Re: Is it possible to secure replication?

From: Steve Clark [MSFT] (bogus_at_microsoft.com)
Date: 12/10/04 

Date: Thu, 9 Dec 2004 15:08:05 -0800

Kerberos isn't the transport: RPC is.

You secure RPC with IPsec, not with Kerberos. Some versions of RPC are
encrypted using other mechanisms in their own right (such as Exchange
Server).

"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:ROMtd.159281$V41.27654@attbi_s52...
> Kerberos secures replication traffic for Active Directory including AD
> integreated dns zones and is very secure. You can also use Domain Security
> Policy to change kerberos policies as far as ticket lifetimes if you feel
> the need to secure it further at the expense of additional bandwidth and
> load on the domain controllers. Installing multiple nics on domain
> controllers is something to be avoided if possible anyhow as they end up
> being master browsers and other configuration headaches can occur. ---
> Steve
>
> http://www.windowsitlibrary.com/Content/617/06/toc.html -- more info on
> kereberos.
>
> "Jacques Koorts" <jkoorts@gmail.com> wrote in message
> news:10ren4v8prael4e@corp.supernews.com...
>>I have this idea, you add 2 network cards to each DC. One each using it to
>>connect to network, and the other to connect to each other. This linkl
>>between them you then use for replication making it very secured. Can this
>>be done and how?
>>
>
>

Relevant Pages

  • Re: Is it possible to secure replication?
    ... You secure RPC with IPsec, not with Kerberos. ... you add 2 network cards to each DC. ...
    (microsoft.public.windows.server.security)
  • Re: [Full-Disclosure] DCOM RPC exploit (dcom.c)
    ... users throats is grossly _un_professional. ... allow them to do their work in a secure manner. ... > I trivialize the belief that the problem is insurmountable and that not ... I'm not worried about outside RPC attacks. ...
    (Full-Disclosure)
  • Re: Avoid sending current credentials automatically over the network
    ... Windows has SSP's for Kerberos, NTLM, and Schannel. ... Windows will try to use the "most secure" first, ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • Re: transfer data (securely) within an protected network via RPC/SSL/...?
    ... program between client and server? ... Being secure is relative and defined by what you are ... The fact that Blaster used RPC doesn't have any bearing at all as to if traffic ... TCP/IP (but in general admin have to open ports firewall manually) ...
    (microsoft.public.win2000.networking)
  • Re: NFS Security Question
    ... Subject: NFS Security Question ... The first and older method is to use "Secure RPC" with AUTH_DH (sometimes ... If you use NIS+ rather than NIS they you already have all of the ... Kerberos is provided to RPC via RPCSEC_GSS. ...
    (Focus-SUN)
Quantcast