Check out www.isaserver.org. Great site with a lot of information. It's design is a little weird at first but you get used to it. It's actually a very interesting package.

If you're looking to lockdown user access sounds like you're looking at a combination of restricting their login via domain user account permissions, and then you'll want to probably look at using the firewall client to control who has access through the firewall. The client folder will have been created automatically as a share off of your isa server.

-----Original Message-----
From: Tiger [mailto:tigerjustmailz.com]
Sent: Wednesday, October 23, 2002 10:46 AM
To: security-basicssecurityfocus.com; focus-mssecurityfocus.com
Subject: How ISA rule base works and how to bind users IP with MAC.

Hi All,

Microsoft ISA Server¡¦s rule base engine first of all denies all
requests and then allows. This increases complicacy. How this rule
base works is not very clear to me. First of all implicitly it denies
all request given in rule base, than allows explicitly allowed rules
and rest deny all.
When it says allow explicitly allowed rules, then what does it mean?
How it picks rules and what would be the sequence?
1. Access Policy
        Site and Content Rules
        Packet Filters
2. Publishing Rule
        Web Publishing
        Server Publishing
I can¡¦t understand logic behind Microsoft¡¦s such design, why not
simple rule base like checkpoint or any other firewall.

I have ISA Server Installed. Only selected LAN users are allowed to
access Internet. It¡¦s authenticating users from Domain Controller.
Here my requirement is to allow selected LAN users to access Internet
only from their machine. I have tried allowing them through two ways
1.IP Basis 2.User Basis but both has its limitations
1. IP based: a user can ask or guess someone¡¦s IP and put in his
machine and get access when allowed machine is powered off or NIC is
disabled.
2. User based: Passwords can be shared among users and they can
access Internet from any machine.
There should be some way in Domain Controller to bind user¡¦s access
from their machine or assigned IP only. Any Idea?
OR
Is there any solution in ISA only?

We can reserve IP in DHCP with MAC address and works fine only in the
case when user request DHCP to release IP.
I mean when user select option to ¡§Obtain IP address automatically¡¨
If he assign IP manually then he can enter into domain and access
internet. My purpose can be solved if I get any way to restrict him
to domain.

My friend has cable connection. His machine is not into domain. He is
getting access through MAC + IP address only. Coz of some reason if
he changes MAC or IP his internet doesn¡¦t works.
Any suggestion most welcome fº

Cheers!
Tiger

______________________________________________________________________
Get Free POP & IMAP Email Accounts on www.justmailz.com !
Quote : "All life is an experiment."

______________________________________________________________________
Get Free POP & IMAP Email Accounts on www.justmailz.com !
Quote : "Our character is what we do when we think no one is looking."

This e-mail is the property of Oxygen Media, LLC. It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to postmasteroxygen.com and destroy all electronic and paper copies of this e-mail.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]