Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Restricting file server to access to domain computers only.

from [John Redd] Network Security [Permanent Link]
Subject: Re: Restricting file server to access to domain computers only.
Date: Sat, 11 Jun 2005 15:32:15 -0700 (PDT) 
Kevin

Even easier than using certificates as suggested by
one respondent, implement a domain-wide IPSec policy
for all communications, using Kerberos as opposed to
PSK or certificates, for the authentication method.
Whether you choose to also encrypt or just
authenticate communications is up to you. 

FWIW, Microsoft implements IPSec domain-wide on their
corporate network for several reasons, not limited to
domain isolation and slowing/stopping worms. Some
articles about this include:

http://www.microsoft.com/technet/community/columns/secmgmt/sm121504.mspx

http://www.microsoft.com/technet/community/columns/secmgmt/sm0105.mspx

http://www.microsoft.com/technet/security/topics/architectureanddesign/ipsec/default.mspx


Regards

John



Hello focus-ms,

Does anyone know how to prohibit computers from

connecting to a 
Windows 2003 Server share unless the

system they are connecting from is a member of the

domain.


I a few "power users" and developers who keep

removing there systems 
from the domain, and just

connecting to the server by browsing and using there

domain 
credentials to login.  There access is

allowed and needed for them to do there work.  If I

don't allow them 
to connect unless there system is

a part of the domain, that will solve the problem.

Kevin


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Restricting file server to access to domain computers only., Justin F. Knox
Next by Date:  reconsidering physical security: pod slurping, Abe Usher
Previous by Thread:  Re: Restricting file server to access to domain computers only., Justin F. Knox
Next by Thread:  RE: Restricting file server to access to domain computers only., Sergey V. Gordeychik
Indexes:  [Date] [Thread] [Top] [All Lists]