[isalist] Re: Infor - Help - Authentication
- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 12 Oct 2009 15:34:17 -0700
You just THINK I didn't get to see :-p
I always loved back in the day with the NEC voice gateway that allowed me to
connect my DTerm directly to the phone system over an IP trunk where I would do
a group page from CA. I think you're the only one who understood how I did
that :) Those were the days.
More importantly, what made it TOTALLY appropriate is that it got the message
across to people. Don't fark about with my bandwidth, and don't play while at
work. Stick to company policy, or suffer the consequences. That's really the
message to the OP (who seems to have just dropped off his own thread). The
first thing to do is establish a policy with some teeth to it. THEN implement
your technological controls. Otherwise, people will always find some way
around them....
t
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of John Wilson
Sent: Monday, October 12, 2009 3:26 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Infor - Help - Authentication
You know, the page really got mixed reactions. Especially since we (and by we,
I mean Thor) implemented without telling anyone. Some middle-manager types
tried to act self important, and say it was "entirely inappropriate" and other
laughed and said it was cool as hell.
But the funniest stuff was the manager or two who got the page and the
employees in the cubicle-world heard it through the office door. They would
look at their boss and wonder "What is he looking at??"
T never actually got to see that part of it because he was remote.
John W.
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Monday, October 12, 2009 4:14 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Infor - Help - Authentication
..probably ended up spending too much money on upholstery and carpet cleaning...
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of
Ball, Dan [DBall@xxxxxxxxxxx]
Sent: Monday, October 12, 2009 10:35 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: Infor - Help - Authentication
I had forgotten about that page... I tried to re-create it here, but for some
reason they didn't approve it.
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Steve Moffat
Sent: Saturday, October 10, 2009 8:30 PM
To: ISA Mailing List
Subject: [isalist] Re: Infor - Help - Authentication
I know what it was called....
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of John Wilson
Sent: Saturday, October 10, 2009 8:38 PM
To: ISA Mailing List
Subject: [isalist] Re: Infor - Help - Authentication
So the customized ISA page with the spinning skull and crossbones that yelled
"Access Denied!" was pretty funny. It WAS called something else, but we won't
go into that :)
Dan, sounds like you've got stuff locked down. That's how I'd do it!
John W.
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Ball, Dan
Sent: Saturday, October 10, 2009 11:36 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: Infor - Help - Authentication
*bow*
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Thor (Hammer of God)
Sent: Friday, October 09, 2009 8:13 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Infor - Help - Authentication
Good for you - that's the way it SHOULD be done.
(And John, you didn't tell the class what happened to those people in the "Deny
All" group as you call it. And you KNOW it wasn't called that. :)
t
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Ball, Dan
Sent: Friday, October 09, 2009 12:53 PM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: Infor - Help - Authentication
Ahhhh, but all of our computers ARE on the domain, they all have reserved IPs,
they all have the Firewall Client installed, AND they are allowed through the
ISA server only if they are a member of the proper AD group. In addition, I
bring it down to the protocol level, where they have to be in the proper AD
group to use certain protocols and anyone who brings in a home computer and
tries to plug it into our network will get an IP address in a range that is
disallowed pretty much everything.
So.... They act up, they get taken out of the Web Access group, and no Internet
for them.
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of John Wilson
Sent: Friday, October 09, 2009 2:45 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Infor - Help - Authentication
Seriously, who do YOU know that dresses monkeys in clothes?
All aside, student PC's may be tough be cause they aren't joined to the domain
necessarily, so GPO cant be applied if that is the case.
But you could give that computer a DHCP reservation so it gets the same IP
everytime, and block it's IP address in ISA. Where I used to work, we had had a
group called "deny all". Just drop the user in the group (if it's Active
Directory) and they get blocked. If you don't have Active Directory, Just drop
the computer by IP in the group. Done!
John W.
________________________________
From: Thor (Hammer of God) <thor@xxxxxxxxxxxxxxx>
To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
Sent: Friday, October 9, 2009 12:19:19 PM
Subject: [isalist] Re: Infor - Help - Authentication
Yeah, but you can also steal their Facebook account data and post pictures of
naked monkeys.
t
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Ball, Dan
Sent: Friday, October 09, 2009 4:12 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: Infor - Help - Authentication
Sounds like my daily battle with student Internet access... Do you block or do
you convince them to behave? I'm lazy, so I block (but they also have an AUP).
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Thor (Hammer of God)
Sent: Friday, October 09, 2009 1:03 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Infor - Help - Authentication
Prevent them from making changes to the proxy configuration via group policy.
Or require authentication for outbound HTTP(s) at the rule or at the web proxy
network config. Better yet, write out a corporate policy outlining acceptable
use and Internet usage restrictions and have employees sign it -- If anyone
violates policy, terminate their employment with extreme prejudice.
t
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of LEANDRO DOS S. FERREIRA - TI
Sent: Thursday, October 08, 2009 1:30 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Infor - Help - Authentication
Hi All,
I have a one user and this user does not have permisson in ISA to access the
internet. If I login in a computer with webproxy and firewall client checked
this user can not access internet web. But if I un-check the webproxy , he gets
access to the internet.
I do know what happened !! A few days ago is OK. I do not know how can I block
this. I would like to prevent users to access the internet even they
un-checking the webproxy.
Only the users that have permisson can access the internet.
Can you help me ?!?!?
Regards
_______________________
Leandro dos Santos Ferreira
IT Team - Segurança da Informação
mailto:leandro@xxxxxxxxxxx
CBMM - Companhia Brasileira de Metalúrgia e Mineração
Inovar - Respeitar - Competir
Other related posts: