• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Firewall Client DNS Name in Registry

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> Firewall Client DNS Name in Registry Page: [1]
Login
Message << Older Topic   Newer Topic >>
Firewall Client DNS Name in Registry - 30.Jan.2006 4:26:25 AM   
mikesmith20055002

 

Posts: 20
Joined: 30.Jan.2006
Status: offline
I am using ISA 2004 with the Firewall Client. I have some users who are going into the registry and deleting references to the DNS name of the firewall client and then they are able to surf the web unfiltered. How is this possible and how do I prevent it?
Post #: 1
RE: Firewall Client DNS Name in Registry - 30.Jan.2006 5:03:56 AM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
Relying on the FWC to be enabled is security by ignorance.  For real security, you need properly defined rules on the ISA server.  With proper rules, if users disable their FWC, it should disable access, not the inverse.

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to mikesmith20055002)
Post #: 2
RE: Firewall Client DNS Name in Registry - 30.Jan.2006 8:11:12 PM   
mikesmith20055002

 

Posts: 20
Joined: 30.Jan.2006
Status: offline
What a reply...I know I have a problem and I am asking for help, not to be labeled ignorant.  Does any one else know how to solve this problem?  What specifically can I do?

(in reply to LLigetfa)
Post #: 3
RE: Firewall Client DNS Name in Registry - 29.Mar.2006 6:11:46 PM   
John_L

 

Posts: 1
Joined: 29.Mar.2006
Status: offline
Use Group Policy to disable Registry editing.

(in reply to mikesmith20055002)
Post #: 4
RE: Firewall Client DNS Name in Registry - 17.May2006 6:40:39 PM   
jsgclr

 

Posts: 2
Joined: 17.May2006
Status: offline
Another way that I would setup the network to where the ISA server is the only server with access to the internet.  Depending on your network setup would determine how you would set this up.  Just allow your ISA access to the internet and then the client workstations will have to use the ISA services for access.

(in reply to mikesmith20055002)
Post #: 5
RE: Firewall Client DNS Name in Registry - 17.May2006 8:19:54 PM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
quote:

I am asking for help, not to be labeled ignorant

Hmmm... not by intent.
The term "security by ignorance" refers to the ignorance of the person you are trying to stop by monopolizing on their lack of knowledge, not to the security officer.  One can draw whatever inference they want about the security officer however.

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to jsgclr)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> Firewall Client DNS Name in Registry Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts