OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: NT ACCESS ROLES
From: Gene R. Gomez (ggomezVERANCE.COM)
Date: Wed Sep 20 2000 - 16:03:34 CDT


Yes, you can control PPTP/L2TP/IPsec user access to the network. This could
either be a function of the VPN/RAS server, or you could install a packet
filter to dump packets not destined for a particular host or port.
The "controlling multiple logons" question has been beaten to death. I
recommend you check the archives.

-Gene

-----Original Message-----
From: Mitch James [mailto:mitchjAVANADE.COM]
Sent: Wednesday, September 20, 2000 10:56 AM
To: FOCUS-MSSECURITYFOCUS.COM
Subject: NT ACCESS ROLES

        The question is this: Can access be controlled via entry point into
the network (in a Windows 2k Environment). An example: A person dials in
thru a modem or comes in thru a VPN connection. Can they be given less
access to the network than if they come in thru their desktop pc. The caveat
is that there are no special group memberships or permissions. It's just
like the person went home and dialed in, they have the same NT rights just
different access points. I know I could probably put up an additional
firewall at the outside access point but would prefer not to.
        A second question that may have come up before. Controlling how many
times a person can log in to the network..
Thanks.

Mitchell James
Security Architecture
Direct 206-903-5839
Cell 303-748-7596