Subdomain security
From: Scott Mulcahy (scottcm-secfocus_at_hotmail.com)
Date: 12/17/04
- Previous message: Zack Schiel: "RE: services running in windows domain (winXP clients)"
- Next in thread: Richard_Gardner_at_rge.com: "Re: Subdomain security"
- Maybe reply: Richard_Gardner_at_rge.com: "Re: Subdomain security"
- Maybe reply: Devin Ganger: "RE: Subdomain security"
- Maybe reply: Wim_Remes_at_msp.be: "Re: Subdomain security"
- Maybe reply: Renouf, Phil: "RE: Subdomain security"
- Maybe reply: Renouf, Phil: "RE: Subdomain security"
- Maybe reply: Wim_Remes_at_msp.be: "RE: Subdomain security"
- Maybe reply: Renouf, Phil: "RE: Subdomain security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: focus-ms@securityfocus.com Date: Thu, 16 Dec 2004 23:54:01 +0000
>a. Which ports should be opened by the firewall in order for the
subdomain to function well but be the most secure? Any references?
Take a look at Windows Server 2003 Security guide. It contains and IPSec
filter for domain controllers that details the ports and protocols. There's
also this article
http://www.microsoft.com/serviceproviders/columns/config_ipsec_P63623.asp
titled "Active Directory Replication over Firewalls". The article discusses
the options, including how to restrict RPC port ranges so you can avoid
opening everything > 1024.
Microsoft's "Threats and Countermeasures" might also have some information.
>b. Does an admin (a member of the Enterprise Admin group) from the
root-domain have access to my subdomain? Can I prevent it at all?
I'm fairly certain that an enterprise admin can get admin privs anywhere in
the forest.
_________________________________________________________________
Don’t just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Zack Schiel: "RE: services running in windows domain (winXP clients)"
- Next in thread: Richard_Gardner_at_rge.com: "Re: Subdomain security"
- Maybe reply: Richard_Gardner_at_rge.com: "Re: Subdomain security"
- Maybe reply: Devin Ganger: "RE: Subdomain security"
- Maybe reply: Wim_Remes_at_msp.be: "Re: Subdomain security"
- Maybe reply: Renouf, Phil: "RE: Subdomain security"
- Maybe reply: Renouf, Phil: "RE: Subdomain security"
- Maybe reply: Wim_Remes_at_msp.be: "RE: Subdomain security"
- Maybe reply: Renouf, Phil: "RE: Subdomain security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
