Security Basics mailing list archives
RE: Web conferencing server and AD
From: "Sam Hansen" <Sam.Hansen () wwu edu>
Date: Wed, 2 Jan 2008 10:46:04 -0800
Assuming a thousand different people are going to have a thousand different answers, heres my initial thoughts: I would opt to install the box internally and limit service to it (acl's etc..) to only that needed to perform its function. Then I would set up a port to be externally accessible supporting the function for your remote clients. I would also probably use ldap to periodically get information from your dc, because it seems (at least initially) that is what the application needs to do. I suppose things could get much more complicated depending on the specifics of your app, but I think that would be a good starting point. I am a beliver of seperation of duty and priviladge, and I think limiting access to the box to exactly what you need is in good form. Sam Hansen Systems Administrator Western washington Univ. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Dan Lynch Sent: Wednesday, January 02, 2008 9:44 AM To: security-basics () securityfocus com Subject: Web conferencing server and AD Your company has chosen to implement a web-based teleconferencing solution for all internal users, as well as outside vendors and such. The conferencing app runs on IIS on a "hardened" Windows server "appliance". Do you: A) install the box on the internal network B) install the box on a DMZ network C) install the box directly on the internet The conferencing app allows meeting organizers to select invitees from a list that's built from your Active Directory. Do you, A) install the box as a member server and allow it to dynamically populate the list B) install the box as a standalone server and use LDAP to periodically connect to your domain controller and sync a user list C) install the box as a standalone server and periodically export a CSV list from AD to manually import to the appliance Thoughts? Dan Lynch, CISSP Information Technology Analyst County of Placer
Current thread:
- Web conferencing server and AD Dan Lynch (Jan 02)
- RE: Web conferencing server and AD Worrell, Brian (Jan 03)
- RE: Web conferencing server and AD Depp, Dennis M. (Jan 03)
- RE: Web conferencing server and AD Sam Hansen (Jan 03)
- Re: Web conferencing server and AD Brent Huston (Jan 03)
- <Possible follow-ups>
- Re: Web conferencing server and AD lucas (Jan 03)