Network Infrastructure

  • Thread starter Thread starter Allan M. Grafil
  • Start date Start date
A

Allan M. Grafil

Guest
Hi Guys,

Hope Im in the right group.

Im in a stage of fixing my network. This is my current setup.

1. I have an active directory server, which is mydomain.com, wherein
also my DNS and DHCP is located.
2. My subnet is 255.255.255.0

This is my idea.

1. Have these servers: (Need suggestions on these)

a. AD Server with DNS Server - is this a good practice?
b. DHCP Server with ISA Server - is this a good practice?

Other concern:

I want my network to have access limitations. Here is a scenario.

1. In our network, only managers can use their laptop to access our
network and internet. It can be wired or wireless. Unauthorized laptop
should or must not access our network. But from the way the network was
setup, they can access it through wire. I can filter the wireless using MAC
Address filter from the routers. But if they connect through wire and know
how to config TCP/IP they can easily access our network. Can this be
avoided through ISA? Is there a way to filter MAC Address through Active
Directory?

Hope you can help me on this.


Thanks in advance.

Allan
 
Re: Network Infrastructure

I would put the DHCP server with the DNS server on a DC, rather than with
ISA.

I don't think that ISA server is what you need here. It is designed to
control how your LAN machines access the Internet, not what happens on the
LAN.

You appear to be searching for a way to control unauthorised access to
your LAN, but none of the methods you suggest will do that. DHCP is designed
to make it easier for machines to get on to the network, not make it harder.
The users would not need to know how to configure the tcp/ip settings. DHCP
would do it for them. That is what it is for!

There is no way to control this through Active Directory. DHCP is a very
simple minded process. The client machine broadcasts on the LAN and the DHCP
server replies with an offer. Active directory is not involved. Trying to
keep people off your network using DHCP reservations or MAC filtering is not
the way to go.


"Allan M. Grafil" <agrafil@hotmail.com> wrote in message
news:%23vv9tFljIHA.4940@TK2MSFTNGP02.phx.gbl...
> Hi Guys,
>
> Hope Im in the right group.
>
> Im in a stage of fixing my network. This is my current setup.
>
> 1. I have an active directory server, which is mydomain.com, wherein
> also my DNS and DHCP is located.
> 2. My subnet is 255.255.255.0
>
> This is my idea.
>
> 1. Have these servers: (Need suggestions on these)
>
> a. AD Server with DNS Server - is this a good practice?
> b. DHCP Server with ISA Server - is this a good practice?
>
> Other concern:
>
> I want my network to have access limitations. Here is a scenario.
>
> 1. In our network, only managers can use their laptop to access our
> network and internet. It can be wired or wireless. Unauthorized laptop
> should or must not access our network. But from the way the network was
> setup, they can access it through wire. I can filter the wireless using
> MAC
> Address filter from the routers. But if they connect through wire and
> know
> how to config TCP/IP they can easily access our network. Can this be
> avoided through ISA? Is there a way to filter MAC Address through Active
> Directory?
>
> Hope you can help me on this.
>
>
> Thanks in advance.
>
> Allan
>
>
 
Re: Network Infrastructure

When you say you do not want them to be on the network, what do you
mean? What is it you are trying to stop? anyone can plug the cable in
a change the IP address to match the network.


In article <uoT2v0ljIHA.3940@TK2MSFTNGP05.phx.gbl> "Bill
Grant"<not.available@online> wrote:
> I would put the DHCP server with the DNS server on a DC, rather
> than with ISA.

> I don't think that ISA server is what you need here. It is
> designed to control how your LAN machines access the Internet, not
> what happens on the LAN.

> You appear to be searching for a way to control unauthorised
> access to your LAN, but none of the methods you suggest will do that.
> DHCP is designed to make it easier for machines to get on to the
> network, not make it harder. The users would not need to know how to
> configure the tcp/ip settings. DHCP would do it for them. That is
> what it is for!

