General discussion

Locked

Have YOU heard of this?

By robert.marsh ·
I have 50 stations with 1 user that THINKS he's brilliant but knows just enough to....well, YOU know! Apparently, My Cisco PIX515 was not sufficient enough for him so he chose to download and install a free 'home' firewall ware from Sygate(?). Preparing to install another server, I pinged some addresses to confirm consecutive ip addys. I hit his addy and got 'Request Timed Out'. Checked my database. I was correct. Pinged it again. I called to ask if his station was on. "Yes." Had him confirm ip addy in nethood. "Yep." When I visited his station, he wanted to know what I was looking for. i told him i couldn't see his machine. "Oh! that's my firewall." ;-( Now, as I was pinging away, I was also logged on to two of my servers AS ME, running some maintenance. That crap he had boxed out my station and both servers from the rest of the network.
BESIDES changing out NICs, any suggestions on how that ware did it? Registry on PDC or 3 machines logged on as ME? I've talked toeveryone I know and folks are stumped on this one

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

CHARGE HIM!

by GM In reply to Have YOU heard of this?

CHARGE MR POKEMAN FOR THE TIME AND PRODUCTS IT TAKES TO FIX THE SYSTEM. THEN PUT IN PLACE A COMPANY POLICY THAT PROHIBITS SUCH STUFF. I LIKE ITECHS THAT THINK OUT OF THE BOX BUT YOUR GUY HAD HIS HEAD IN A BOX. I EMPATHIZE WITH YOU ON THIS ONE.SORRY I DONT HAVE MORE FOR YOU.

GM

Collapse -

GOT ONE 4 U!

by GM In reply to CHARGE HIM!

SORRY I SPACED THESE GUYS THEY MAY BE ABLE TO HELP.

ASK/EMAIL DIGITAL DAN AT THIS SITE. HE LOVES THESE KINDS OF CHALLENGES AND MAY EVEN DO A COLUMN ON IT.

www.computoredge.com

YOU CAN ALSO GET THIS MAG FOR FREE. ITS A GREAT ADDITION TO THE LIBRARY AND ITS PACKED WITH INFO.

GM

Collapse -

by orion In reply to Have YOU heard of this?

I saw this happen once on an AS/400. The user was trying to set up IP Filtering so he defined his rules (i.e., allow 1xx.xx.xx.x thru 2.xx.xx.xx.x but deny 2222.222.22.22. thru 44.33.44.33) (or whatever...you get the idea). The problem was that theIP Filter rules are evaluated from top to bottom. And in his case, he denied EVERYTHING withing a certain IP address grouping before allowing those in his company to get through. What happened then was that everyone else on the network with IP addresses that fell in that range (and it turned out to be most of them) were blocked out.

I'd suspect something similar happened with your user's Acme-firewall product.

Collapse -

by mrafrohead In reply to Have YOU heard of this?

I'm new at this stuff, but have a little bit of experience...

and I mean a little bit...

Are you asking why you couldn't see his computer, or why you got logged out of the network? If it's the first, I can help, if it's the second I will beworthless to you at this time.

If you want to, let me know

mrafrohead
@yahoo.com

Collapse -

Not sure, but....

by jabbott In reply to Have YOU heard of this?

I have used this product at home. It's Sygate Personal Firewall. I believe you will find some useful info here: http://download.cnet.com/downloads/0-10105-100-7238101.html?tag=st.dl.10001-103-1.lst-7-1.7238101

There is a description of the product and a site to contact for support. Good Luck!

Collapse -

Technical and Policy solution needed

by davidpmartin In reply to Have YOU heard of this?

You have a PIX 515 and you let anyone load more software??? That's something you need to fix - but first the technical solution.

The Sygate firewall is set up to block all incoming traffic for all protocol on all incoming ports - that's how most of the "cheap" home firewalls work. This includes the protocol that ping utility uses (ping uses the IMCP protocol).
It works great if you are using it at home (although I would still use a hardware only solution at home), but with a PIX on your network there is NO REASON WHATSOEVER to use a software firewall on any machine (I am assuming you have the PIX set up correctly).

I don't understand why ANY of your users outside of the domain admin can load any non-approved software on their machine. We have a policy that NO ONE does it here, and we back it up by 1)making sure that anyone logged on as a user doesn't have the rights or permissions to install software and 2) users don't have the run command on their desktop. You MUST take away the right of an average user to install software - or you will NEVER have configuration control of the LAN.

BTW, I manage 98 NT clients, 8 NT servers, 7 Solaris Servers, 1 PIX 520 Firewall, and 2 CISCO routers. We have only 5 people who have domain admin privileges - all are in the computer shop - and only myself and one other person ever use them.

Hope this helps. Get RID of the software firewall!!!

Dave

Back to Security Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums