One of the recent questions here in the SeachWindowsSecurity.com ITKnowledge Exchange was stated the poster had blocked email services with a Proxy server so that internal employees could not obtain yahoo, AOL, and other external sources of security threats and the poster wanted further support in blocking FTP websites or locations. I know that in many enterprises FTP might be used internally so I suggested the implementation of IPSec to protect the enterprise from such a vulnrability. Having just completed a University course on the deployment of IPSec using Windows Server 2003 and implementing such a deployment using AD and GPOs and group policy much of my information is biased on that platform. Are there similar implementations and deployment strategies using other platforms such as Apple's Mac OSX, Linux and Unix to name a few?
I provided the following documentation to support my claim of using IPSec with Group Policy in AD.
This article covers many platform independant issues in IPSec enterprise deployment as well as Microsoft specific guidelines and best practices.
This article discusses general troubleshooting techniques to determine the appropriate segments and issues in IPSec policy development with a strong background in Microsoft Technical support Tier 1, 2 and 3 involvement and specific fallibilities of the Microsoft NOS implementations with error messages on IPSec implementation and deployment.
Again, what would help a person who wanted to block external FTP usage in the enterprise without blocking out the remaining protocols and system isolation of the internet. Comments and feedback graciously accepted.
August 24, 2005 2:44 PM
August 25, 2005 9:45 AM