?
Solved

denying access to mac addresses in isa 2000

Posted on 2006-05-17
7
Medium Priority
?
283 Views
Last Modified: 2010-04-08
We have an isa server 2000 box on our network and we want to prevent students from accessing it with their wireless laptops.  Their laptops are authenticated on our network by IAS server acting as a RADIUS server through EAP-TLS certificate based authentication.  I set the students laptops up myself and used a DHCP reservation to ensure their IP address was within a certain range.  I then denied access to addresses within this range to the proxy server.  

The problem is one of the kids got smart and discovered that if they change their IP address to a static address outside of the denied range they can access the internet.  We have an ISA 2004 box which allows us to restrict based on windows groups but the ISA 2000 box does not seem to do this.  I initially thought about editing IAS server to ensure that only a given IP address range could be authenticated but then realised that of course authentication occurs before a network address is given.

Is there perhaps a way of blocking MAC addresses if they do not have a specific IP address on the network.  All servers run Windows 2003.

Any help would be appreciated.
0
Comment
Question by:swinfield
  • 4
  • 2
6 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16701935
In ISA2000, you need the ISA firewall client installed to use user/group based policies.
The standard client set is based on ip address but does not associate a MAC with that IP
0
 

Author Comment

by:swinfield
ID: 16706942
Thanks Keith.  I assumed that it may be something like that to pick up the usergroups but wasn't 100% sure.  

Do you know of any other way I can fix this problem as the students would likely uninstall the client to get around it.  I am looking more for something server side.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16712010
Haven't left you; just reading a couple of articles.
0
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

 

Author Comment

by:swinfield
ID: 16712372
Many thanks for your efforts Keith.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 1500 total points
ID: 16712546
http://www.microsoft.com/technet/prodtechnol/isa/2000/deploy/isafaqin.mspx

OK, the very first couple of lines confirms that ISA 2000 needs the fw client to make use of the AD for groups etc.

I cannot find a way of doing this which is ridiculous. For my own clients that are on ISA2000 we use group policy to lock the IE proxy settings and the network control panel so that they cannot 'misbehave'. however, if this is the students own equipment, this would be impossible to enforce.

The fact that they are already authenticated as valid users is a real stumbling block.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16926687
Thank you :)
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses
Course of the Month14 days, 9 hours left to enroll

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question