RE: Running IIS locally - advice?

From: Raymond Brink (raymond@netlogics.nl)
Date: 10/02/01


From: "Raymond Brink" <raymond@netlogics.nl>
To: <focus-ms@securityfocus.com>
Subject: RE: Running IIS locally - advice?
Date: Tue, 2 Oct 2001 09:47:14 +0200
Message-ID: <21AE808EF7C8D311BE5A004F49063F410BCB0D@SERVĀĻ>

Exactly my opinion! Also consider the maintenance for the app you're
deploying an issue. What to do if some part of the app needs updating?
Central maintenance of applications is a key feature in distributed apps. If
there is a small posibility of running the app on a centralized well
maintained server and have them dialup to the network, you should!

Raymond Brink
PE NetLogics B.V.
Webdeveloper, MCSE

-----Original Message-----
From: Patrick Andry [mailto:pandry@wolverinefreight.ca]
Sent: maandag 1 oktober 2001 22:41
To: focus-ms@securityfocus.com
Subject: RE: Running IIS locally - advice?

I would be hesitant to deploy such an architecture. I know it seems easy,
but you are essentially giving up control of your network. Only you should
decide what services and where they are run, and all it takes is one guy to
use his laptop as a home pc to bring down your network. I had a pc that was
brought from an employees house brought into the office and hooked into our
network, and it took me 3 days to clean out the virus infestation, remove
the games from the pc's, delete the apps that burrowed into the systems, and
respond to all the e-mail from irate sysadmins. Although none of my users
were significantly affected, their e-mail boxes were full, the network
slowed to a tenth of the speed, and my servers complained because of all of
the stress.

We had a very similar choice, and chose a VPN solution to handle the road
warriors, anything that could be put into an access database was, and they
had to call into the office and have everyone else look up info they
couldn't get to. It is more of a headache for them, but it is less of a
headache for me. If the salesman want to plug a laptop in, I give it a
quick scan, update all the virus definitions (these guys can go for a month
without having to connect), and make sure that they aren't abusing the
equipment too badly. Users are a lot more responsible if you peek at what
they do every so often.

I don't know exactly how big your IT department is, or how centrally
located, but seriously consider other alternatives. Sometimes it's best to
go out and buy a package to do what you need, even if you can create one
yourself.

-----Original Message-----
From: Majid Almassari [mailto:majid@networkingmedia.org]
Sent: Monday, October 01, 2001 1:47 PM
To: dayseizer@excite.com; focus-ms@securityfocus.com
Subject: RE: Running IIS locally - advice?

Dazed,
you bring up a very good point? You got to bring your hole security policy
into light? For example what is your ingress firewall rules? can they hit
port 80? spoofing is not the issue if they can go right through your
firewall! Let say you installed a personal firewall then why you want to use
a web server that can only be accessed from local machine?

Majid Almassari