[isalist] Re: ISA and proxy authentication - best way of doing this?
- From: "Andrew Hodgson" <Andrew.Hodgson@xxxxxxxxxx>
- To: isalist <isalist@xxxxxxxxxxxxx>
- Date: Wed, 16 Jan 2008 16:01:12 +0000
Hi,
One of the apps which is misbehaving through this is actually Visual
Studio 2005, namely the TFS components *.
I haven’t looked at the config, but apparently it is causing errors
regarding not being able to connect to the proxy etc.
Also some external PHP stuff – one of them downloading stuff via Pair
and Zend studio.
Andrew.
_____
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: 16 January 2008 14:14
To: isalist
Subject: [isalist] Re: ISA and proxy authentication - best way of doing
this?
Don’t let your users define your ISA policies.
There isn’t a (current) operating system that *can’t* authenticate using
NTLM.
MAC, xNix; whatever.
Tell your “developers” that if they had any sk1llz, they’d already know
how to use NTLM auth, as it’s been in use for many years.
http://msdn2.microsoft.com/en-us/library/aa378749.aspx is a good
starting point, and there are several public descriptions of NTLM free
for the searching.
Basically, your need to know who is doing what through your firewall is
far more important than their need to get through it.
Get your C-level management behind this policy or you’ll soon have a
Microsoft Pix Server operating at your edge.
Jim
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Andrew Hodgson
Sent: Wednesday, January 16, 2008 5:26 AM
To: isalist
Subject: [isalist] ISA and proxy authentication - best way of doing
this?
Hi,
I have NTLM authentication set on the ISA firewall rules for specific IP
ranges. I am getting shouted at by developers and people using specific
apps because the proxy is not allowing them to authenticate through – or
more correctly, the application isn’t allowing it through. These are
most often PHP developers using various PHP based applications etc.
I have created a rule which excludes specific IP addresses from
authentication, which is working, but more and more people are now
requesting this.
I wanted this initially for the Websense logging system – but is there
any other way round this?
Thanks.
Andrew.
--
allpay.net Limited, Fortis et Fides, Whitestone Business Park,
Whitestone, Hereford, HR1 3SE.
Registered in England No. 02933191. UK VAT Reg. No. 666 9148 88.
Telephone: 0870 243 3434, Fax: 0870 243 6041.
Website: www.allpay.net
Email: enquiries@xxxxxxxxxx
This email, and any files transmitted with it, is confidential and
intended solely for the use of the individual or entity to whom it is
addressed. If you have received this email in error please notify the
allpay.net Information Security Manager at the number above.
--
allpay.net Limited, Fortis et Fides, Whitestone Business Park, Whitestone,
Hereford, HR1 3SE.
Registered in England No. 02933191. UK VAT Reg. No. 666 9148 88.
Telephone: 0870 243 3434, Fax: 0870 243 6041.
Website: www.allpay.net
Email: enquiries@xxxxxxxxxx
This email, and any files transmitted with it, is confidential and intended
solely for the use of the individual or entity to whom it is addressed. If you
have received this email in error please notify the allpay.net Information
Security Manager at the number above.
Other related posts:
