Re: Stop computers connecting to other domains and networks

From: "lforbes" <lforbes@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 5 Aug 2005 15:28:01 -0700

Hi,

I have thought about deploying IPSec but I cringed at the idea of installing
the Certificate Services etc. I read up about it on MS website and it seemed
so much of a big deal. As my servers have to be up 24-7 I was a little
concerned about messing things up that work. I have a great logging with the
log parser and it works great to list all my DHCP IP/Computer names.

Thanks for the idea. I may look into it more.

Cheers,
Lara

"Andrew Mitchell" wrote:

> "=?Utf-8?B?bGZvcmJlcw==?=" <lforbes@xxxxxxxxxxxxxxxxxxxxxxxxx> said
>
> > (as I can't stop DHCP from giving them an IP unless I know
> > the Mac Address).
>
> At the moment that's correct but you can deploy IPSec to prevent any
> unauthorized devices being able to communicate with any other device on your
> network even if they do get an IP address.
> If you require that all of your authorized devices require IPSec for all
> inbound and outbound communications, it means that those unauthorized devices
> will not be able to communicate with them.
>
>
> --
>
> Andy.
>
.

Follow-Ups:
- Re: Stop computers connecting to other domains and networks
  - From: Andrew Mitchell

References:
- Stop computers connecting to other domains and networks
  - From: SW
- RE: Stop computers connecting to other domains and networks
  - From: lforbes
- RE: Stop computers connecting to other domains and networks
  - From: SW
- RE: Stop computers connecting to other domains and networks
  - From: lforbes
- Re: Stop computers connecting to other domains and networks
  - From: Hank Arnold
- Re: Stop computers connecting to other domains and networks
  - From: lforbes
- Re: Stop computers connecting to other domains and networks
  - From: Andrew Mitchell

Prev by Date: Re: Internet Explorer
Next by Date: set different local policies for standalone machine
Previous by thread: Re: Stop computers connecting to other domains and networks
Next by thread: Re: Stop computers connecting to other domains and networks
Index(es):
- Date
- Thread

Relevant Pages

Re: Stop computers connecting to other domains and networks
... > the Mac Address). ... If you require that all of your authorized devices require IPSec for all ... it means that those unauthorized devices ... will not be able to communicate with them. ...
(microsoft.public.win2000.group_policy)
Re: Deny access
... You can require all machines to communicate with IPSec. ... Is it posible to deny access to a domain if the PC isn´t in the Domain? ... authenticate against servers. ...
(microsoft.public.windows.server.active_directory)
Re: AD Through Firewall & Trusts
... Thanks for the reply Jorge. ... domain's domain controllers (the new DC will be configured to communicate ... My goal is to limit the number of rules to be added to the firewall for ... You can enforce IPSec for communications only between these 2 DCs. ...
(microsoft.public.windows.server.active_directory)
Re: AD Through Firewall & Trusts
... You can specify the machines that comunicate with IPSec. ... If I enforce IPSec to be used only between 2 machines that doesn't mean that all others must also use IPSec. ... other domain's domain controllers (the new DC will be configured to communicate with the other DCs in the domain that the new DC is a part of). ...
(microsoft.public.windows.server.active_directory)
Re: IPSEC on Windows 2000 - Help
... shouldn't they still be able to communicate? ... It's exempted once the involved computers have negotiated an SA and IPsec is ... > member to the domain controller is currently not supported ... domain authentication to take place to allow communication, ...
(microsoft.public.win2000.security)