Subdomain security

From: Oren Held (oren_at_held.org.il)
Date: 12/16/04

  • Next message: dave kleiman: "RE: services running in windows domain (winXP clients)"
    To: focus-ms@securityfocus.com
    Date: Thu, 16 Dec 2004 01:24:00 +0200
    
    

    Hello,

    I have to install a *secure* windows domain inside an insecure network.
    This means that my domain will be behind a firewall ofcourse.

    Now, I've got two possibilities for the domain configuration:
    Option 1: My domain would actually be a subdomain inside the insecure
    forest.
    Option 2: Create a totally new forest.

    So, surely option #2 is more secure, but the management pushes to
    choosing option #1. so.. few questions about option #1:

    a. Which ports should be opened by the firewall in order for the
    subdomain to function well but be the most secure? Any references?

    b. Does an admin (a member of the Enterprise Admin group) from the
    root-domain have access to my subdomain? Can I prevent it at all?

    c. Do you know any networks that implement option #1 with a firewall and
    think they're quite secure from the other domains, or is it a totally
    twisted idea?

    Thanks a lot people,

     - Oren

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: dave kleiman: "RE: services running in windows domain (winXP clients)"

    Relevant Pages

    • Re: Need advice about hacking and security
      ... All of my email accounts - Hotmail, Yahoo, ... > Outlook also requires a lot of tweaking to secure it. ... In some states, there are laws with teeth, ... > You probably need a firewall to start. ...
      (comp.security.misc)
    • Re: What security package for SBS?
      ... I have a secure Windows network. ... I also have a secure MacMini and on occasion a secure Ubuntu. ... With a business class firewall stripping crap off all incoming traffic and properly implemented security policies in addition to giving your users absolutely no admin rights, there is no reason to believe you can't create a secure Microsoft Network. ...
      (microsoft.public.windows.server.sbs)
    • Re: Subdomain security
      ... Here is a small list of the ports that I am talking about - ... I have to install a *secure* windows domain inside an insecure network. ... This means that my domain will be behind a firewall ofcourse. ... My domain would actually be a subdomain inside the insecure ...
      (Focus-Microsoft)
    • Re: Firewall - Limit Geographic Area
      ... Firewall - Limit Geographic Area ... > times more secure than a Microsoft Windows machine can be). ... Redhat is conservative about what they release ... > - do not reuse passwords between your server and, say, random ...
      (RedHat)
    • Re: EARTHLINKHOMEPAGE
      ... Clean up and Secure your computer. ... Windows Update ... You should at least turn on the built in firewall. ... I see that AntiVirus software is an absolute necessity. ...
      (microsoft.public.windowsxp.newusers)