|
Posted by vidro on August 19, 2005, 8:46 am
Please log in for more thread options You're right. I think I got side tracked with machine security, trying to
figure out a way of stopping LAN users from going home to their home p.c. and
creating a VPN account even if they had authority to VPN with a company
laptop.
To the original issue; Logon accounts being the same, how does the server
identify a local computer accessing information versus a VPN connection
access information?
"Roger Abell" wrote:
> > Capture MAC for authentication?
> > but how to authenticate it and against what?
> >
>
> I realize you replied to my post, but you lost me?
> From where did Capture MAC for authentication come into it?
>
> --
> Roger
>
> > "Roger Abell" wrote:
> >
> > > Well, the web access part is likely simple if you have a web
> > > dev in house, as the client properties of the browsing client
> > > will give you pretty much all you would need to tell if they
> > > are on local network, vpn'd in, or using the public interface
> > > on internet, and the server-side could then tune what is given
> > > in the browser rendering as appropriate.
> > > For the other access it sounded as if you need to distinguish
> > > between only locally attached or vpn'd in. If you could isolate
> > > the shares on to different servers and then for example use
> > > IPsec on the server with the sensitive shares that should not
> > > be available when vpn'd in so that server will not speack with
> > > the IPs your vpn gives out . . .
> > > There are likely other, and possibly more simple ways, but
> > > given your sketch of requirements these are what first came
> > > to mind. The alternatives will also vary based on info you
> > > did not provide, such as what vpn solution is in use, do you
> > > use IAS for auth, etc..
> > >
> > > --
> > > Roger Abell
> > > Microsoft MVP (Windows Security)
> > > MCSE (W2k3,W2k,Nt4) MCDBA
> > > > I need to set security based on location and machine.
> > > > Scenario:
> > > >
> > > > A user has an account on the Cooperate network and his laptop has
> account
> > > > on Corporate network.
> > > > While on the local area network, this user can access Information from
> > > > folder A,B,C on a server
> > > > When the user goes mobile with his laptop the user needs to be
> > > constrained
> > > > to only seeing info from folder A and B
> > > > If the same user goes to a computer that is not apart of the Corporate
> > > > network he needs to be constrained to only folder A.
> > > >
> > > > The user, when not on the local network, will be using the Internet to
> > > > attaching to the Corporate network.
> > > > There are 2 methods to attach to information via the internet; either
> thru
> > > > VPN or a WEB server.
> > > > If the user is using his laptop it will most likely be VPN,
> > > > If he is on a different p.c. he will need to go to the Corporate WEB
> > > site.
> > > >
> > > > At the same time I do not want to give users the ability access
> > > information
> > > > from a non-company p.c. threw a VPN connection.
> > > >
> > > > Any help in implementing such a security scheme would be greatly
> > > appreciated.
> > > >
> > >
> > >
> > >
>
>
>
| 
XML Sitemap