RE: Local Account Vs Domain Account
From: Petta, Tony (Tony.Petta_at_usa.xerox.com)
Date: 01/20/04
- Previous message: Harbar, Spencer: "RE: Encrypt data - SQL Server 2000"
- Maybe in reply to: Leon, Mauricio (Toronto): "Local Account Vs Domain Account"
- Next in thread: thalm: "RE: Local Account Vs Domain Account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 20 Jan 2004 13:42:15 -0500 To: "'Leon, Mauricio (Toronto)'" <Mauricio.Leon@WatsonWyatt.com>, "'focus-ms@securityfocus.com'" <focus-ms@securityfocus.com>
If the component or application only runs on one machine, there may be an
advantage to using a local account rather than a domain account from a
performance standpoint. A local account is authenticated by the security
database on that machine, not on a domain controller which may not be the
same machine.
From a security standpoint, the answer depends on the security of the domain
and its structure versus the security of the local machine. A local machine
can be locked up physically and logically hardened much more than a domain
controller which may need to be used by many individuals and thus needs to
be accessed over the network by many. Even though a domain controller can
also be physically locked up, evildoers will seek them out much more often
than a local machine, whose location and address may possibly be kept more
private.
Of course if many people are using the application, leaving authentication
to only the local machine may causes problems which can be resolved by a
domain account, which can be authenticated over several controllers to
balance workload.
Encryption of account information (password) and authentication traffic will
more likely be able to be strong on a local machine than a domain controller
which may have to accept less encrypted traffic, too.
I'm sure others will contribute more to your question, but the answer is
like many other security questions, it all depends on your circumstances and
risk you need to accept/mitigate.
Tony Petta, CISSP, MCSE, CNA
EDS/Xerox Global Information Assurance
-----Original Message-----
From: Leon, Mauricio (Toronto) [mailto:Mauricio.Leon@WatsonWyatt.com]
Sent: Tuesday, January 20, 2004 10:00 AM
To: focus-ms@securityfocus.com
Subject: Local Account Vs Domain Account
If you have to install a component or an application that runs using an
account , what are the disadvantages/risks (from security standpoint)of
using a Domain Account instead of a Local Account and vice versa.
Mauricio
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Harbar, Spencer: "RE: Encrypt data - SQL Server 2000"
- Maybe in reply to: Leon, Mauricio (Toronto): "Local Account Vs Domain Account"
- Next in thread: thalm: "RE: Local Account Vs Domain Account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
