• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Best Configuration

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Best Configuration Page: [1]
Message << Older Topic   Newer Topic >>
Best Configuration - 11.Sep.2007 9:24:25 AM   


Posts: 37
Joined: 29.Nov.2004
Status: offline
What combination of Proxy Client, Firewall client, etc, will prohibit anyone from bringing in their personal laptop, connect to an RJ45 jack somewhere on my network, and getting out to the internet?  Assuming I have non-managed switches, and my clients are currently SecureNat clients that is.

Post #: 1
RE: Best Configuration - 11.Sep.2007 5:38:37 PM   


Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline

the best solution would first to handle this issue through the HR.

If you have a decent corporate , then the Security on the entrance door should not allow anyone with a laptop to let it through.

Only authorized people should be able to bring their laptops with. Else your corporate would become an Internet Cafe.


Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to tjohnson)
Post #: 2
RE: Best Configuration - 5.Oct.2007 12:32:52 PM   


Posts: 321
Joined: 10.Oct.2006
Status: offline
You should not have your main interanl switch/router connecting directly to your external network.  It is best to have ISA with a dual nic configuration to get the most out of its security features.  Put one leg in your DMZ (if you have a front-end firewall) or straight to External (if no other firewall exists) then put the other leg in the internal network.  If you create the appropriate rules, configure the routes, etc you then should be able to force your users to go out the server.  If you are forcing authentication then they will not be able to get out without providing credentials.

Without knowing your exact network layout you will have to do some careful research before ripping and plugging cables.  So be careful.

Otherwise you should look into some NAC appliances like http://www.cisco.com/en/US/products/ps6128/.  These are expensive but if I remember correctly there are some decent low cost versions available somewhere out there.

Also you should have the appropriate policies created for all staff and students.

(in reply to elmajdal)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Best Configuration Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts