Well one of the things that cropped up during the review of the product is that staff want to be able to work from home.. Guess what, this wans’t in the original spec which stated that the application should be secure and only allow certain users access to certain functions. We also decided to hire ot security vendors and keep the online security tight.
Well to keep things simple, we decided to use LDAP queries to confirm user name against Active Directory groups. These work simply and efficiently across the network and doesn’t cause a problem. Now, introduce a home user, connected on his own Broadband connection via a VN tunneling application.
I can telnet to my AD servers on the LDAP port and I can telnet to the SQL server on 1433, What I can’t do is an LDAP DNS query to the internal server address because this goes off to my own broadband Providers DNS!
The Netmon traces show DNS queries for our domain, so need to find a way to intercept these with the Secure Application Manager to send them down the VPN, rather than allow them out to the internet.
As ever.. Watch this space.