> There is no way to control this through Active Directory. DHCP is
> a very simple minded process. The client machine broadcasts on the
> LAN and the DHCP server replies with an offer. Active directory is
> not involved. Trying to keep people off your network using DHCP
> reservations or MAC filtering is not the way to go.

> "Allan M. Grafil" <agrafil@hotmail.com> wrote in message
> news:%23vv9tFljIHA.4940@TK2MSFTNGP02.phx.gbl...
>> Hi Guys,

>> Hope Im in the right group.

>> Im in a stage of fixing my network. This is my current setup.

>> 1. I have an active directory server, which is mydomain.com,
>> wherein also my DNS and DHCP is located.
>> 2. My subnet is 255.255.255.0

>> This is my idea.

>> 1. Have these servers: (Need suggestions on these)

>> a. AD Server with DNS Server - is this a good practice?
>> b. DHCP Server with ISA Server - is this a good practice?

>> Other concern:

>> I want my network to have access limitations. Here is a scenario.

>> 1. In our network, only managers can use their laptop to access
>> our network and internet. It can be wired or wireless. Unauthorized
>> laptop should or must not access our network. But from the way the
>> network was setup, they can access it through wire. I can filter
>> the wireless using MAC
>> Address filter from the routers. But if they connect through wire
>> and know
>> how to config TCP/IP they can easily access our network. Can this
>> be avoided through ISA? Is there a way to filter MAC Address
>> through Active Directory?

>> Hope you can help me on this.

>> Thanks in advance.

>> Allan




--
I'm trying a new usenet client for Mac, Nemo OS X.
You can download it at http://www.malcom-mac.com/nemo
 
Re: Network Infrastructure


This is what I understand the question to be:

"I want to restrict rogue systems to have access to servers on my
network, only systems that I allow to have access should be able to
'logon to the network'."

This can be done through IPSec policies in combination with Group
policies, but it's too much to explain in a simple E-Mail, hit the
books! It is discussed in the 70-291 exam and even more detailed in the
70-293 MCSE exam.


/ ) Regards,
/ /_________
_|__|__) Paul Weterings
/ (O_) http://www.servercare.nl
__/ (O_)
____(O_)


Craig wrote:
> When you say you do not want them to be on the network, what do you
> mean? What is it you are trying to stop? anyone can plug the cable in
> a change the IP address to match the network.
>
>
> In article <uoT2v0ljIHA.3940@TK2MSFTNGP05.phx.gbl> "Bill
> Grant"<not.available@online> wrote:
>> I would put the DHCP server with the DNS server on a DC, rather
>> than with ISA.
>
>> I don't think that ISA server is what you need here. It is
>> designed to control how your LAN machines access the Internet, not
>> what happens on the LAN.
>
>> You appear to be searching for a way to control unauthorised
>> access to your LAN, but none of the methods you suggest will do that.
>> DHCP is designed to make it easier for machines to get on to the
>> network, not make it harder. The users would not need to know how to
>> configure the tcp/ip settings. DHCP would do it for them. That is
>> what it is for!
>
>> There is no way to control this through Active Directory. DHCP is
>> a very simple minded process. The client machine broadcasts on the
>> LAN and the DHCP server replies with an offer. Active directory is
>> not involved. Trying to keep people off your network using DHCP
>> reservations or MAC filtering is not the way to go.
>
>> "Allan M. Grafil" <agrafil@hotmail.com> wrote in message
>> news:%23vv9tFljIHA.4940@TK2MSFTNGP02.phx.gbl...
>>> Hi Guys,
>
>>> Hope Im in the right group.
>
>>> Im in a stage of fixing my network. This is my current setup.
>
>>> 1. I have an active directory server, which is mydomain.com,
>>> wherein also my DNS and DHCP is located.
>>> 2. My subnet is 255.255.255.0
>
>>> This is my idea.
>
>>> 1. Have these servers: (Need suggestions on these)
>
>>> a. AD Server with DNS Server - is this a good practice?
>>> b. DHCP Server with ISA Server - is this a good practice?
>
>>> Other concern:
>
>>> I want my network to have access limitations. Here is a scenario.
>
>>> 1. In our network, only managers can use their laptop to access
>>> our network and internet. It can be wired or wireless. Unauthorized
>>> laptop should or must not access our network. But from the way the
>>> network was setup, they can access it through wire. I can filter
>>> the wireless using MAC
>>> Address filter from the routers. But if they connect through wire
>>> and know
>>> how to config TCP/IP they can easily access our network. Can this
>>> be avoided through ISA? Is there a way to filter MAC Address
>>> through Active Directory?
>
>>> Hope you can help me on this.
>
>>> Thanks in advance.
>
>>> Allan
>
>
>
>
>
 
