Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Anonymouse Using an Authenticated Rule

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Anonymouse Using an Authenticated Rule Page: [1]
Login
Message << Older Topic   Newer Topic >>
Anonymouse Using an Authenticated Rule - 3.Feb.2006 9:29:04 PM   
ITEngineer

 

Posts: 256
Joined: 3.Feb.2006
Status: offline 		hi ,

today while i was monitoring the isa server , i was shocked to see Authenticated Rules being used by anonymouse users !!!

i have a Rule for the IT Dep users :

Action : Allow
Protocols : All Outbound Protocols
From : Internal
To : External
Condition : IT_Dep_Grp


the users inside the IT_Dep_Grp are users from the active directory from my domain.

i dont understand how anonymouse users are being ALLOWED to use such a rule ??

any input would be appreciated. Thanks
Post #: 1
RE: Anonymouse Using an Authenticated Rule - 3.Feb.2006 9:34:05 PM   
LLigetfa

 

Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline 		Show us the log entries that prove it.  Secure Sockets don't count. :p

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to ITEngineer)
Post #: 2
RE: Anonymouse Using an Authenticated Rule - 3.Feb.2006 9:42:07 PM   
ITEngineer

 

Posts: 256
Joined: 3.Feb.2006
Status: offline 		HI ,

mmmm i dont have a host to upload the image !!

any one with a host


(in reply to LLigetfa)
Post #: 3
RE: Anonymouse Using an Authenticated Rule - 3.Feb.2006 9:54:31 PM   
elmajdal

 

Posts: 5061
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: online 		hey IT

send the image to comba44@hotmail.com

save it as jpg


(in reply to ITEngineer)
Post #: 4
RE: Anonymouse Using an Authenticated Rule - 3.Feb.2006 10:07:06 PM   
elmajdal

 

Posts: 5061
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: online

(in reply to elmajdal)
Post #: 5
RE: Anonymouse Using an Authenticated Rule - 3.Feb.2006 10:20:25 PM   
LLigetfa

 

Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline 		But I said:
quote:

Secure Sockets don't count. :p


_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to elmajdal)
Post #: 6
RE: Anonymouse Using an Authenticated Rule - 3.Feb.2006 10:26:46 PM   
ITEngineer

 

Posts: 256
Joined: 3.Feb.2006
Status: offline 		Thank you Elmajdal for uploading the image.


and Thank you LLigetfa,
but what i am shocked from is that users has rule to allow them to use HTTPS , so why they r accessing the first rule in my rule orders ?

sometimes i see them with Failed Connection , and then below this , connection is Allow with a different rule that doesnt authenticate them to use it !!!

why secure sockets dont count ???

what if i want to use a Whitelist HTTPS access ?? then will it be useless , and users will still be able to use the IT Rule which permits everything ??

(in reply to LLigetfa)
Post #: 7
RE: Anonymouse Using an Authenticated Rule - 3.Feb.2006 10:31:17 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi ITEngineer,

maybe the article http://www.isaserver.org/articles/ISA2004_AccessRules.html could be of any help.

HTH,
Stefaan

(in reply to ITEngineer)
Post #: 8
RE: Anonymouse Using an Authenticated Rule - 3.Feb.2006 10:34:38 PM   
LLigetfa

 

Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline 		Well... never trust what you read, especially on the internet.  :p
SSL does not count because the SSL packets are encrypted so the username cannot be garnered for the log.  Test it for yourself.

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to ITEngineer)
Post #: 9
RE: Anonymouse Using an Authenticated Rule - 4.Feb.2006 1:21:09 AM   
ITEngineer

 

Posts: 256
Joined: 3.Feb.2006
Status: offline 		hi Stefaan ,

i always search and read all the available articles before posting questions here  and ur article was one of the first i read.

i understand rule processing order and thats why i was amazed of seeing anonymouse using a rule Authenticating particular users !!

(in reply to spouseele)
Post #: 10
RE: Anonymouse Using an Authenticated Rule - 4.Feb.2006 1:23:18 AM   
ITEngineer

 

Posts: 256
Joined: 3.Feb.2006
Status: offline
quote:

ORIGINAL: LLigetfa
Well... never trust what you read, especially on the internet.  :p


 Thanks for your input LLigetfa.

but dont u agree with me this is something that misleads !!

Why would ISA log it in such a way

(in reply to LLigetfa)
Post #: 11
RE: Anonymouse Using an Authenticated Rule - 4.Feb.2006 1:39:22 AM   
LLigetfa

 

Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline 		Yes it is misleading...
When I first saw it on my rules, I wondered about it too and tested it thoroughly just to be sure.

You would have to ask Microsoft why they did it that way.

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to ITEngineer)
Post #: 12
RE: Anonymouse Using an Authenticated Rule - 4.Feb.2006 1:52:03 AM   
ITEngineer

 

Posts: 256
Joined: 3.Feb.2006
Status: offline
quote:

When I first saw it on my rules, I wondered about it too and tested it thoroughly just to be sure.

 then i will skip the testing by my self ,  i am confident that you did it well

quote:

  
You would have to ask Microsoft why they did it that way.

mmmm, i think i will skip this and check if they read these forums  and fo their HWs

(in reply to LLigetfa)
Post #: 13
RE: Anonymouse Using an Authenticated Rule - 4.Feb.2006 1:58:38 AM   
elmajdal

 

Posts: 5061
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: online 		the subject of the topic was interesting and grapped my eyes , i started the monitoring and for the first time i see this is true with me also in one of my LANs ( didnt examine the others yet ).

Glad to hear that its just a LOG but not an actual situation were an anonymouse is using an Authenticated Rule !!!

so here is the question , is there other LOGs that also do not relate to a real situation

(in reply to ITEngineer)
Post #: 14
RE: Anonymouse Using an Authenticated Rule - 27.Mar.2006 3:56:20 AM   
Skit

 

Posts: 2
Joined: 3.Mar.2006
Status: offline 		I was wondering myself how annoymous users were getting Allowed Connections on an Authenticated rule. :P

My question is though, will this access be picked up on an inbuilt report? Just trying at the moment to clean up the reports to minimise the occurance of IPs in the list instead of usernames...

_____________________________

http://skit.id.au

(in reply to elmajdal)
Post #: 15

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Anonymouse Using an Authenticated Rule Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts