Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Restricting file server to access to domain computers only.

from [Sergey V. Gordeychik] Network Security [Permanent Link]
Subject: RE: Restricting file server to access to domain computers only.
Date: Tue, 21 Jun 2005 09:34:41 +0400 
Hi there.

You can setup Ipsec policy on server, which require Kerberos  authentication  
and AH-integrity on ports 139/445 (tcp/udp). Assign  standard "Client" ipsec 
policy to all other computer. Thus before cifs/smb connection established 
computers should be authenticated in domain. It  can be done by Group Policy as 
usual.
I often use such trick with proxy server to check domain membership and provide 
additional antisniffer protection in local network. In this case I require 
encrypted communications (ESP-DES-MD5 to save CPU power) authenticated by 
Kerberos between domain clients and port 8080 of ISA server.

Hope this helps, and sorry for my English.

-----Original Message-----
    From: "Kevin Green" <securityfocus@kevin.3drealms.com>
    Sent: 10.06.05 18:30:17
    To: "focus-ms@securityfocus.com" <focus-ms@securityfocus.com>
    Subject: Restricting file server to access to domain computers only.
    
    Hello focus-ms,
    
    Does anyone know how to prohibit computers from connecting to a Windows 
2003 Server share unless the
    system they are connecting from is a member of the domain.
    



---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Disclaimer on Active/active clustered exchange servers, minichaz
Next by Date:  R: Imaging question for MS OS., Sebastian Zdrojewski
Previous by Thread:  Re: Restricting file server to access to domain computers only., John Redd
Next by Thread:  Using Messenger Service for 'Net Send' Functionality --- Dangerous? Why?, deadly . halo
Indexes:  [Date] [Thread] [Top] [All Lists]