Re: Looking for feedback on public website security config
- From: driley <driley@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 26 Jan 2008 13:38:00 -0800
Since the web server is a domain controller, there is no way to make local
accounts for IIS to run under. Unless you know of a way.
Thanks for the feedback.
"Anteaus" wrote:
"driley" wrote:.
We can isolate this machine and it is one of the steps that I am recommending.
That would be acceptable, though DMZ woudl be better.
Basically, agree with Roger on this one.
Might also add that there are two aspects to 'security' here. SSL and
certificates provide security for the Web user. The do nothing to protect
your other computers from attack should a vulnerability in the webserver be
exploited to gain control of it.
A key piece of protection here is to ensure that the account SIDs and
passwords which the webserver processes run under are different from any
domain useraccounts, or at least any with file-share rights. That way, the
webserver -even if compromised- cannot easily gain access to domain
file-shares.
- References:
- Re: Looking for feedback on public website security config
- From: Roger Abell [MVP]
- Re: Looking for feedback on public website security config
- From: driley
- Re: Looking for feedback on public website security config
- Prev by Date: Re: Live One Care anti virus
- Next by Date: Re: Removing Anti-Virus Software
- Previous by thread: Re: Looking for feedback on public website security config
- Next by thread: Re: Problem Signing Large MSI file
- Index(es):
Relevant Pages
|
