Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Prevent Double Login
  •  
crown2000

Messages: 10
Karma: 0
Send a private message to this user
Hi everybody

Is there any way (Rule) to prevent (deny) double login.

That mean the user can not login from different pc with same username.

http://www.ask-pcup.com/uploads/1211563205.jpg

[Updated on: Fri, 23 May 2008 18:12]

  •  
raytaylor

Messages: 20
Karma: 0
Send a private message to this user
would be a good feature.

Only way i can see it being done at the moment is by reserving the users computer with a static ip address and setting the automatic login from their computer. Change their password so they dont know it - which they wouldnt need to know anyway because its automatic unless they had usage quotas to look at.
  •  
crown2000

Messages: 10
Karma: 0
Send a private message to this user
Hi raytaylor

Thanks for the answer, i appreciate that, But realy i know it.

What i am looking for some thing like this:

http://www.ask-pcup.com/uploads/1211655076.jpg



Best Regards

[Updated on: Fri, 23 May 2008 18:16]

  •  
Night Shadow

Messages: 48
Karma: 0
Send a private message to this user
i have same problem ..

and if i make user auto login ...it is easy for hacker to connect to my wireless network ..they can pass my MAC Filter and WEB Key ..

only the way to stop this its to make rule or option to block by host name ( computer name )
  •  
nar666

Messages: 18
Karma: 0
Send a private message to this user
when you define a user you can add the mac of the lan user its the best methode to avoid this problem

nawar_com<_a.t_>yahoo.com
the sun

the sun
  •  
Night Shadow

Messages: 48
Karma: 0
Send a private message to this user
for bad lucky winroute didnot have MAC Filter ...


hope in next version there is ..

thanks..
  •  
an2ny79

Messages: 109
Karma: 2
Send a private message to this user
Yeah.. MAC filter is good way to filter connection. Right now KWF only filter IP. If client changed their IP, that would be a problem...

For me I did this...
Im using Win2003 Active Directory

I restricted user to change IP number.

To prevent them from changing MAC (for advance only), I lower down their Privilege under my domain

I set KWF as DHCP then reserve IP base on their MAC

That's it...

Active Directory + KWF = Good combination Smile
  •  
lukalexandre

Messages: 9
Karma: 0
Send a private message to this user
I have the same problem! I need this feature in Kerio Winroute. The KERIO can implement this ??
  •  
nar666

Messages: 18
Karma: 0
Send a private message to this user
hello
in dhcp reserve the ip of user and define the user to the ip in defension may avoide this problem

the sun
  •  
lukalexandre

Messages: 9
Karma: 0
Send a private message to this user
But this not resolve the problem of double login.
  •  
an2ny79

Messages: 109
Karma: 2
Send a private message to this user
[Using IP Reservation]
* Reserve IP..
* Create account
- Under domain template, choose "has individual config.."
- on 6th page, specify IP address (use the IP you reserved)
* Save


[Using Authentication Method]
* Make sure that they don't share password


Well, IP reservation method is better than Authentication. For better handling, you could use both method for an account.

  •  
lukalexandre

Messages: 9
Karma: 0
Send a private message to this user
Good! Thanks to all sugestions. But is not resolve the problem of double login. KERIO not implement this feature in next version ?
  •  
an2ny79

Messages: 109
Karma: 2
Send a private message to this user
If only they have MAC filtering corporated in user account, this could be attained, couldn't be?

I think this hasn't been fixed yet...
  •  
lukalexandre

Messages: 9
Karma: 0
Send a private message to this user
MAC Address can be changed easily by a hacker. I think the best solution for this problem of security is prevening the double login and linking the IP+MAC to user account. So, the user will can be access to internet by own pc and only put your login and password
an2ny79

Messages: 109
Karma: 2
Send a private message to this user
I was just curious and have just tried to change my laptop's MAC address to see what will happen...

Here's the fact:
- IP numbers of 2 subject computers (with the same MAC) collided
- As expected, KWF's DHCP issued the same IP number to both computers.
- Both computers can't connect to KWF, unless I turned off one.
- Logically, you can gain the same privilege / access of the target computer. Provided that target comp is not active.

Suggested Prevention
MAC alteration:
- Limit the workstation's privilege to explore the system.
Double Login:
- Prohibit MAC address alteration
- Prohibit workstation to change TCP/IP settings.
- Bind / check KWF Access Code .and. IP .and. MAC of connecting computer before allowing to pass thru.
- Be responsible for KWF Access code.

In this case, if user has the right code, but his IP or MAC isn't match, then user won't get access... or If user has the code and altered IP, but connect machine doesn't have the right MAC, then all will be in vain.

Currently, KWF hasn't fixed this double login yet. Anyway, I'll check some alternative on this.


Previous Topic: Outlook doesn't connect with incoming and out going mail server
Next Topic: Enabling SSH
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 09:58:35 CET 2017

Total time taken to generate the page: 0.00564 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.