I have a winNT 4 file server (which is the PDC) and a win2k IIS5 server
(separate boxes). The IIS5 server needs to get at an MS access database and
some image files on the file server. However, I want to make this connection
as secure as possible. I've hardened the IIS server as much as possible and
applied all of the latest patches.

I've got the site up and running, but I had to make the IIS server a member
of the domain in order to map virtual directories on the file server from
the IIS server. Is there a way that I can set this up without making the IIS
server a member of the domain? Are there even obvious security risks
involved with making the IIS server a member of the domain, or am I just
being too paranoid?

Ultimately, I'd like to put a firewall between the IIS server and the file
server to restrict access to only what is absolutely necessary. Is there a
way that I can share these files without exposing the file server to netbios
security vulnerabilities (information gathering, username polling, etc) from
the IIS server? My initial thoughts on firewall rules are to deny everything
in both directions except the netbios port (139). Are there any other rules
that I should consider?

Thanks,
Kevin

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]