Re: Domain Controller and IIS, SQL Server or Exchange?

From: Kevin (ReplyTo_at_Newsgroups.only)
Date: 07/17/03

  • Next message: Jasper Smith: "Re: Issues with revoking rights to run xp_fileexist?" 
    Date: Wed, 16 Jul 2003 15:15:57 -0700

    >From a technical standpoint, I'd put your data stores on one (Exch/SQL) and
    your Applications (DC/IIS) on another

    >From a security standpoint, IIS shouldn't be on the DC no matter what, but I
    wouldn't be sleeping at night in any case if you have your application tier
    exposed to the internet not behind a firewall.

    "T_Squared" <t_squared33@yahoo.com> wrote in message
    news:69b75d0f.0307161128.2e533db4@posting.google.com...
    > jcochran.nospam@naplesgov.com (Jeff Cochran) wrote in message
    news:<3f1657e4.1994631929@msnews.microsoft.com>...
    > > You don't provide enough information to know. Is the IIS for internet
    > > or intranet? Is the system inside or outside your firewall? What
    > > kind of traffic, what types of applications, what is the hardware, how
    > > many users and mail accounts, etc.?
    > >
    > > From a security standpoint, put nothing on a DC. Especially outward
    > > facing. Plus there are issues with IIS on a DC where you have no
    > > local accounts and everything is a domain account.
    > >
    > > Jeff
    >
    > Thanks for the reply. The IIS is for an internet/intranet outside the
    > firewall (the company is working on a firewall implementation). YES,
    > it's bad I know, but around here other admins are faced with the same
    > dilemma. Many of them host either IIS, exchange or some other app on
    > one of their DC's - mainly due to budget restrictions.
    >
    > To finish answering your question, the applications are mostly
    > homegrown ASP. There are 25 users and 30 mail accounts. The Servers
    > are 4 Dell PowerEdge 2600, single Xeon 2.0 GHz Processor, with a
    > hardware RAID 5 configuration for data and a RAID 1 configuration for
    > system files and logs.
    >
    > You see my problem, I have 4 machines when I need 5 (2 DCS, 1 IIS, 1
    > Exchange and 1 SQL). I pretty much walked into this shop and now I
    > need to make it work.

  • Next message: Jasper Smith: "Re: Issues with revoking rights to run xp_fileexist?"

    Relevant Pages

    • Re: Report on services running
      ... two applications (These two applications may give you more than you knew you ... You should also empty your Internet Explorer Temporary Internet ... using Windows XP "prettifications". ... You should at least turn on the built in firewall. ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Intruders
      ... - Strong passwords for all your accounts - changed regularly. ... More full function applications for CD/DVD burning would be: ... Empty your Temporary Internet Files and shrink the size it stores to a ... Why you should use a computer firewall.. ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: spyware menace
      ... Immunize with the appropriate applications, ... or use an alternate browser, get that firewall turned on, use that antivirus ... You should also empty your Internet Explorer Temporary Internet ... ANTIVIRUS SOFTWARE ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Understanding Firewall-1 Configs
      ... You should not fear of an attack taking down the firewall, ... port 53 to the DNS server port 80 and ... >You are not able to ping the firewall from the Internet. ... >- -on port 80 to public ip address of IIS is NAT's to internal IP address of IIS ...
      (Security-Basics)
    • Re: Firewall question 1
      ... >>>without shutting down applications which are ... >>>course browsers) will firewall control the traffic ... >> disconnect from Internet ... > and reboot again. ...
      (comp.security.firewalls)