ISA / Websense and AD securtiy groups

pma111
pma111 used Ask the Experts™
on
I have very little knowledge on how corporate web proxys and web filters operate, but my domain account is a member of a group called risk-internet. So I assume the security group is added somewhere to give me internet access. Would that group typically be added somewhere in websense or somewhere in ISA. If I wanted to see every member of staff who can use the internet would the groups be in ISA or in Websense.

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
IT Administration
Commented:
Your first stop will be ISA as it is the firewall and controlling all the internet access. It is there you will be able to see the rules and policies of who or which group has what level of access to the internet.

*Websense* I don't know it so I will not give false info.

Author

Commented:
Are there any specific reports in ISA that can give us this information? I.e. where can this info be located and output into something management freindly...
Sikhumbuzo NtsadaIT Administration

Commented:
You would need to log in to the ISA server first either by Remote Connection, then start the "ISA Server Management" once you are in there you would be able to see the Users, Policies and groups.

You should be able to right click on Fire Wall Policy and Export the configuration for your perusal and then see who has what access.
You can control access to the Internet using ISA based on user authentication with the web access policy.

You would have to use ISA server to locate which rule processes Internet access, you then bind the rule to a specific user group?

Websense can also function in such a manner, which one are you using for Internet Access - Websense or ISA?

If you would like to know which users can access the Internet, it is Important that you understand which path does the traffic take to the internet.

Author

Commented:
Are you a websense admin simon? thanks
Commented:
Hi,

You will have to add the group to both ISA and Websense. ISA gives and controls access, but ISA control is protocol based and have som eother features. Websense will control filtering, categories users are allowed to visit, and have unmatched reporting capabilities, with url, category, bandwidth used, scheduled reports that runs automatically, send by email,...

Ehab
I have to somewhat disagree with this,

- ISA can authenticate users if it runs as a proxy,
- ISa also has URL filtering, even some simple category filters, that you can import: http://www.isaserver.bm/destination_sets.html
- It cannot check for malware in the traffic

I agree with:

- Websense has better reporting than ISA's builtin
- It also allows some nice features such as a time quota for Internet Access,

But In my opinion it's not very efficient to use both, either use one or the other...

Author

Commented:
Simon you may wish to join in this thread too:

http://www.experts-exchange.com/Security/Misc/Q_27683346.html

Commented:
- ISA can authenticate users if it runs as a proxy:
I did not say ISA will not authenticate users, in fact to get most out of Websense with ISA you have to use ISA as a proxy as well.
- ISA also has URL filtering, even some simple category filters, that you can import...
From my experience. ISA URL filtering is useless.
Well yes, ISA does not have a very strong category filtering.

But honestly I really don't see a point in using both Websense and ISA together. Especially from a cost standpoint..

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial