Re: Segregating networks VLANs or Subnets
- From: "Neteng" <neteng.ccie@xxxxxxxxx>
- Date: Wed, 7 Dec 2005 16:05:47 -0600
If you prevent users from a specific subnet from even accessing your
network, you can leave NTFS permissions alone. 99% of admins out their don't
configure groups correctly. I doubt most could also get NTFS permissions
right. If you prevent the clients in the building access to each others
networks, you don't have to change any permissions. There is no need to NAT,
the firewall can route just as well. NAT is a feature of a firewall, not a
firewall in itself.
"Phillip Windell" <@.> wrote in message
news:eE7iUX3%23FHA.3568@xxxxxxxxxxxxxxxxxxxxxxx
> "Tonton" <Tonton@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:0F25BDB6-0613-439A-BE85-CCE171321C0F@xxxxxxxxxxxxxxxx
> > Our company has about 4 PCs. But we are providing Internet access to a
> > number of other companies with their PCs. At present everyone can see
> > everyone else's files/folders which is not a good security practise. I
> want
> > to make sure that nobody can see anybody else's files/folders.
>
> You use NTFS permissions. That is what they are for. That is the first
area
> of security. You can't allow filesystem access to the "Everyone Group" and
> complain that everyone can see all the files. So that is the first thing
you
> do.
>
> Do *not* consider the fact the something shows in Network Places as having
> "access". Just because is appears on the Browse List (Network Places) does
> not make it accessable.
>
> Running ACLs on a LAN Router would work for only Layer3&4 traffic.
> Tradditional firewalls do NAT which is not appropriate. You want to
control
> traffic access, not "translate" it. That is why LAN Routers have had ACLs
> long before anyone invented NAT Firewalls. But LAN Routers only restrict
> between Network Segments for the most part,...they are not for creating
> detailed Access Schemes,...that is what the NTFS Permissions are for.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/ISA2004_AccessRules.html
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
> http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
>
> Deployment Guidelines for ISA Server 2004 Enterprise Edition
>
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
> -----------------------------------------------------
>
>
>
.
- Prev by Date: Re: Usernames on desktop wallpaper
- Next by Date: Re: Segregating networks VLANs or Subnets
- Previous by thread: Re: Segregating networks VLANs or Subnets
- Next by thread: Re: Segregating networks VLANs or Subnets
- Index(es):
Relevant Pages
|
