Is the "new product" cloud based or internal? If internal I can't see why you
would need your DCs/LDAP servers to be available to the public internet. If
cloud based just open up to the IP of the server in the cloud to allow
authentication.
And insist on LDAP over SSL.
al
--
Al Lilianstrom
CD/LSC/SOS/ES
[email protected]<mailto:[email protected]>
From: [email protected] [mailto:[email protected]]
Sent: Thursday, September 22, 2011 12:58 PM
To: NT System Admin Issues
Subject: LDAP\DC with a public IP
We are getting a new product to report variances. It is web-based but using
LDAP to authenticate users. The way it works is that a person can log a
variance anonymously but then directors can use their AD credentials to log in
and report their findings.
My issue is that they want my two LDAP servers (which are my dc's) to have a
public IP address. Even with ACL and security, I am very uncomfortable with
having my DC's be "visible" on the 'net. From past experience of scanning my
firewall logs, I know that a lot of times, hackers (or script kiddies) just use
a range of public IP's to scan for vulnerabilities.
Am I being unduly alarmist in my concern? Do other organizations attach a
public IP to their LDAP servers?
Thanks for any opinions you can give me. I have no problem going back to the
people involved and saying ' I was wrong.' OTOH, I also have no problem
telling them no way, you need to come up with a work around.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to
[email protected]<mailto:[email protected]>
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
