Website & AD Authentication

15 Nov 2006 4:56 PM

Taylor

Our web developer want employees to be able to use their Active Directory
credentials to login to the Employees Only section of our internet website.
The website is hosted off-site and there is no restriction on who could make
an attempt to access the employee section of the site.

It has been proposed that a firewall exception be created allowing a single
IP (the off-site host) to access Active Directory. My initial reaction is
"no way". How much of a security threat is this?

15 Nov 2006 8:45 PM

Graham Mandeno

That's an interesting question, but I doubt you'll get an answer here. This
newsgroup is for questions relating to security in Access, the database
development component of Microsoft Office.

You might like to try another newsgroup - either
microsoft.public.inetserver.iis.security
or
microsoft.public.windows.server.security

--
Good Luck!

Graham Mandeno [Access MVP]
Auckland, New Zealand

Show quoteHide quote

"Taylor" <Tay***@discussions.microsoft.com> wrote in message
news:58D6BFD2-9A16-47D7-975C-B08392E1527A@microsoft.com...
> Our web developer want employees to be able to use their Active Directory
> credentials to login to the Employees Only section of our internet
> website.
> The website is hosted off-site and there is no restriction on who could
> make
> an attempt to access the employee section of the site.
>
> It has been proposed that a firewall exception be created allowing a
> single
> IP (the off-site host) to access Active Directory. My initial reaction is
> "no way". How much of a security threat is this?

15 Nov 2006 8:51 PM

Taylor H.

Thank you.

Show quoteHide quote

"Graham Mandeno" wrote:

> That's an interesting question, but I doubt you'll get an answer here. This
> newsgroup is for questions relating to security in Access, the database
> development component of Microsoft Office.
>
> You might like to try another newsgroup - either
> microsoft.public.inetserver.iis.security
> or
> microsoft.public.windows.server.security
> --
> Good Luck!
>
> Graham Mandeno [Access MVP]
> Auckland, New Zealand
>
> "Taylor" <Tay***@discussions.microsoft.com> wrote in message
> news:58D6BFD2-9A16-47D7-975C-B08392E1527A@microsoft.com...
> > Our web developer want employees to be able to use their Active Directory
> > credentials to login to the Employees Only section of our internet
> > website.
> > The website is hosted off-site and there is no restriction on who could
> > make
> > an attempt to access the employee section of the site.
> >
> > It has been proposed that a firewall exception be created allowing a
> > single
> > IP (the off-site host) to access Active Directory. My initial reaction is
> > "no way". How much of a security threat is this?
>
>
>

16 Nov 2006 11:32 AM

david

"Taylor" <Tay***@discussions.microsoft.com> wrote in message
news:58D6BFD2-9A16-47D7-975C-B08392E1527A@microsoft.com...
> Our web developer want employees to be able to use their Active Directory
> credentials to login to the Employees Only section of our internet
website.
> The website is hosted off-site and there is no restriction on who could
make
> an attempt to access the employee section of the site.
>
> It has been proposed that a firewall exception be created allowing a
single
> IP (the off-site host) to access Active Directory. My initial reaction is
> "no way". How much of a security threat is this?

It's designed to work that way. Not all companies have all their employees
at the one site. Microsoft, for example, has Active Directory servers
located
around the world, connected to each other. Microsoft also uses firewalls,
and the servers communicate with each other through the firewalls.

There are several different ways of authenticating against a remote server,
and perhaps you should find out more about what your developers have
in mind? I myself authenticate against a remote AD server frequently: I need
to do so whenever I open a VPN.