[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

LDAP queries from DMZ- What is best practice?

Posted on 2015-01-19
3
Medium Priority
?
1,243 Views
Last Modified: 2015-01-27
Hello,

Our network is divided into a DMZ and private networks.

We recently had a request to configure a server resting in the DMZ to allow for  LDAP query.

Given that there are security concerns here, what is the best practice to allow such queries?

Thanks,

Mark
0
Comment
Question by:mbudman
3 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 1000 total points
ID: 40558911
Using Secure LDAP and also having the appropriate firewall rules in place to only allow communication from specific hosts on the private network.

Will.
0
 
LVL 3

Assisted Solution

by:Rezwan Islam
Rezwan Islam earned 1000 total points
ID: 40563430
Will has pretty much dot pointed what needs to be done. You will need LDAPS and FW rules set up. I used couple of links below about a year ago to assist on a similar issue.

http://pcloadletter.co.uk/2011/06/27/active-directory-authentication-using-ldaps/
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Q_27831833.html
0
 
LVL 1

Author Closing Comment

by:mbudman
ID: 40572772
Thank you for your assistance.

Mark
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question