RE: [ActiveDir] IIS behind firewall

Tue, 05 Nov 2002 07:15:51 -0800

Title: Message

Can you point to specific documents that you consider helpful?  I'm especially interested in the last sentence (trusted to untrusted zones and AD).  How can I provide IIS -> AD authentication across the DMZ and feel that I have followed best security practices for that situation.

 

Any info pointers would be appreciated.

 

Ken

 

-----Original Message-----
From: Rick Kingslan [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 05, 2002 9:28 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] IIS behind firewall

 

By implementing one or more firewalls with either a screened subnet from one firewall or a DMZ implemented between two firewalls using stateful inspection, packet filtering and web/server publishing.  Anything less is asking for a major intrusion and compromise.  NAT is not even close to 'good enough' in this type of scenario.

 

Also - the IIS server(s) MUST be on the screened subnet or the DMZ - never on the internal networkif they are going to be accessed by untrusted systems.  It would also be highly suggested to review Microsoft/SANS/NSA guidelines for secure operations in this type of environment.  All three put out substantial and important documents detailing the lockdown procedures for Windows systems and secure communications from trusted to untrusted zones.

Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone


-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mr Teo
Sent: Tuesday, November 05, 2002 3:26 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] IIS behind firewall

Hi all

i am setting up a network under active directory. then my company is using

class c private adress. however the company also have a nat whoch hide the

network from the public. so how do i allow for e.g. all my staffs to host

their IIS by using the firewall?

__________________________________________________

Do you Yahoo!?

HotJobs - Search new jobs daily now



 

 

Reply via email to