Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1999_2

NFR Wizards Archive: RE: Host based IP ACL like TCPWrapper or I

RE: Host based IP ACL like TCPWrapper or IP_Filter, but for NT?

James D. Wilson (netsurfsersol.com)
Tue, 1 Jun 1999 06:05:47 -1000

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Jean-Hugues Smits: "RE: Survey.exe"
Previous message: Mayne, Peter: "RE: Covert Channels (was dns outbound)"

Interix (was OpenNT) runs on top of the NT Kernel doing POSIX Unix and
has recently ported TCP Wrappers, inetd, sendmail, telnetd, ftpd,
syslogd, and a variety of other apps. This gives you the ability to
do some of your filtering on the Unix side of your NT Server if you
want.

-
James D. Wilson
"non sunt multiplicanda entia praeter necessitatem"
William of Ockham (1285-1347/49)

-----Original Message-----
From: owner-firewall-wizardsnfr.net
[mailto:owner-firewall-wizardsnfr.net]On Behalf Of
Bill_Roydspch.gc.ca
Sent: Sunday, May 30, 1999 4:54 AM
To: Alan Morewood
Cc: firewall-wizardsnfr.net
Subject: Re: Host based IP ACL like TCPWrapper or IP_Filter, but for
NT?

"Alan Morewood" <morewoodon.bell.ca> on 05/26/99 01:41:09 PM

Please respond to "Alan Morewood" <morewoodon.bell.ca>

To: firewall-wizardsnfr.net
cc: (bcc: Bill Royds/HullOttawa/PCH/CA)
Subject: Host based IP ACL like TCPWrapper or IP_Filter, but for NT?

Does anyone have ideas as to a feasible solution for doing IP ACL
restrictions on a DMZ host? Or does this seem excessive considering
2-factor authentication is to be used.

details as follows:

NT has no direct IP_Filter equivalent, although there is at least one
option
of which I am aware.

---------------------------------------------

NT has the ability to restrict ports that can be used by machine in
Control
Panel/Networks/Protocols/Advanced settings.

As well, have you looked at things like the ConSeal firewall
(http://www.signal.com) whcih fit between the Ethernet layer and
TCP/IP stack to
enforce a security policy?
THis would seem like the closest to TCPWrappers for NT and it even
validates
UDP/ICMP as well.

Next message: Jean-Hugues Smits: "RE: Survey.exe"
Previous message: Mayne, Peter: "RE: Covert Channels (was dns outbound)"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:18:59 CDT