Security Basics mailing list archives

RE: Limit internet access

From: "Brandon Lockhart" <blockhart () numbersix com>
Date: Wed, 4 Aug 2004 14:14:12 -0400

Guillome,
        This all depends on your current setup.  If you are using DHCP
and Active Directory, I would recommend setting up reserved DHCP Leases
for the computers you wish to limit.

        I would then configure the user accounts to only be able to
authenticate from the machines these DHCP leases are active for.

        Finally to complete the process, I would setup a rule in your
firewall that would deny these ranges of IP's from accessing any outside
connection, and then specifically allow these 4 - 5 sites.

        This will also allow you to do time restrictions depending on
your firewall.

        For example, I have 15 training room PC's here.  They are all
getting static IP's through DHCP and MAC address reservations.  I then
have the firewall setup to deny Internet traffic between 9am and 5pm,
but allow traffic between noon and 1pm.  This allows users in the
training lab to access the Internet during their breaks, but the
teachers don't have to worry about people randomly surfing around during
training sessions.

        Make sense?

        Hope this helps.

        Brandon Lockhart

-----Original Message-----
From: Guillome Main [mailto:guillome.main () axelero hu] 
Sent: Tuesday, August 03, 2004 4:17 AM
To: security-basics () securityfocus com
Subject: Limit internet access

Hi,

Do you know any way where I could limit the access of specified users to
specified site, either intra or internet? Any group policy solution? Or
desktop firewall solution?
I have a couple users that are only authorized to access 4-5 sites
within
the company and outside. How could it be done safely and easily?

Thanks



Ez a level virusellenorzesen esett at!

This message was checked against viruses!



------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

Limit internet access Guillome Main (Aug 04)
- Re: Limit internet access Gabriel Orozco (Aug 04)
- Re: Limit internet access Andy Silva (Aug 04)
- Re: Limit internet access mike (Aug 04)
- Re: Limit internet access Chet Olszewski (Aug 04)
- <Possible follow-ups>
- RE: Limit internet access Andrew Shore (Aug 04)
- RE: Limit internet access Marcelo Villalón Mendez (Aug 04)
- RE: Limit internet access Brandon Lockhart (Aug 04)