Re: Firewall Service Authentication
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 12 Mar 2002 06:52:04 -0800
Good one!
I'll test it specifically, but I think the logic would be:
Since the source IP is matched in the Client Address Set, user
authentication is unnecessary, saving processing time
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: <Thor@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, March 12, 2002 6:44 AM
Subject: [isalist] Firewall Service Authentication
http://www.ISAserver.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Since Tom said I had the hardest questions at Blackhat, I feel like I have
to ensure that they are all difficult ;)
To that end, I pose the following question:
Lets say you have a protocol rule to allow IP based on a client address set
(IP address), and another identical protocol rule that is based on
user/group. If a user meets both criteria, i.e, is in the client address
set and is also a member of the group-based rule, which rule is used?
AD
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBPI4UWIhsmyD15h5gEQLXbgCgr6LZIZQ9SrxNP0Qrt+G4P6gLrpoAoLmL
6eYzkH8aa0llKFb/P1AaFygg
=Q0m9
-----END PGP SIGNATURE-----
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
