RE: Active Directory+IIS

• Previous message: Taylor, Gord: "Automating URLScan installation"
• In reply to: Happy Harry: "Active Directory+IIS"
• Next in thread: Mark Medici: "RE: Active Directory+IIS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Jason Wallin" <jasonw@synapticstudio.com>
To: <focus-ms@securityfocus.com>, "Happy Harry" <happy_harry200@hotmail.com>
Date: Tue, 18 Dec 2001 09:52:32 -0700

Based on one of our clients request we have implemented a similar solution.
Here are a couple of things that it becomes critical that you get right from
the beginning.
* The Active directory must in NO way be connected to the internal NT or AD
domain.
* The entire production environment must be self contained meaning
development can not occur on the production boxes.
* Minimal rule set in internet facing firewall i.e. 80 443 and 25 out.
* There must be an equally restrictive firewall between the MIS network and
the production site.
* Uninstall the front page extensions on the web exposed to the internet

Hope this helps

Jason D. Wallin, CISSP
Managing Partner
Synaptic Studio
Desk - 970 266-4430
Cell - 970 215-2840
Pager 9702152840@mobile.att.net

-----Original Message-----
From: Happy Harry [mailto:happy_harry200@hotmail.com]
Sent: Tuesday, December 18, 2001 3:19 AM
To: focus-ms@securityfocus.com
Subject: Active Directory+IIS

Hi There

I am looking for some information on running Active directory on an Internet
facing IIS box! The IIS box is sat behind Firewall 1, but the developers
wish to use Active directory to allow features on the web site.

Is this wise?

As the Firewall administrator I am seeing all the things you would expect
from a W2K domain controller (DNS etc)...

The set up is not currently connected to a live network so no production
equipment is exposed but the opportunity for defacement etc is something we
would rather avoid!!

Many thanks…..

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.

• Previous message: Taylor, Gord: "Automating URLScan installation"
• In reply to: Happy Harry: "Active Directory+IIS"
• Next in thread: Mark Medici: "RE: Active Directory+IIS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Restrict All Internet Access except one web site ... Sounds like you are already utilizing a firewall with a defined address block ... to restrict Internet access for these 20 users. ... Active Directory is not the place to control Internet ... (microsoft.public.windowsxp.security_admin) Re: Bandwidth Hogging by server communication... ... Active Directory Replication Events During Scheduled Available Windows ... software found on the Internet, and Microsoft cautions you to make sure ... | Subject: Re: Bandwidth Hogging by server communication... ... | -> Internet connection is through a Netscreen Firewall, ... (microsoft.public.win2000.networking) As seen today - WAS: How long until IT employment vanishes ? ... > the cornerstone of free trade, is being thwarted by the international ... > mobility of factors of production... ... > Technology jobs. ... The Internet, out-sourcing, and offshore ... (comp.os.vms) Re: User List from Active Directory, even if IIS is NOT in the domain? ... if the intranet web was isolated to protect ... in our Active Directory, and have internet access. ... and a combination of windows auth & basic auth. ... (microsoft.public.inetserver.iis.security) HOW TO SETUP DNS PDC DUAL-HOMED - WIN2003 ... I get network connectivity; such as sharing files, ... but when it comes time to dealing with active directory, ... PDC, due to DNS. ... - has static IP to public domain on internet ... (microsoft.public.win2000.dns)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint