How to Block Thin Client Access

Hi,

if those are the only users on your terminal server then you can:

1. use proxy to block/ allow access (e.g   squid proxy - free to use)
2. use your firewall to allow/deny access from lan to wan with exceptions.
3. disable DNS and use hosts file from windows terminal to set resolution to those address.

what kind of firewall are you using ?
do you have internal DNS?
do you use proxy?


post back I will guide you..

Hope it helps,

G

thin client are located at remote side which are connected behind the firewall Cisco 881 which is connected to Hub side with IPSec Tunnel . now proxy we are using is configured in Cisco 881 which is using cisco scansafe proxy service .

proxy point the internet traffic to internal proxy servers and all user are authenticated through ldap policies created in domain controllers ... since these thin client machines are not created on domain users , they are not using any proxy and for this reason they go to internet .

i am not sure how thin client can be configured to configure proxy settings , user created on thin client are not admin users even , or even they are admin, what can be the way to block their internet access ,

if those thin client were using domain users , we could add those users in internet group which later would be authenticated in cisco cloud security .

proxy point the internet traffic to internal proxy servers and all user are authenticated through ldap policies created in domain controllers ... since these thin client machines are not created on domain users , they are not using any proxy and for this reason they go to internet .

forbid any web traffic on your firewall that does NOT come from the proxy/proxies. you should do this anyway to achieve proper security.

this does not provide the solution as this is designed as per internal design of the enterprise . the remote to hub internet connectivity is entirely different way and we discussed this with Cisco  who is providing this solution . they would come up with a service to resolve this .

" proxy in 881 point the internet traffic to Cloud proxy servers and all user are authenticated through ldap policies created in domain controllers ... since these thin client machines are not created on domain users , they are not using any proxy and for this reason they go to internet  "

above is a correct explanation

i am closing this questions as no possible answer is having sufficient information for solution i am looking forward however there were some insight information . i will distribute the marks however .

I havent opted any solution as we are using Cisco Scansafe service and they provided a viable solution for this .