Home page logo
/

basics logo Security Basics mailing list archives

RE: AD Aware Firewall/Proxy device
From: "Steven Jones" <Steven.Jones () vuw ac nz>
Date: Tue, 28 Feb 2006 15:47:57 +1300

Websense will do this, nice gui interface, server side runs on Windows
or Linux. Works with Squid or ISA.

www.websense.com

local Desktop gui to the remote server side.

Websense is supposed to do lots of reporting, this will need a decent
database like SQL/mySQL as the backend though (we don't use that bit at
present).

The cost will hurt I suspect, we have an educational price and its still
painful, to the extend we have a fortinet firewall and will probably be
installing the fortinet addon instead, something like $1500 a year v
$30,000.

Regards

Steven

-----Original Message-----
From: Jeff Britton, Monitored Security
[mailto:jeff.britton () monitoredsecurity com] 
Sent: Tuesday, 28 February 2006 4:48 a.m.
To: Steveb () tshore com; security-basics () securityfocus com
Subject: RE: AD Aware Firewall/Proxy device

I've had very positive experiences with the Surfcontrol product on top
of ISA.  This allows you to block/allow Internet access on all types of
levels (AD groups, specific AD users and by IP address as well.)  The
cost could be a problem, but from what I see, meets every one of your
needs.

www.surfcontrol.com

Jeff

-----Original Message-----
From: Steveb () tshore com [mailto:Steveb () tshore com]
Sent: Saturday, February 25, 2006 11:30 AM
To: security-basics () securityfocus com
Subject: AD Aware Firewall/Proxy device


Hi all,

We are primarily a Windows and Mac shop.  We're currently running
Microsoft's ISA server 2000 in a Windows 2000 AD environment.  While
other firewalls are in place at the parameter to control incoming
traffic, we use the ISA server to control user access to the web.  

The one thing that I like about the ISA server is that it integrates
with Active directory to allow per user access to the Internet.  What I
don't like about it, though, is it's lack of manageability and reporting
without third party tools (that further bloat an already over-bloated
product).  

Can anyone suggest a lightweight, yet powerful firewall device that will
allow us to control employee access to the internet based upon AD
username, machine IP address, and destination websites?  I know that
there are a bunch out there but I've come to trust many of you here and
I'd love to hear your experiences and opinions.

Thank you,

Steve Bostedor
Bozteck President
http://www.vncscan.com


------------------------------------------------------------------------
---
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting
experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity
Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


------------------------------------------------------------------------
---
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting
experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity
Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]