Desmond [mailto:[EMAIL PROTECTED]
*Sent:* Thursday, June 08, 2006 9:05 PM
*To:* ActiveDir@mail.activedir.org
*Subject:* RE: [ActiveDir] OT: Security Policy Thoughts
*They’re keeping me a little busy down at the fun factory, so I’m up
pretty late. Actually I just flew back in yesterday from
] [mailto:[EMAIL PROTECTED] On
Behalf Of Noah Eiger
Sent: Friday, June 09, 2006 12:32 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Security Policy Thoughts
Thanks all for the thoughts. I
think that the thing I will need to communicate to these folks is simply the
tradeoffs
Thanks. Ill take a look.
-- nme
P.S. Susan, I will get my nominations in order!
From: Brian Desmond
[mailto:[EMAIL PROTECTED]
Sent: Thursday, June 08, 2006
11:36 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT:
Security Policy Thoughts
NAC != .1x
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 07, 2006
10:43 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT:
Security Policy Thoughts
My suggestion is that you implement 802.1x port
auth to implement port based authentication. You can use this to implement
guest vlans
dir.org
Subject: RE: [ActiveDir] OT: Security Policy Thoughts
My suggestion is that you implement 802.1x port auth to implement port based authentication. You can use this to implement guest vlans with the policy routing you describe.
Isn't the Cisco VPN a MSI? Use Group Policy or SMS if you
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Security Policy Thoughts
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Security Policy Thoughts
My suggestion is that you implement 802.1x port auth to implement port based
authentication. You can use this to implement
, June 08, 2006 12:59 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Security Policy Thoughts
Thanks, Brian. Dont you sleep?
Its late in Chicago ;-)
802.1x is the direction they are
heading. Right now, it is cost-prohibitive. So the question is less can I
control this access
Subject: Re: [ActiveDir] OT: Security Policy Thoughts
The thing I'm not wild about with third-party clients (OSX etc.) is that
they often don't play well with security features like SMB signing - if the
Macs are hitting a Windows file server, most of the Apple documentation will
tell you to turn it off
. Is there
a feature set within the IOS that can handle this (Catalyst 29xx and 35xx) or
is it a separate device?
From: Brian Desmond
[mailto:[EMAIL PROTECTED]
Sent: Thursday, June 08, 2006 9:05
PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT:
Security Policy Thoughts
Theyre
Hi:
I am
facing some IT policy questions and wanted to get some perspectives. In each of
these areas, I am trying determine how restrictive I need to be. The client has
four sites connected over high-speed links. I have good backing from management
but will undoubtedly get resistance on
PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Noah Eiger
Sent: Thursday, June 08, 2006 12:16 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT: Security Policy Thoughts
Hi:
I am facing some IT policy questions and wanted to get some
perspectives. In each of these areas, I am
11 matches
Mail list logo