Home page logo
/

basics logo Security Basics mailing list archives

Re: FW: block internet at two workstations
From: "Jerry M. Howell II" <jmhowell () jmhowell com>
Date: Wed, 7 May 2003 22:53:23 -0600

On Wed, May 07, 2003 at 10:43:36AM -0500, Lee Burleson wrote:
That was a good suggestion, IMO.

If the security is set up properly on the workstations, the users should not 
have permissions to modify the default gateway or set static routes.

However if, for some reason, you have a proxy server that is on the local 
network, the user would still be able to point the browser at it and be home 
free.  To solve this, you would set permanant static routes that nullify 
that kind of access.  Again, user privliges will not allow modification of 
your changes.

Heck, if you don't have local resources that the machines need to access, 
you could just disable the NIC!  Or even remove it!

Can you just set up 2 subnets. One that has the 8 that need access to
the net and one that only has access to the local subnets? Might be a
little over simplified but that would be my first choice.
-- 
Jerry M. Howell II

---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most 
recognized corporate security certification track, provides a comprehensive 
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case 
studies and true hands-on utilization 
of pertinent security tools. For a limited time you can enter for a chance 
to win one of the latest technological innovations, the SEGWAY HT. 
Log onto http://www.securityfocus.com/FastTrain-security-basics 
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]