Re: ISA Server & AD

My main concern with controllers as the web server is that they can also
easily (in many cases) be compromised as well.
Unicode, bufferoverruns, etc can expose the web server to remote exploit and
you are in the same boat.

Is the DB server on the Internet?  If not, then I would rather put it on
that guy than the web server.  At least a compromise will have to move
inside to get to the good stuff.

What is the DB engine?  SQL?  You can secure SQL pretty easily... Plus, the
SQL service can easily be run as guest, where inetinfo.exe is Local System.

AD

----- Original Message -----
From: "Paul Nuernberger" <pen@xxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, August 02, 2001 11:04 AM
Subject: [isalist] Re: ISA Server & AD


> http://www.ISAserver.org
>
>
> This was my assumption but felt it best to ask the experts.  What about
> using his IIS W2k server (behind firewall) as the AD primary.  It won't be
a
> high-traffic site, but will be doing e-commerce.  They do not have the
> budget to install a fourth W2k server, and the only remaining choices are
> either the web server or the database server (which I assume to be a worse
> choice than the web server).
>
> -----Original Message-----
> From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
> Sent: Thursday, August 02, 2001 12:18 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: ISA Server & AD
>
> Placing your domain controller at the edge of the network is just asking
for
> trouble.  There's no such thing as the perfect firewall (as you probably
> know) and there are just too many people out there trying to get in to
risk
> placing the core of your network that close to them.
>
> Jim Harrison
> MCP(2K), A+, Network+, PCG
>
>
> ----- Original Message -----
> From: "Paul Nuernberger" <pen@xxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Thursday, August 02, 2001 09:35
> Subject: [isalist] ISA Server & AD
>
>
> http://www.ISAserver.org
>
>
> A customer wants to run ISA Server on the same W2k server that is his AD
> primary controller.
>
> I've not found any direct information re: this issue. Can anyone on the
> list point out the various pro's & cons of doing this ?
>
> I'm still on the front side of the learning curve of ISA Server (run lots
> of *nix firewalls), so any help is greatly appreciated.  I already use (&
> rely heavily upon) isaserver.org - super useful site.
>
> Paul Nuernberger
> Manager
> BARON Computers Inc.
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> pen@xxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
thor@xxxxxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')


Other related posts: