domain (active directory) machines accessible via web
I recently stumbled across customer machines (windows server) that were part of the customers active directory domain and also had IIS applications accessible for the www.
I only have the vague feeling that this is a bad idea. I am thinking of an attacker compromising a web application and then being able to read information from the customer companies active directory thus exposing e-mail addresses and group memberships. Following that path an organigramm could be constructed to provide information for further more tailored attacks or a DOS-attack via account lockouts.
I would have to convince management to change this (budget) if that even is a real problem. But I am having a hard time finding some good (or any that is) resources on that specific topic and why it is a bad practice. Maybe that concept even has its own name that I do not know?
Can some expert please help me out.
