #: 1

Featured Links*

RE: Your Opinions - 28.Jan.2007 12:17:00 PM

tshinder

Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Brady,

You can create two rules, one for each group.

As for DNS traffic, allow it only for hosts requiring it.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to bradyb)

Post #: 2