 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / IIS / IIS Security / February 2006IIS 5 belonging to domain?
What are the security risks with a webserver having one nic into the dmz on the firewall and the other nic into the production network, with the webserver belonging to the domain, but logged on locally at all times. I am assuming that in order to get it to retrieve the info from a msde database on a production server (not a dc) that this it will need to be joined to the domain? Webserver is and will remain fully patched and will have SAV Corp Ed v10 installed with IIS lockdown tool and urlscan configured. There is no requirement that the IIS and MSDE boxes by in the same domain in order to communicate. a) You can use SQL Server authN rather than Windows AuthN to connect MSDE (you need to set a reg key to switch MSDE to Mixed Mode, or you can use Enterprise Manager if you have that available somewhere) b) You can use pass-through authN if you have NTLM enabled on your LAN. Just configure two local accounts (one on the IIS box, and one other MSDE box). Give each account the same name and password. See: http://www.microsoft.com/technet/community/columns/insider/iisi1005.mspx#EYB Cheers Ken : What are the security risks with a webserver having one nic into the dmz on : the firewall and the other nic into the production network, with the [quoted text clipped - 6 lines] : Webserver is and will remain fully patched and will have SAV Corp Ed v10 : installed with IIS lockdown tool and urlscan configured. |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2010 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.