Best Configuration (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Firewall Client



Message


tjohnson -> Best Configuration (11.Sep.2007 9:24:25 AM)

What combination of Proxy Client, Firewall client, etc, will prohibit anyone from bringing in their personal laptop, connect to an RJ45 jack somewhere on my network, and getting out to the internet?  Assuming I have non-managed switches, and my clients are currently SecureNat clients that is.





elmajdal -> RE: Best Configuration (11.Sep.2007 5:38:37 PM)

Hi,

the best solution would first to handle this issue through the HR.

If you have a decent corporate , then the Security on the entrance door should not allow anyone with a laptop to let it through.

Only authorized people should be able to bring their laptops with. Else your corporate would become an Internet Cafe.




jmilito -> RE: Best Configuration (5.Oct.2007 12:32:52 PM)

You should not have your main interanl switch/router connecting directly to your external network.  It is best to have ISA with a dual nic configuration to get the most out of its security features.  Put one leg in your DMZ (if you have a front-end firewall) or straight to External (if no other firewall exists) then put the other leg in the internal network.  If you create the appropriate rules, configure the routes, etc you then should be able to force your users to go out the server.  If you are forcing authentication then they will not be able to get out without providing credentials.

Without knowing your exact network layout you will have to do some careful research before ripping and plugging cables.  So be careful.

Otherwise you should look into some NAC appliances like http://www.cisco.com/en/US/products/ps6128/.  These are expensive but if I remember correctly there are some decent low cost versions available somewhere out there.

Also you should have the appropriate policies created for all staff and students.





Page: [1]