RE: Web conferencing server and AD

["Sam Hansen" <Sam.Hansen () wwu edu>]

Assuming a thousand different people are going to have a thousand
different answers, heres my initial thoughts:

I would opt to install the box internally and limit service to it (acl's
etc..) to only that needed to perform its function.  Then I would set up
a port to be externally accessible supporting the function for your
remote clients.  I would also probably use ldap to periodically get
information from your dc, because it seems (at least initially) that is
what the application needs to do.  I suppose things could get much more
complicated depending on the specifics of your app, but I think that
would be a good starting point.

I am a beliver of seperation of duty and priviladge, and I think
limiting access to the box to exactly what you need is in good form.


Sam Hansen
Systems Administrator
Western washington Univ.


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Dan Lynch
Sent: Wednesday, January 02, 2008 9:44 AM
To: security-basics () securityfocus com
Subject: Web conferencing server and AD

Your company has chosen to implement a web-based teleconferencing
solution for all internal users, as well as outside vendors and such.
The conferencing app runs on IIS on a "hardened" Windows server
"appliance". 

Do you:

A) install the box on the internal network
B) install the box on a DMZ network
C) install the box directly on the internet

The conferencing app allows meeting organizers to select invitees from a
list that's built from your Active Directory. Do you,

A) install the box as a member server and allow it to dynamically
populate the list
B) install the box as a standalone server and use LDAP to periodically
connect to your domain controller and sync a user list
C) install the box as a standalone server and periodically export a CSV
list from AD to manually import to the appliance

Thoughts?


Dan Lynch, CISSP
Information Technology Analyst
County of Placer