RE: Running IIS locally - advice?

From: Raymond Brink (raymond@netlogics.nl)
Date: 10/02/01


From: "Raymond Brink" <raymond@netlogics.nl>
To: <focus-ms@securityfocus.com>
Subject: RE: Running IIS locally - advice?
Date: Tue, 2 Oct 2001 09:47:14 +0200
Message-ID: <21AE808EF7C8D311BE5A004F49063F410BCB0D@SERVĀĻ>

Exactly my opinion! Also consider the maintenance for the app you're
deploying an issue. What to do if some part of the app needs updating?
Central maintenance of applications is a key feature in distributed apps. If
there is a small posibility of running the app on a centralized well
maintained server and have them dialup to the network, you should!

Raymond Brink
PE NetLogics B.V.
Webdeveloper, MCSE

-----Original Message-----
From: Patrick Andry [mailto:pandry@wolverinefreight.ca]
Sent: maandag 1 oktober 2001 22:41
To: focus-ms@securityfocus.com
Subject: RE: Running IIS locally - advice?

I would be hesitant to deploy such an architecture. I know it seems easy,
but you are essentially giving up control of your network. Only you should
decide what services and where they are run, and all it takes is one guy to
use his laptop as a home pc to bring down your network. I had a pc that was
brought from an employees house brought into the office and hooked into our
network, and it took me 3 days to clean out the virus infestation, remove
the games from the pc's, delete the apps that burrowed into the systems, and
respond to all the e-mail from irate sysadmins. Although none of my users
were significantly affected, their e-mail boxes were full, the network
slowed to a tenth of the speed, and my servers complained because of all of
the stress.

We had a very similar choice, and chose a VPN solution to handle the road
warriors, anything that could be put into an access database was, and they
had to call into the office and have everyone else look up info they
couldn't get to. It is more of a headache for them, but it is less of a
headache for me. If the salesman want to plug a laptop in, I give it a
quick scan, update all the virus definitions (these guys can go for a month
without having to connect), and make sure that they aren't abusing the
equipment too badly. Users are a lot more responsible if you peek at what
they do every so often.

I don't know exactly how big your IT department is, or how centrally
located, but seriously consider other alternatives. Sometimes it's best to
go out and buy a package to do what you need, even if you can create one
yourself.

-----Original Message-----
From: Majid Almassari [mailto:majid@networkingmedia.org]
Sent: Monday, October 01, 2001 1:47 PM
To: dayseizer@excite.com; focus-ms@securityfocus.com
Subject: RE: Running IIS locally - advice?

Dazed,
you bring up a very good point? You got to bring your hole security policy
into light? For example what is your ingress firewall rules? can they hit
port 80? spoofing is not the issue if they can go right through your
firewall! Let say you installed a personal firewall then why you want to use
a web server that can only be accessed from local machine?

Majid Almassari



Relevant Pages

  • Which modules, please?
    ... I am presently studying for an A+ in Repair ... and Maintenance and another in Network+. ... Will somebody please advice if these modules will count ...
    (microsoft.public.cert.exam.mcsa)
  • Re: ODBC Connection with SQL Managed Provider
    ... One thing to remember is when running application from a network share, ... > So it was our intent to put a lot of the "forms" into the main app. ... the odbc manager is no quicker than the odbc. ... >>> authorizing the user against a table in the SQL server database. ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: .NET new executable
    ... Since there is no network access avaialble, I want to send my app to each ... then you update the data into database. ... If all you are trying to do is send some data to your SQL server, ...
    (microsoft.public.dotnet.general)
  • Re: LISP for web
    ... Any large scale web app that is business critical is based on a few ... -> So you need at least two routers, two switches, two machines ... ... Load balancing is done based on content and on network traffic ...
    (comp.lang.lisp)
  • Re: Environment.CommandLine Security Exception
    ... installed on network drives and they typically don't ... require that users get into the details of security as ... believe an MS Office network install is a good example of ... >app from a *network* share. ...
    (microsoft.public.dotnet.security)