Security Basics mailing list archives
Re: Web conferencing server and AD
From: Brent Huston <lbhlists () gmail com>
Date: Wed, 2 Jan 2008 14:15:09 -0500
Inline. --Brent Huston, CEO & Security Evangelist, MicroSolved, Inc. On Jan 2, 2008, at 12:43 PM, Dan Lynch wrote:
Your company has chosen to implement a web-based teleconferencing solution for all internal users, as well as outside vendors and such. The conferencing app runs on IIS on a "hardened" Windows server "appliance". Do you: A) install the box on the internal network B) install the box on a DMZ network C) install the box directly on the internet
C, if I have the capability to create a private, secure and monitored environment. B is second choice if I have to handle the ACL issues. For me, A would be a violation of our security policy - no access from the Internet directly to an internal resource.
The conferencing app allows meeting organizers to select invitees from alist that's built from your Active Directory. Do you, A) install the box as a member server and allow it to dynamically populate the list B) install the box as a standalone server and use LDAP to periodically connect to your domain controller and sync a user listC) install the box as a standalone server and periodically export a CSVlist from AD to manually import to the appliance
C would be my first choice, since it is the more secure approach and could be managed with a methodology to minimize the amount of data transferred to the outside and the complexity of firewall ACLs. I would, however, work on a method for automating this process using a push of specific data from inside to out using scripting/scheduling to remove the manual process resources required.
If those were not possible, then I would likely adopt B, once I performed an appropriate risk assessment and got proper upper management approvals on the identified and minimized accepted risks. ;-)
Thoughts? Dan Lynch, CISSP Information Technology Analyst County of Placer
Current thread:
- Web conferencing server and AD Dan Lynch (Jan 02)
- RE: Web conferencing server and AD Worrell, Brian (Jan 03)
- RE: Web conferencing server and AD Depp, Dennis M. (Jan 03)
- RE: Web conferencing server and AD Sam Hansen (Jan 03)
- Re: Web conferencing server and AD Brent Huston (Jan 03)
- <Possible follow-ups>
- Re: Web conferencing server and AD lucas (Jan 03)