Subdomain security
From: Oren Held (oren_at_held.org.il)
Date: 12/16/04
- Previous message: Triantafyllidis Christos: "RE: services running in windows domain (winXP clients)"
- Next in thread: Laura A. Robinson: "RE: Subdomain security"
- Maybe reply: Richard_Gardner_at_rge.com: "Re: Subdomain security"
- Maybe reply: Devin Ganger: "RE: Subdomain security"
- Reply: Laura A. Robinson: "RE: Subdomain security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: focus-ms@securityfocus.com Date: Thu, 16 Dec 2004 01:24:00 +0200
Hello,
I have to install a *secure* windows domain inside an insecure network.
This means that my domain will be behind a firewall ofcourse.
Now, I've got two possibilities for the domain configuration:
Option 1: My domain would actually be a subdomain inside the insecure
forest.
Option 2: Create a totally new forest.
So, surely option #2 is more secure, but the management pushes to
choosing option #1. so.. few questions about option #1:
a. Which ports should be opened by the firewall in order for the
subdomain to function well but be the most secure? Any references?
b. Does an admin (a member of the Enterprise Admin group) from the
root-domain have access to my subdomain? Can I prevent it at all?
c. Do you know any networks that implement option #1 with a firewall and
think they're quite secure from the other domains, or is it a totally
twisted idea?
Thanks a lot people,
- Oren
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Triantafyllidis Christos: "RE: services running in windows domain (winXP clients)"
- Next in thread: Laura A. Robinson: "RE: Subdomain security"
- Maybe reply: Richard_Gardner_at_rge.com: "Re: Subdomain security"
- Maybe reply: Devin Ganger: "RE: Subdomain security"
- Reply: Laura A. Robinson: "RE: Subdomain security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
