Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: securing .NET

From: Mikael Olsson <mikael.olsson () clavister com>
Date: Wed, 02 Oct 2002 19:54:35 +0200

Shimon Silberschlag wrote:


Since all the servers in the various layers are members of a single
.NET AD domain, they need to "chat" extensively, using multiple
protocols. They can also use HTTP through SOAP etc.


I'm sorry to say it, but attempting to put up bulkheads between
different parts of an AD tree/forest is pretty much an exercise
in futility.  They all need to be allowed to talk SMB to a
domain/tree controller.  If an attacker is allowed to do _that_, 
you can basically assume "game over".

-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com

"Senex semper diu dormit"
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: