CIFS Authentication - Network

This is a discussion on CIFS Authentication - Network ; What is the best way to protect CIFS from domain users who connect an unauthorized laptop to the domain? I'm thinking of just setting up integrity checking on ports 137,139,445 before any client can connect. Anyone know of a better ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: CIFS Authentication

  1. CIFS Authentication

    What is the best way to protect CIFS from domain users who connect an
    unauthorized laptop to the domain?

    I'm thinking of just setting up integrity checking on ports 137,139,445
    before any client can connect.

    Anyone know of a better way to make sure that the machine and user principal
    BOTH authenticate before the server gives away any resources?

  2. Re: CIFS Authentication

    You can do this in Win2000+ using IPsec to enforce machine authentication
    via Kerberos/Cert/PreSharedKey and user permissions on the folder itself to
    restrict access to the data on a per user basis.

    For a more broad machine-wide restriction, you could modify the machine's
    "Access this computer from the network right" via local or domain group
    policy to restrict access to only 'Authenticated Users.' Auth Users
    restricts access to only authenticated machines and users, and when combined
    with IPsec authentication, that access right is a nice way to restrict
    access to the system in general...

    In Win Vista and Srv2008, this level of machine + user authentication has
    been integrated into a new protocol called authenticated IP (extension to
    IKE/IPsec). With this implementation you can implement a very basic IPsec
    policy that uses machine and user authentication and combine it with
    authenticated Windows Firewall rules to restrict access to the applications,
    services, ports, protocols or IP's that you want.

    Intro to Windows Firewall with Advanced Security
    http://www.microsoft.com/downloads/d...displaylang=en

    Step by Step Guide for Deploying Policies with Windows Firewall with
    Advanced Security
    http://go.microsoft.com/fwlink/?LinkID=102503

    More References:
    http://technet.microsoft.com/en-us/n.../bb545651.aspx


    Thanks,
    Jason

    "fixitchris" wrote in message
    news:E091FE11-EC26-4FD1-A532-15E7233B5469@microsoft.com...
    > What is the best way to protect CIFS from domain users who connect an
    > unauthorized laptop to the domain?
    >
    > I'm thinking of just setting up integrity checking on ports 137,139,445
    > before any client can connect.
    >
    > Anyone know of a better way to make sure that the machine and user
    > principal
    > BOTH authenticate before the server gives away any resources?



+ Reply to Thread