|
Focus on Microsoft
RE: IIS6 on W2k3 DCs Jan 19 2005 01:16PM Depp, Dennis M. (deppdm ornl gov) (2 replies) Re: IIS6 on W2k3 DCs Jan 19 2005 02:10PM Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa pacbell net) (2 replies) RE: IIS6 on W2k3 DCs Jan 21 2005 12:57AM Laura A. Robinson (laurarobinson verizon net) (1 replies) Re: IIS6 on W2k3 DCs Jan 21 2005 01:11AM Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa pacbell net) |
|
|
Privacy Statement |
> There's that checklist again :-)
>
> My sister's large entity that she works at, I'm sure does not put IIS
> on their DC... yet they allow any employee to click on any email
> attachment.
>
> Yeah... they don't have IIS on their DC....meet that security best
> practice all right.. but they've got a slightly bigger issue in my
> book [and have the virus infections and malware to prove it].
>
> All I'm saying is that I cringe when hearing "blanket statements".
> For the space that 99.9999999% of the folks on this list work in your
> statement is correct.
>
> For one wacko SBSer on this list, I still would argue that we can take
> the risk and so far with IIS 6, prove it on regular basis in the
> newsgroups.
The real - and AFAICS still unanswered - question here is: why would
anyone want a web server on his Domain Controller? Because if there
isn't a Damn Good Reason(tm) for it, increasing the attack surface would
be a pretty stupid thing to do. Checklist or not, one simply doesn't
install software to prove it can be done.
Regards
Ansgar Wiechers
--
"Those who would give up liberty for a little temporary safety
deserve neither liberty nor safety, and will lose both."
--Benjamin Franklin
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]