Re: NewBie ASP.NET on a PDC securiy sugestions
From: Willy Denoyette [MVP] (willy.denoyette@pandora.be)
Date: 11/11/02
- Next message: Willy Denoyette [MVP]: "Re: I get "Access is denied" when I try to instantiate remotely a DCOM component"
- Previous message: Arild Bakken: "Re: I get "Access is denied" when I try to instantiate remotely a DCOM component"
- In reply to: Rob Dob: "Re: NewBie ASP.NET on a PDC securiy sugestions"
- Next in thread: Rob Dob: "Re: NewBie ASP.NET on a PDC securiy sugestions"
- Reply: Rob Dob: "Re: NewBie ASP.NET on a PDC securiy sugestions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Willy Denoyette [MVP]" <willy.denoyette@pandora.be> Date: Mon, 11 Nov 2002 20:21:45 +0100
Not sure what you are using the DC, for instance I have no idea about the size of the domain it is serving expressed in number of AD
objects (users, OU etc.) and the number of registered records in the DNS namespace, but you should keep in mind that a DC has a
dedicated purpose and it looks like you only have a single DC in your domain, which means it's a single point of failure, which is
equally bad as running services like SQL, IIS etc on it.
Another question to be answered is "do you really need a DC to run your internet application/web services?" I personally don't think
so.
But If the answer is YES, I would suggest you consider to separate the DC from the application/Web server, a entry level PC can be
used as a DC (PII 300Mhz - 128Mb,4 GB disk - preferably two of them), and secure the connection between both entities at a maximum.
Willy.
"Rob Dob" <robdob20022001@yahoo.com> wrote in message news:ej5dUjZiCHA.716@tkmsftngp11...
> Hi,
>
> thank you, this is going to be run on the internet.., are you saying that
> I should have two machines, one DC and another Stand Alone Server. are
> should I just demote my DC. and just use the one machine... my DC is
> currently running DNS, Mail, and SQL.. I hate the thought of demoting my DC
> and then running the risk of losing all my active directory info, dns
> ect.... On the other hand I'm co locating so if I need to put another box
> in then I will have to spend twice the money.. Any/all sugggestions would be
> greatly appreciated..
>
> Rob...
> P.S. : I'm running W2K Server
>
> "Willy Denoyette [MVP]" <willy.denoyette@pandora.be> wrote in message
> news:OnhU1fXiCHA.4228@tkmsftngp08...
> > The problem is that when running IIS on a DC, you run security sensitive
> application services (your Actice Directory, Logon Service,
> > LSA etc.) and a security vulnerable applications IIS/ASP/ASP.NET on the
> same box, the result is that a logged on user doesn't need
> > network credentials to access the security services, when running them on
> separate boxes it't much easier to secure the DC from
> > unauthorized access.
> > Now it depends what kind of applications you are running and to whom they
> are exposed (Intranet/Internet).
> > In general it's a very bad idea to do so on the internet, but be carefull,
> also bad guy's are lurking on an intranet.
> >
> > Willy.
> >
> > "Rob Dob" <robdob20022001@yahoo.com> wrote in message
> news:OkLm5fQiCHA.4228@tkmsftngp08...
> > > Hi,
> > >
> > > the only reason I wanted to demote was because of security issues while
> > > running ASP.NET on a PDC, I would much prefer to iron out the security
> > > issues. Is there a workaround for these PDC/ ASPX.net security issues,
> I
> > > heard they were a bug but microsoft has already releases SP2 of the
> > > framework and still haven't addressed this. In otherwards what I am
> asking
> > > is can I safely run asp.net on a PDC?
> > >
> > > thanks, ..
> > >
> > >
> > > "Willy Denoyette [MVP]" <willy.denoyette@pandora.be> wrote in message
> > > news:Ots6dRBiCHA.3752@tkmsftngp08...
> > > > YES, you can demote a DC supposed it's a W2K DC, but why would you do
> this
> > > as you throw away your W2K Domain.
> > > >
> > > > "Rob Dob" <robdob20022001@yahoo.com> wrote in message
> > > news:OlzWmBAiCHA.1800@tkmsftngp09...
> > > > >
> > > > > Hi,
> > > > >
> > > > > I have a question, I have ONE computer, it is a Windows 2000
> Server,
> > > PDC
> > > > > and is running ASP.NET. I have heard about a bug within the system
> > > where
> > > > > you have to run asp.net as user=SYSTEM. When I do this everything
> runs
> > > > > fine, but from what I hear there are serious security issues with
> > > running
> > > > > ASP.NET on a PDC. What are my options.. Do/can I demote my server,
> > > what
> > > > > if anything can I.
> > > > >
> > > > > thanks, rob..
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: Willy Denoyette [MVP]: "Re: I get "Access is denied" when I try to instantiate remotely a DCOM component"
- Previous message: Arild Bakken: "Re: I get "Access is denied" when I try to instantiate remotely a DCOM component"
- In reply to: Rob Dob: "Re: NewBie ASP.NET on a PDC securiy sugestions"
- Next in thread: Rob Dob: "Re: NewBie ASP.NET on a PDC securiy sugestions"
- Reply: Rob Dob: "Re: NewBie ASP.NET on a PDC securiy sugestions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
