Jump to content

Should a w2k3 web server in the dmz be part of a domain?

Guest steve112

By Guest steve112
in Windows 2003 Server

 Share

Recommended Posts

Guest steve112

Guest steve112

Posted
Posted

What is best practice for this and why? My server is windows 2003 standard

edition and it is running .Net web applications on the internet. The

application performs authenitcation to one of two domains depending on the

user being authenticated.

  • Replies 2
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Leythos

Guest Leythos

Posted
Posted

Re: Should a w2k3 web server in the dmz be part of a domain?

 

In article <B39FD7DD-D781-4D6E-BA17-C567AE824B42@microsoft.com>,

steve112@discussions.microsoft.com says...

> What is best practice for this and why? My server is windows 2003 standard

> edition and it is running .Net web applications on the internet. The

> application performs authenitcation to one of two domains depending on the

> user being authenticated.

 

If it's a web server and you're doing domain authentication then you've

violated all the standards for security - if a user can domain validate

and reach your lan from the DMZ then you've screwed your security.

 

--

 

Leythos

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

Guest steve112

Guest steve112

Posted
Posted

Re: Should a w2k3 web server in the dmz be part of a domain?

 

Then are you saying the web server in the dmz should be in a work group

instead? The web application itself is authenticating users to AD?

 

"Leythos" wrote:

> In article <B39FD7DD-D781-4D6E-BA17-C567AE824B42@microsoft.com>,

> steve112@discussions.microsoft.com says...

> > What is best practice for this and why? My server is windows 2003 standard

> > edition and it is running .Net web applications on the internet. The

> > application performs authenitcation to one of two domains depending on the

> > user being authenticated.

>

> If it's a web server and you're doing domain authentication then you've

> violated all the standards for security - if a user can domain validate

> and reach your lan from the DMZ then you've screwed your security.

>

> --

>

> Leythos

> - Igitur qui desiderat pacem, praeparet bellum.

> - Calling an illegal alien an "undocumented worker" is like calling a

> drug dealer an "unlicensed pharmacist"

> spam999free@rrohio.com (remove 999 for proper email address)

>

 Share
Go to topic listing
×
×
  • Create New...