Solved

LDAP queries from DMZ- What is best practice?

Posted on 2015-01-19
3
649 Views
Last Modified: 2015-01-27
Hello,

Our network is divided into a DMZ and private networks.

We recently had a request to configure a server resting in the DMZ to allow for  LDAP query.

Given that there are security concerns here, what is the best practice to allow such queries?

Thanks,

Mark
0
Comment
Question by:mbudman
3 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 250 total points
ID: 40558911
Using Secure LDAP and also having the appropriate firewall rules in place to only allow communication from specific hosts on the private network.

Will.
0
 
LVL 3

Assisted Solution

by:Rezwan Islam
Rezwan Islam earned 250 total points
ID: 40563430
Will has pretty much dot pointed what needs to be done. You will need LDAPS and FW rules set up. I used couple of links below about a year ago to assist on a similar issue.

http://pcloadletter.co.uk/2011/06/27/active-directory-authentication-using-ldaps/
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Q_27831833.html
0
 
LVL 1

Author Closing Comment

by:mbudman
ID: 40572772
Thank you for your assistance.

Mark
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now