Welcome to ISAserver.org

A cheap way to Block users via MAC Address via using

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2000 Misc.] >> Tips & Tricks >> A cheap way to Block users via MAC Address via using

Page: [1]

Message

<< Older Topic Newer Topic >>

A cheap way to Block users via MAC Address via using - 25.Jan.2005 6:15:00 PM

zzz343

Posts: 762
Joined: 19.Feb.2002
From: World's 7th Nuclear Power
Status: offline

A cheap way to Block users via MAC Address via using SYGATE PERSONAL FIREWALL!
==============================================

I usually receive mails specially from cable.net operators, asking howto block users via there MAC Address using ISA SERVER as user id or ip base security restriction is not much highly secure as users on LAN can share there IP�s and User IDs. But changing MAC address is quite difficult (not impossible) as compare to changing IP or id.

I have an LAN environment with over 200 computers running 6 server's serving different services like web browsing, chat server, sharing server, Cs gaming server and others. The system I tested for this software is

WINDOWS 2000 SERVER Standalone Server / W2k SP4 / ISASERVER Enterprise Edition with ISA sp2.

First of all let me clear that using ISA, you cannot block users via MAC Address, as ISA don�t have such option built-in. The better way is to select hardware solution like MANAGEABLE SWITCH through which you can manage your switch via telnet or web base management tool and block ip, ports, MAC address and lot of other things you can do with it. But offcourse this solution is a bit expensive as compare to software solution. If you want to go cheaper, this can be achieve via using 3rd party tool name SPF (SYGATE PERSONAL FIREWALL) software which is easily available on CD's or on Internet.

Download SPF, Run it's setup, after completing its installation, it will prompt you to re start your PC, go ahead but remember, after restarting it will block ALL TRAFFIC in & out both,

OPENING SPF TO ALLOW ALL TRAFFIC.

Open SMC (sygate management console) ,
Goto TOOLs/ADVANCE RULES ,
Click on ADD, in RULE DESCRIPTION name it any name you like like ALLOW RULE ,
In ACTION tab select ALLOW THIS TRAFFIC, then click on OK. (If you remember, after installing ISA SERVER, you have to create an ALLOW RULE in PROTOCOLs SECTION in order to open ISA for all traffic, same theory is applied to SMC)

Now, You have opened your firewall for all traffic including ISA's traffic. It will not further interrupt ISA Traffic.

Now let's move on to to "BLOCK USERS VIA MAC ADDRESS" part.

There are two ways to block users, via granting access to SPECIFIC USERS ONLY or via deny access to SPECIFIC USERS ONLY.

"Granting Access to SPECIFIC USERS ONLY"
======================================

If you want to allow SPECIFIC USERS ONLY, instead creating ALLOW RULE for all users, create rules to allow access to SPECIFIC USERS ONLY. You have to create rules one by one for users (if you want to access control via MAC ADDRESS), otherwise if you want to control them via IP address, then SPF have variety of range to control this.

"DENYING Access to SPECIFIC USERS ONLY"
======================================

In ADVANCE RULES PROPERTIES, ADD new rule, In Description, type your own description like "BLOCK JOHN (ip=10.x.x.x)",
In Action tab Select BLOCK THIS TRAFFIC (it is always set to BLOCK THIS TRAFFIC by default whenever you create any new rule),
In HOSTS section, APPLY THIS RULE TO MAC ADDRESS then type your desired MAC ADDRESS of the user you wanted to block.
Select OK.

Now you can see your newly created rule along with the ALLOW RULE you have previously created. REMEMBER! Always put ALLOW RULE at the bottom of the list. In SMC, rules process in TOP TO DOWN order, like if ALLOW RULE is at the top, it will ignore all block rule which are down below this rule, So always put ALLOW RULE at the last number so SMC will first process the Block rules then the ALLOW RULE.

SPF (Syagte Personal Firewall) really helps me a lot in detecting intrusion attempts, Flooding Attack, Bufferoverflow flow Attacks, and others. SPF automatically blocks attacker's ip for few minutes (This & other options can be disable/enable or configure at TOOLS/OPTIONS/SECURITY menu. You can configure many options to control user access to your server. You can block virus attacks from LAN users via adding attacking file like SVCHOST.EXE (which is commonly use by virus for flooding or RDCOM bufferoverflow attack), then this application will not be able to seize ISA SERVER LAN adopter.

(Personal Note) "[Roll

At the end, I strongly recommend to use LISCENSED software, because if you are using it for commercial user or earning from it, then you must pay some, against the benefits your gaining by using it.

I also recommend these software companies to review their license prices policy for 3rd world countries. For example, Windows XP home edition cost around 200 US$ at our local market and the pirate copy (which include EVERY SOFTWARE like win 2000, winxp and other) costs me 40 CENTS per CD, I earn under 200 $ in a month, Someone please tell me that how can I buy such expensive software if my earning is under 200 $ per month? "[Confused]"

WINDWOS 2000 SERVER cost us 1000 US$ and ISA SERVER cost us around 1500 US$, If I am running cyber cafe with around 6-8 PC�s and my monthly income is under 200 $ how can I purchase such expensive software :'( , should I stop using it because I dont have money to buy and stop all my creativity and interest to learn new things? "[Eek!]"

The license should be cheaper for 3rd world countries and it must not be out of reach for a common person. Higher rates are the biggest reason for software piracy in our country. Can you believe it that it's above 80% :| the main reason is the licensing fees for it.

Please dont understand that I am against purchasing LEGAL SOFTWARE, and I am happy to use pirated software�s, I always wanted to buy legal and licensed software, but its price must meet local people buying power. This is the same case with the books.