Re: Network Infrastructure

You can easily create a rule in ISA server to prevent some users from
accessing the internet, just create an OU in AD and select that when you
create the rule in ISA server.

On the other part of your question; why would you want to prevent some users
from accessing your LAN (as you say "our network")?




"Allan M. Grafil" <agrafil@hotmail.com> wrote in message
news:%23vv9tFljIHA.4940@TK2MSFTNGP02.phx.gbl...
> Hi Guys,
>
> Hope Im in the right group.
>
> Im in a stage of fixing my network. This is my current setup.
>
> 1. I have an active directory server, which is mydomain.com, wherein
> also my DNS and DHCP is located.
> 2. My subnet is 255.255.255.0
>
> This is my idea.
>
> 1. Have these servers: (Need suggestions on these)
>
> a. AD Server with DNS Server - is this a good practice?
> b. DHCP Server with ISA Server - is this a good practice?
>
> Other concern:
>
> I want my network to have access limitations. Here is a scenario.
>
> 1. In our network, only managers can use their laptop to access our
> network and internet. It can be wired or wireless. Unauthorized laptop
> should or must not access our network. But from the way the network was
> setup, they can access it through wire. I can filter the wireless using
> MAC
> Address filter from the routers. But if they connect through wire and
> know
> how to config TCP/IP they can easily access our network. Can this be
> avoided through ISA? Is there a way to filter MAC Address through Active
> Directory?
>
> Hope you can help me on this.
>
>
> Thanks in advance.
>
> Allan
>
>
 
Re: Network Infrastructure

Hi guys,

Thanks for your reply.

I'm sorry if my query confuses you. Just to explain further:

1. SERVERS (NEEDED)

- AD with DNS with DHCP Server - Need for authentication/DNS
resolution and IP traffic
- ISA for proxy server

* I'll be taking your suggestion here BILL.

2. SECURING my Network

Based from your some replies the servers mentioned above will not
answer my query and I think I'll follow PAUL on this..HIT the BOOKS :).
Thanks guys this is a big help.

If there are other suggestions still post your message, it will still be a
big help.


CHEERS,

Allan

"Allan M. Grafil" <agrafil@hotmail.com> wrote in message
news:%23vv9tFljIHA.4940@TK2MSFTNGP02.phx.gbl...
> Hi Guys,
>
> Hope Im in the right group.
>
> Im in a stage of fixing my network. This is my current setup.
>
> 1. I have an active directory server, which is mydomain.com, wherein
> also my DNS and DHCP is located.
> 2. My subnet is 255.255.255.0
>
> This is my idea.
>
> 1. Have these servers: (Need suggestions on these)
>
> a. AD Server with DNS Server - is this a good practice?
> b. DHCP Server with ISA Server - is this a good practice?
>
> Other concern:
>
> I want my network to have access limitations. Here is a scenario.
>
> 1. In our network, only managers can use their laptop to access our
> network and internet. It can be wired or wireless. Unauthorized laptop
> should or must not access our network. But from the way the network was
> setup, they can access it through wire. I can filter the wireless using
> MAC
> Address filter from the routers. But if they connect through wire and
> know
> how to config TCP/IP they can easily access our network. Can this be
> avoided through ISA? Is there a way to filter MAC Address through Active
> Directory?
>
> Hope you can help me on this.
>
>
> Thanks in advance.
>
> Allan
>
>
 
Back
Top