Chiming in on the machine based filtering - Windows 2K and XP have an IPSec filter that you can configure to drop, permit or negotiate security based on IP, DNS, ect. With a little creativity, you can configure the box so it can talk to the rest of the world, but the rest of the world can't initiate conversation with it. And - for your blessed few that are permitted to initiate traffic to the 'secret box' you can use certificates or preshared keys to negotiate security and allow communication. There are a few things that can't be secured with IPSec - IKE for example - but unless your goal is to completely hide the machine IPSec filters should do the trick. Frankly, I think IPSec in W2K rocks, but that's just me.
And a nice host based IDS from Cisco, of course. ;) Yes, you could 'hide' the machine based on IP address and access lists, but this is (in my opinion) a very poor and not very secure design. TTFN, Bill Pearch, Anchorage AK -----Original Message----- From: Ken Diliberto [mailto:[EMAIL PROTECTED]] Sent: Saturday, February 09, 2002 2:31 PM To: [EMAIL PROTECTED] Subject: Re: hiding an computer ( ip address ) using access list [7:34991] Beth, My choice would be filtering on the machine. If you're using UNIX, there are several IP filtering (and free) products. You could also tailor the routing table in the machine to only allow it to find your other machine. Why tax the router? Ken >>> "beth" 02/09/02 04:01PM >>> I am adding a computer to my network that i do not want accessible via network to anyone but myself. Can someone suggest best ways to do this, is this possible on the router level via access list? [GroupStudy.com removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35008&t=35008 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
