• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

anonymous access ???? why

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> anonymous access ???? why Page: [1]
Login
Message << Older Topic   Newer Topic >>
anonymous access ???? why - 29.Jun.2007 7:17:20 AM   
adgroup

 

Posts: 137
Joined: 11.May2006
Status: offline
hi

I am receiving Anonymous user log in ISA 2004 (sp3)on windows 2003 (sp1) when client (XP) uses SKYPE althogh that user have no access on certain rules but log shows that he gain access as a user name ANONYMOUS.

any help
Post #: 1
RE: anonymous access ???? why - 29.Jun.2007 11:37:39 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
whats the protocol being logged ?? HTTPS ?

do u have a snapshot

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to adgroup)
Post #: 2
RE: anonymous access ???? why - 5.Jul.2007 3:05:19 PM   
JDKN

 

Posts: 3
Joined: 5.Jul.2007
Status: offline
Hi,

I am facing a weird problem with ISA 2006. I created a rule to stop a specific site. I have a subnet of 30PCs (192.168.0.10-192.168.0.40). All the PCs are configured as secureNat clients. This rule applied fine on all users and the access to this site was stopped.Only one user was able to access it through ISA. When querying the IP address of this user, the log shows 2 specific destination IP address that the request go to. I stopped access to these 2 addresses and still the user was able to access this web site. The Ipconfig utility on the user machine shows the details of a VPN connection. Again i stopped all the VPN protocols on this users' rule and still he was able to access the site!!!
Have u ever faced such a situation? Any hint will be so much appreciated

Thanks


(in reply to elmajdal)
Post #: 3
RE: anonymous access ???? why - 5.Jul.2007 5:29:28 PM   
royh

 

Posts: 318
Joined: 23.Feb.2007
From: Lebanon
Status: offline
Hi JDKN,
Modify the acces rule u have and allow only the HTTP protocol and see what you'll get. Make sure also that there is no other proxy on your subnet that the user can use to connect to the internet...

HTH,

Roy

_____________________________

Roy Haddad,M.Sc
CCNA, MCSE 2003 Messaging & Security,C|EH
www.foxminds.com

(in reply to JDKN)
Post #: 4
RE: anonymous access ???? why - 6.Jul.2007 6:48:32 PM   
JDKN

 

Posts: 3
Joined: 5.Jul.2007
Status: offline
Hi Roy,

I allowed only the http protocol on the user's rule. He was able to connect to the restricted site!When I denied him access, he couldn't go to any site...so i don't think he's using another proxy....
Waiting for ur help!!thanks

(in reply to royh)
Post #: 5
RE: anonymous access ???? why - 8.Jul.2007 5:43:36 PM   
royh

 

Posts: 318
Joined: 23.Feb.2007
From: Lebanon
Status: offline
Hi,
He's using http tunneling, u have to apply the http filter on his allow rule and stop this tunneling. If you have physical access to his computer you can search for the tool he's using to do this tunneling. I suggest you log his internet activity and post the log you obtain in this forum if you can.

HTH,

Roy

_____________________________

Roy Haddad,M.Sc
CCNA, MCSE 2003 Messaging & Security,C|EH
www.foxminds.com

(in reply to JDKN)
Post #: 6
RE: anonymous access ???? why - 8.Jul.2007 7:45:28 PM   
ferrix

 

Posts: 547
Joined: 16.Mar.2005
Status: offline
Ah, the arms race of using technology to solve social issues...

After you figure out a filter to stop the http tunneling, the user will probably switch to https (which ISA can't inspect, unless you install an add-on). 

I'm as big a fan as anyone of locking down outbound internet access, but it sounds like you have a technically savvy user who is trying repeatedly to beat the system.  It strikes me as an issue that might be best solved by HR and not IT

(in reply to royh)
Post #: 7
RE: anonymous access ???? why - 13.Jul.2007 5:35:32 PM   
royh

 

Posts: 318
Joined: 23.Feb.2007
From: Lebanon
Status: offline
It will be good also to be first solved by IT and then warned by HR ;)


_____________________________

Roy Haddad,M.Sc
CCNA, MCSE 2003 Messaging & Security,C|EH
www.foxminds.com

(in reply to ferrix)
Post #: 8
RE: anonymous access ???? why - 19.Jul.2007 8:47:53 AM   
hantahipi

 

Posts: 84
Joined: 26.Jan.2006
From: Kenya
Status: offline
Hi,

I'd say there are things we can control and there are some we can't.

If this guy's machine is a member of a managed domain, just create an OU, drop his username in it, create a policy for him and review (read DENY) his rights to install and tweak his machine.

Unistall his unwanted apps and slap him with an Internet Usage Policy with disciplinary repurcussions if violated (this is where HR comes in, after you are in charge).

He may be good, but I would want to see him wiggle through such

A cat with unkempt fur is not by any means a lion!!!!!

(in reply to royh)
Post #: 9
RE: anonymous access ???? why - 29.Jul.2007 12:46:15 PM   
JDKN

 

Posts: 3
Joined: 5.Jul.2007
Status: offline
Hi everybody,

Am still in combat with my fellow. I logged his activity, nothing seems to be unusual. Protocol used http; port 80; destination some real IPs; rule that allow him acces is the special rule i created for him and which is among the first between the ISA rules. Do I have to use some 3rd party tools such as surf control or websense to stop him? I think that the ISA http filter isn't that powerful filter!!

Waiting for your comments.....

thxs

(in reply to hantahipi)
Post #: 10
RE: anonymous access ???? why - 12.Aug.2007 2:31:16 PM   
royh

 

Posts: 318
Joined: 23.Feb.2007
From: Lebanon
Status: offline
Hi JDKN,

You have to know what u want from ur http filter to see ISA http filter capabilities!!!
Concerning ur colleague start by denying him access to the properties of its network connections and ensure that there is no other connections than its Local Area Connection set up! Ensure also that he's a domain user and don't make him a local admin on his machine!

HTH,

Roy


_____________________________

Roy Haddad,M.Sc
CCNA, MCSE 2003 Messaging & Security,C|EH
www.foxminds.com

(in reply to JDKN)
Post #: 11

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> anonymous access ???? why Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts