Should a w2k3 web server in the dmz be part of a domain?

  • Thread starter Thread starter steve112
  • Start date Start date
S

steve112

Guest
What is best practice for this and why? My server is windows 2003 standard
edition and it is running .Net web applications on the internet. The
application performs authenitcation to one of two domains depending on the
user being authenticated.
 
Re: Should a w2k3 web server in the dmz be part of a domain?

In article <B39FD7DD-D781-4D6E-BA17-C567AE824B42@microsoft.com>,
steve112@discussions.microsoft.com says...
> What is best practice for this and why? My server is windows 2003 standard
> edition and it is running .Net web applications on the internet. The
> application performs authenitcation to one of two domains depending on the
> user being authenticated.

If it's a web server and you're doing domain authentication then you've
violated all the standards for security - if a user can domain validate
and reach your lan from the DMZ then you've screwed your security.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)
 
Re: Should a w2k3 web server in the dmz be part of a domain?

Then are you saying the web server in the dmz should be in a work group
instead? The web application itself is authenticating users to AD?

"Leythos" wrote:

> In article <B39FD7DD-D781-4D6E-BA17-C567AE824B42@microsoft.com>,
> steve112@discussions.microsoft.com says...
> > What is best practice for this and why? My server is windows 2003 standard
> > edition and it is running .Net web applications on the internet. The
> > application performs authenitcation to one of two domains depending on the
> > user being authenticated.
>
> If it's a web server and you're doing domain authentication then you've
> violated all the standards for security - if a user can domain validate
> and reach your lan from the DMZ then you've screwed your security.
>
> --
>
> Leythos
> - Igitur qui desiderat pacem, praeparet bellum.
> - Calling an illegal alien an "undocumented worker" is like calling a
> drug dealer an "unlicensed pharmacist"
> spam999free@rrohio.com (remove 999 for proper email address)
>
 
Back
Top