Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
642
Views
0
Helpful
1
Replies

Get around NAC from bastion hosts

oldcreek12
Level 1
Level 1

‎06-12-2012 12:33 PM - edited ‎03-10-2019 07:11 PM

Hi,

We are planning to implement 801.x with dynamic VLAN assignment such that different group will have different access policies to our internal network, however I have a basic question regarding this approach. Say users in sales group is not allowed to access HR servers, I can simply apply an ACL on sale's VLAN to block this connection, but how do I stop the connection if a sales person login to a sales server and from there to make connections to HR servers?

Labels:
0 Helpful
1 Reply 1

Tarik Admani
VIP Alumni
VIP Alumni

‎06-24-2012 12:20 AM

Are you allowing RDP access to these Sales servers? If so are you allowing access based on a shared account or are the users using their domain accounts? You can restrict remote desktop based on user groups in AD.

Here is a guide that should lock down access to your server for remote desktop -

http://www.techotopia.com/index.php/Configuring_Windows_Server_2008_Remote_Desktop_Administration#Controlling_Remote_Desktop_Access

Thanks,

Tarik Admani

0 Helpful
Customers Also Viewed These Support Documents