On Thu, Sep 22, 2011 at 10:57, <[email protected]> wrote: > We are getting a new product to report variances. It is web-based but using > LDAP to authenticate users. The way it works is that a person can log a > variance anonymously but then directors can use their AD credentials to log > in and report their findings. > My issue is that they want my two LDAP servers (which are my dc's) to have a > public IP address. Even with ACL and security, I am very uncomfortable with > having my DC's be "visible" on the 'net. From past experience of scanning > my firewall logs, I know that a lot of times, hackers (or script kiddies) > just use a range of public IP's to scan for vulnerabilities. > Am I being unduly alarmist in my concern? Do other organizations attach a > public IP to their LDAP servers? > Thanks for any opinions you can give me. I have no problem going back to > the people involved and saying ' I was wrong.' OTOH, I also have no problem > telling them no way, you need to come up with a work around.
I don't think you're out of line in your concerns. I'd take a look at ADFS, or some similar technology. Having said that, I don't have any experience with this kind of thing, and would also advise you to do the appropriate research before taking my word that ADFS will solve your problem. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
