AD replication - IP site to site encryption?
From: sn0rt_y@hotmail.com
Date: 03/07/03
- Previous message: Paul Greene: "DisableIPSourceRouting registry key"
- Next in thread: Laura A. Robinson: "RE: AD replication - IP site to site encryption?"
- Reply: Laura A. Robinson: "RE: AD replication - IP site to site encryption?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: <sn0rt_y@hotmail.com> To: <focus-ms@securityfocus.com> Date: Fri, 7 Mar 2003 10:50:40 -0500
Good day -
There is a design being discussed of a Windows 2000 Native mode forest,
single domain, multiple sites with one DC in each site.
Each DC will be kept up to date on OS patches.
Replication between DC's will be over IP without a VPN, IPSEC on the servers
or LDAP over SSL.
A question is what type, if any, encryption will be used on the replication
traffic by default.
Kerberos authentication will by default be used but will I be able to sniff
the wire during replication and view say... password changes?
This info will be used to present a case for using W2K IPSEC DC-to-DC
communication, LDAP over SSL via certificates or a hardware VPN solution.
TIA
Sn0rt_y
- Previous message: Paul Greene: "DisableIPSourceRouting registry key"
- Next in thread: Laura A. Robinson: "RE: AD replication - IP site to site encryption?"
- Reply: Laura A. Robinson: "RE: AD replication - IP site to site encryption?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
