RE: Control Access to Internet.

From: Church, Chuck (cchurch@wamnetgov.com)
Date: Sat Mar 06 2004 - 12:31:12 GMT-3

• Next message: HP-France,ex2: "RE: Lab 3 Task 6.11 and 6.12"
• Previous message: Masoud, Alaa: "RE: Control Access to Internet."
• Maybe in reply to: Kenneth Wygand: "RE: Control Access to Internet."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Since we're talking about other vendors now, you might want to try
Novell's BorderManager. It'll let you assign certain internet rights
(FTP, HTTP, etc) based on the user login to the server. It's got pretty
good logging functionality. Then again, if you just want access
control, why not combine a Pix with an ACS server? ACS with Pix will
let you do 'downloadable ACLs', at least it does from the outside in via
VPN tunnels. I'm assuming it'll do the same with outbound traffic.

Chuck Church
CCIE #8776, MCNE, MCSE
Wam!Net Government Services
13665 Dulles Technology Dr. Ste 250
Herndon, VA 20171
Office: 703-480-2569
Cell: 703-819-3495
cchurch@wamnetgov.com
PGP key:
http://pgp.mit.edu:11371/pks/lookup?op=index&search=cchurch%40wamnetgov.
com

> -----Original Message-----
> From: Masoud, Alaa [mailto:alaa.masoud@hp.com]
> Sent: Saturday, March 06, 2004 10:20 AM
> To: Nguyen Hoang Long; Kenneth Wygand; ccielab@groupstudy.com
> Subject: RE: Control Access to Internet.
>
>
> Hi again,
>
> ok, can websense do the accounting part? I mean I want the
> application to record the amount of time for each user using
> the internet. Also which applications can be used, e.g. user
> A can browse the internet but not use FTP. can websense do
> that? if not then what do you guys suggest??
>
> Alaa.
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On
> Behalf Of Nguyen Hoang Long
> Sent: Mon, March 01, 2004 21:41
> To: Kenneth Wygand; ccielab@groupstudy.com
> Subject: Re: Control Access to Internet.
>
>
> Kenneth,
> Agree with you that Websense can support all kind of internet
> traffic, but that's for Websense itself only. To block/manage
> traffic, a network equipment ( Firewall, Proxy, or Webcache)
> will have to take part in, and the network equipment should
> also support filtering with all kind of traffic.
>
> Have you check the configuration on the Websense Partner
> products such as PIX fw ( the 'filter' command). There's only
> support for http/s/ftp ( at this moment at least):
> http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_
> sw/v_63/cmdref
> /df.htm#1039734
> When PIX works with N2H2, even HTTPS & FTP are not supported.
>
> maybe in future, Cisco PIX will provide other protocols.
>
> Long
> www.vn-experts.net.vn
>
> ----- Original Message -----
> From: "Kenneth Wygand" <KWygand@customonline.com>
> To: "Nguyen Hoang Long" <ng-hlong@hn.vnn.vn>; "Todd
> Veillette" <tveillette@myeastern.com>; "Masoud, Alaa"
> <alaa.masoud@hp.com>; <ccielab@groupstudy.com>
> Sent: Monday, March 01, 2004 8:47 PM
> Subject: RE: Control Access to Internet.
>
>
> > Nguyen,
> >
> > This is not true. While I'm not 100% sure about N2H2,
> Websense has an
> > additional Protocol Management feature which can classify
> and control
> > all sorts of Internet traffic:
> >
> > <snip>
> > With the Protocol Management feature, Websense EIM can
> filter Internet
> > protocols other than HTTP. This includes protocols,
> applications, or
> > other data transfer methods such as those used for instant
> messaging,
> > streaming
> > media, file sharing, file transfer, Internet mail, and various other
> > network or database operations.
> > </snip>
> >
> > Kenneth E. Wygand
> > Systems Engineer, Project Services
> > CISSP #37102, CCNP, CCDP, ACSP, Cisco IPT Design
> Specialist, MCP, CNA,
> > Network+, A+
> > Custom Computer Specialists, Inc.
> > "The only unattainable goal is the one not attempted." -Anonymous
> >
> > -----Original Message-----
> > From: Nguyen Hoang Long [mailto:ng-hlong@hn.vnn.vn]
> > Sent: Monday, March 01, 2004 12:04 AM
> > To: Kenneth Wygand; Todd Veillette; Masoud, Alaa;
> > ccielab@groupstudy.com
> > Subject: Re: Control Access to Internet.
> >
> > Kenneth,
> >
> > Websense/n2h2 solution will allow you to control Http/https/ftp
> > traffic only. Here he wants to control all kind internet traffic. I
> > would think of Netflow
> > as billing method with either 'lock-and-key' or
> 'authentication-proxy'
> > as
> > the Controlling one.
> >
> > Vietnam CCNA/CCNP/CCIE bootcamp
> > www.vn-experts.net.vn
>
> ______________________________________________________________
> _________
> Please help support GroupStudy by purchasing your study
> materials from: http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________
> _________
> Please help support GroupStudy by purchasing your study
> materials from: http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: HP-France,ex2: "RE: Lab 3 Task 6.11 and 6.12"
• Previous message: Masoud, Alaa: "RE: Control Access to Internet."
• Maybe in reply to: Kenneth Wygand: "RE: Control Access to Internet."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Apr 01 2004 - 08:15:16 GMT-3