Re: ISA Server & AD

Nope - they are using iCode as their backside (not entirely familiar with
its internals) for the e-commerce, but both web & database servers will be
behind the ISA firewall with HTTP & SSL published through the firewall.
Internal client internet access and mail will not be going through ISA - it
is only for VPN entrance from remote branch/user endpoint and secure web
publishing.

-----Original Message-----
From: Thor@xxxxxxxxxxxxxxx [mailto:Thor@xxxxxxxxxxxxxxx]
Sent: Thursday, August 02, 2001 3:06 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA Server & AD


http://www.ISAserver.org


My main concern with controllers as the web server is that they can also
easily (in many cases) be compromised as well.
Unicode, bufferoverruns, etc can expose the web server to remote exploit and
you are in the same boat.

Is the DB server on the Internet?  If not, then I would rather put it on
that guy than the web server.  At least a compromise will have to move
inside to get to the good stuff.

What is the DB engine?  SQL?  You can secure SQL pretty easily... Plus, the
SQL service can easily be run as guest, where inetinfo.exe is Local System.

AD



Other related posts: