Date: Fri, 21 Sep 2001 10:53:21 +1000 From: Stanley Hopcroft <Stanley.Hopcroft@IPAustralia.gov.au> To: FreeBSD-Security@FreeBSD.ORG Subject: Policy based routing/restricting access __inside__ ones net.. Message-ID: <20010921105320.A6282@IPAustralia.Gov.AU>
next in thread | raw e-mail | index | archive | help
Dear Ladies and Gentlemen, I am writing to ask for advice about providing profile dependent access to subsets of ones internal network. The context is having third parties access the network for maintenance. Once they get logged in on the host they are hired to maintain, how can I prevent them accessing other hosts while allowing __some__ access to others they may need for problem resolution ? (given that both sets of hosts can be specified) Can a Kerberos realm enforce access profiles such as these (and then if they were forced to use only kerberised applications, grant them tickets for access to some hosts only) ? Can ipfilter/ipfw provide ACLs depending on user ? The access could include Solaris/FreeBSD/AIX servers as well as MS Win NT ... Thank you, Yours sincerely. -- ------------------------------------------------------------------------ Stanley Hopcroft IP Australia Network Specialist +61 2 6283 3189 +61 2 6281 1353 (FAX) Stanley.Hopcroft@IPAustralia.Gov.AU ------------------------------------------------------------------------ The study of non-linear physics is like the study of non-elephant biology. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010921105320.A6282>