Based on one of our clients request we have implemented a similar solution.
Here are a couple of things that it becomes critical that you get right from
the beginning.
* The Active directory must in NO way be connected to the internal NT or AD
domain.
* The entire production environment must be self contained meaning
development can not occur on the production boxes.
* Minimal rule set in internet facing firewall i.e. 80 443 and 25 out.
* There must be an equally restrictive firewall between the MIS network and
the production site.
* Uninstall the front page extensions on the web exposed to the internet

Hope this helps

Jason D. Wallin, CISSP
Managing Partner
Synaptic Studio
Desk - 970 266-4430
Cell - 970 215-2840
Pager 9702152840mobile.att.net

-----Original Message-----
From: Happy Harry [mailto:happy_harry200hotmail.com]
Sent: Tuesday, December 18, 2001 3:19 AM
To: focus-mssecurityfocus.com
Subject: Active Directory+IIS

Hi There

I am looking for some information on running Active directory on an Internet
facing IIS box! The IIS box is sat behind Firewall 1, but the developers
wish to use Active directory to allow features on the web site.

Is this wise?

As the Firewall administrator I am seeing all the things you would expect
from a W2K domain controller (DNS etc)...

The set up is not currently connected to a live network so no production
equipment is exposed but the opportunity for defacement etc is something we
would rather avoid!!

Many thanks…..

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]