Re: [fw-wiz] securing .NET
From: Mikael Olsson (mikael.olsson@clavister.com)
Date: 10/02/02
- Next message: Gary Flynn: "[fw-wiz] SANS Top Ten and Commercial Firewalls"
- Previous message: Ryan M. Ferris: "Re: [fw-wiz] Too Paranoid?"
- In reply to: Shimon Silberschlag: "[fw-wiz] securing .NET"
- Next in thread: Bruce Platt: "RE: [fw-wiz] Netscreen email logging"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Mikael Olsson <mikael.olsson@clavister.com> To: Shimon Silberschlag <shimons@bll.co.il> Date: Wed Oct 2 15:53:01 2002
Shimon Silberschlag wrote:
>
> Since all the servers in the various layers are members of a single
> .NET AD domain, they need to "chat" extensively, using multiple
> protocols. They can also use HTTP through SOAP etc.
I'm sorry to say it, but attempting to put up bulkheads between
different parts of an AD tree/forest is pretty much an exercise
in futility. They all need to be allowed to talk SMB to a
domain/tree controller. If an attacker is allowed to do _that_,
you can basically assume "game over".
-- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com "Senex semper diu dormit"
- Next message: Gary Flynn: "[fw-wiz] SANS Top Ten and Commercial Firewalls"
- Previous message: Ryan M. Ferris: "Re: [fw-wiz] Too Paranoid?"
- In reply to: Shimon Silberschlag: "[fw-wiz] securing .NET"
- Next in thread: Bruce Platt: "RE: [fw-wiz] Netscreen email logging"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
