Re: Ideas on deferring authentication?
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 06/25/05
- Previous message: Paul J. Landry: "Re: IIS/Windows Permissions/Rights"
- In reply to: rgutter_at_bctf.ca: "Re: Ideas on deferring authentication?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 24 Jun 2005 18:38:51 -0700
I do not think moving confidential documents into the internal network and
then drilling a hole through the firewall offers any additional protection
in your setup.
If the DMZ host is compromised, then the attacker can assume any identity
from that host, including the very identity that can pass through the hole
you drilled into your internal network. So, your document is not any better
"protected". Physical networking does not offer protection if you drill a
hole through it.
Furthermore, since you use Basic authentication, the user identity is
intrinsically delegated, so Windows cannot offer any protection to prevent
identity from a compromised server from hopping off the box onto your
network.
And since you drill a hole through the firewall, your internal network is
essentially exposed to the DMZ.
So, I simply do not see how moving documents into the internal network and
using pass-through UNC authentication to access the data helps to secure
that document nor remove information leakage. To me, opening that hole to
the internal network opens you up for information leakage and does not help
security one bit.
To me, you want to use built-in Windows technology like Kerberos,
constrained delegation, and NT ACLs to secure your resources such that even
by drilling a hole in the firewall, you can appropriately constrain the
identities and servers that one can access through the hole. I realize basic
and custom authentication are easier to implement and customize, but you
need to realize their weaknesses, assess your risk potential, and then
decide on an implementation.
-- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // <rgutter@bctf.ca> wrote in message news:1119573085.795811.271720@g43g2000cwa.googlegroups.com... Putting confidential data on the inside serves two purposes: one, since a host on the DMZ is more likely to be compromised than one on the internal network, it better protects the documents themselves; two, it means that the domain itself can be contained within the internal network, protecting against attempts to retrieve domain-based information. But since I have to give some external users (with domain accounts) access to that data, I do have to drill a hole in the firewall. So the question is whether the change above is worthwhile or wrong-headed.
- Previous message: Paul J. Landry: "Re: IIS/Windows Permissions/Rights"
- In reply to: rgutter_at_bctf.ca: "Re: Ideas on deferring authentication?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
