Welcome to ISAserver.org

Web Services and Authentication

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> DMZ >> Web Services and Authentication

Page: [1]

Message

<< Older Topic Newer Topic >>

Web Services and Authentication - 18.Aug.2004 10:46:00 PM

mountaindew

Posts: 7
Joined: 21.Jun.2004
From: MD
Status: offline

We have web services in our DMZ that need to authenticate to the AD in the protected network (PRO), and access a SQL DB in the PRO as well. With a single hardware firewall in place, we need to open IP pass through filters from the DMZ to the PRO so the web server can join the domain in order to authenticate web clients. In the future, it is likely that Sharepoint will also reside in the DMZ and will need to authenticate.

If we implement a solution placing ISA 2004 behind the hardware firewall, we can place servers that do not require authentication between the firewalls in DMZ-1, and hang another DMZ off of ISA to house the servers that require access to the protected side.

Question û what do we gain by adding ISA? You still have to open the ports between the DMZ and the PRO. If the server in the DMZ was to become compromised, which would require traversing the hardware solution (probably not that difficult), then traversing ISA, they would have access to the protected network. Does ISA do any extra filtering to a) prevent the server from becoming compromised, or b) prevent someone who has compromised the server from utilizing the tunnels into the PRO?